- Name and contact details of our organisation
- How we collect this information
- What information do we collect from you?
- What we process personal information about?
- The lawful Basis for the processing
- Why do we collect this information?
- Who might we share your information with?
- Safeguarding Measures
- How long do we keep hold of your information?
- CCTV for crime prevention
- You have the following rights
- How the NHS and care services use your information and the national data opt out policy
- How to contact us
We are committed to protecting and respecting your privacy.
We are committed to protecting your privacy and take this responsibility very seriously. We therefore take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
UK Data Protection Laws require us to manage all personal information in accordance with the Data Protection Principles. In particular, we are required to process your personal information fairly, lawfully and in a transparent manner. This means that you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide the product or service that you require. All our employees are responsible for maintaining customer confidentiality.
Cotswold Eye Care Centre Ltd (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
We process personal information to enable us to provide healthcare services to our patients, maintain our own accounts and records, and to support and manage our employees promote and advertise our services.
1 Name and contact details of our organisation
Cotswold Eye Care Centre Ltd.
High Street, Winchcombe, GLOS, GL54 5LJ
Tel 01242 604654 Fax 01242 604001
The practice is registered with the Information Commissioner. Registration No. ZA105272
2 How we collect this information
When you communicate with us in person, on the telephone, through emails, faxes and post. If we obtain personal data from other sources, we must provide individuals with privacy information within a reasonable period of obtaining their data (no longer than a month)
3 What information do we collect from you?
- NHS number
- Billing Address
- Delivery address
- Date of birth
- Phone number (s)
- Email addresses
- Family details
- Goods and services
- Financial details
- Education and employment details
- Lifestyle and social circumstances
Special category data
- Health information
4 What we process personal information about?
- Suppliers and service providers
- Consultants and other personal experts
5 The lawful Basis for the processing
- Patient personal records – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject (Note that this condition is not available to processing carried out by public authorities in the performance of their tasks).
- Processing patient health records – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional
- Staff records – contract
- Direct marketing purposes – consent
6 Why do we collect this information?
- To handle orders
- Communicate with you about your orders or a service you have taken with us
- Deliver products and services
- Process payments
- Fulfil our legal obligations to the NHS or similar bodies
- For statistical analysis
- If you agree, contact about offers of other products and services we provide
7 Who might we share your information with?
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law.
We seek permission before transferring personal information except in some cases where it is to another healthcare professional responsible for patient care and who needs that information to assist in patient care or where we are legally required not to.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Cotswold Eye Care Centre Ltd uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Care Check – Disclosure and Barring Service
Care Check is the company we use to do the DBS checks on our Opticians. They provide the processing of all levels of DBS checks, all information collected within the DBS application form is shared with them.
GoCardless provides services that help merchants process payments for their goods or services, we use them for our Direct Debit scheme
Direct marketing after consent is given by the patient
Optinet Flex is our patient management software company and the company provides the IT support to make sure all is working correctly
Optomanager is a web-based platform developed by Cegedim RX used by practice staff when delivering extended primary care services to the public (eg to send certain referrals onto the Hospital). It allows practitioners to record real-time patient information for appropriate clinical management across a suite of care modules. Data from OptoManager is also aggregated into the LOCSU and Central Optical Fund funded Data Repository to provide national clinical outcomes for research analysis purposes.
Primary Care Support England
Thomson Screening takes protection of your data very seriously, it is used to link up School Screening for children with Cotswold Eye Care Centre Ltd. The information that we enter into the system is held on their secure servers. These are only accessible to us and the user we create. The servers themselves are based in the UK so no data is transmitted overseas. Thomson Screening’s SchoolScreener software is used by the NHS and meets the NHS’s strict Information Governance requirements. Thomson Screening’s compliance with the NHS’s requirements are audited regularly.
We also might share with:
- Healthcare professionals
- Social and welfare organisations
- Central government
- Family, associates and representatives of the person whose personal data we are processing when given permission from the patient
- Suppliers and service providers
- Financial organisations
- Current, past or prospective employers
- Educators and examination bodies
8 Safeguarding Measures
Cotswold Eye Care Centre Ltd takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –measures such as SSL, TLS, encryptions, pseudonymisation, restricted access, IT authentication, firewalls, anti-virus/malware
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
9 How long do we keep hold of your information?
- All records are retained for 10 years from the date of last seeing the patient.
- Records of children are retained until they are 25 and it is 10 years since they were last seen
- Records of the deceased are kept for 10 years
- Records are destroyed by shredding
- Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
11 CCTV for crime prevention
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
12 You have the following rights:
To be informed about how we use your personal data (the purpose of this Privacy Notice)
To update your personal data. You can update or amend your information by contacting us.
To ask us to delete your personal data. However, there may be circumstances where we are legally entitled to retain it
To get a free copy of your personal data by making a ‘subject access request’(limited to data that you have provided to us). To make a request please put the request in writing any send it to the address above. We might have to confirm your identity but will get back to you within 30 days
To object to the processing of your data and have it restricted. There may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request
The right to make a complaint. In the first instance, you should contact us directly with you concern, we hope that most problems can be sorted out quickly and easily. To get more information about our complaints policy please ask for a copy. If we are not able to resolve it to your satisfaction further help is available from Optical Consumer Complaints Service. If you think that any of your rights have been infringed by us to the Information Commissioner (www.ico.org.uk)
13 How the NHS and care services use your information and the national data opt out policy
Cotswold Eye Care Centre Ltd is one of many organisations working in the health and care system to improve care for patients and the public
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit http://www.nhs.uk/your-nhs-data-matters. On this web page you will:
• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation ‘is currently’ compliant with the national data opt-out policy.
14 How to contact us
By email firstname.lastname@example.org
Or write to us at Cotswold Eye Care Centre Ltd, High Street, Winchcombe, GLOS, GL54 5LJ
Last updated September 2020