Joseph

Hayes

Opticians

Tel: (01743) 354468 / 368235  |  Email: jh.optic@hotmail.co.uk



Privacy Policy

 

25th May 2018

 

About this Policy

 

At Joseph Hayes Opticians we respect your privacy and are committed to protecting your personal data. We are bound by the General Data Protection Regulation (GDPR) which applies across the European Union (including, at this time, the UK) and we are responsible as a “Data Controller” of the information we collect. This “Privacy Policy” explains what personal data we collect, why we need it, what we do with it, how we protect it, who we share it with and what rights you have to control what we do with it

 

Who are we ?

 

We are Joseph Hayes Opticians, we are an Independent, family owned and run business, which started in 1992

 

We have 2 Optometrists, Joseph & Alison Hayes, 1 Dispensing Optician, and a staff of 3 other Optical Assistants, and a Glazing Technician

 

The practice is at 2 Wyle Cop, Shrewsbury, Shropshire, SY1 1UT

Tel: 01734 354468 / 368235

Email: jh.optic@hotmail.co.uk

Website: www.josephhayesopticians.co.uk

 

What data do we collect ?

 

We only collect data that is necessary for us to deliver the best service to our patients and customers:

 
  • Basic contact information, Name, Address, Phone Number, Email, Date of Birth etc.

  • Your Eye Examination results

  • Any relevant details of general health, including medication and previous optical treatment

  • Any relevant details of family history

  • Any relevant documents from third parties such as other Optical Practices, Doctors, healthcare Consultants, any other HealthCare Professionals etc.,

  • Payment details for Standing Order contact lens patients

  • Retinal Photographs

  • Facial Photographs to aid accurate spectacle dispensing and fitting measurements

  • Certain lifestyle information, again to assist with accurate spectacle dispensing and advising on the best possible frame and lens options 

 

Why do we collect data from you and what do we do with it ?

 

Basically, we collect your data to enable us to provide you with the best and most appropriate eyecare service that we can. We need to be able to remind you when you are due for an eye examination, inform you when glasses or contact lenses are ready for collection, keep a record of your prescription, the health of your eyes etc. We also need to be able to monitor any ongoing issues with your eyes, to enable us to advise you on the best course of action

 

What is our lawful basis for storing and processing your data ?

 

This is defined as “Legitimate Interest”

In the case of persons entitled to NHS-funded eye examinations and/or spectacles (under the GOS), our lawful basis is “Public Task“

 

How do we store your data ?

 

Usually your patient record will be a paper one, with a duplicate stored electronically on computer, or an electronic record in the case of retinal photos. These are password-protected. We take the utmost care to store all records securely, and only staff under the supervision of Joseph or Alison Hayes have access to them. Backups are done daily to enable the restoration of data in the event of a computer problem, and these are encrypted and kept off site

 

How long do we keep your data ?

 

We are legally required to keep your records for 7 years, but it is recommended that this should actually be 10 years. In the case of someone under 16 at their eye examination, it is recommended that we keep the record until they are 25 years old. In the case of persons deceased, it is recommended that we keep the record for 10 years

After this time, if the record is inactive, it is securely shredded

 

Who do we share your data with ?

 

Unless required to by law, we only share your data (in your best interests and with your consent) with other health care professionals, eg your Doctor or healthcare Consultant. In the case of persons entitled to services funded through the NHS, we also need to pass on details to the NHS for payment purposes. Your data is processed by Ocuco Ltd, which is our practice management software company – they are “Data Processors” for the purposes of the GDPR 

 

What (new) Rights do I have under the GDPR ?

 
  • The right to be forgotten – should you wish us to erase your data, we will do so, as long as it is beyond the legal period which we are obliged to keep records for

  • The right to be informed – the purpose of this policy is to do exactly that

  • The right to access data – should you wish to have access to your records, we require a written request and photo id, and will then comply within a 30 day period

  • The right to data accuracy – should there be an error on your record, simply inform us and we will correct it as soon as possible. Technically, we have 30 days to comply, but in most cases this can be done more or less immediately

  • The right to restrict processing – should you wish us NOT to send out reminder letters etc., simply inform us and we will comply

  • The right to data portability – you have the right to take a copy of your data in electronic format. Same rules apply for accessing a copy of your records

  • The right to object – same as the “restrict processing” above

  • The right to object to automated processing – we actually do no automated processing / profiling in any case. Lifestyle questionnaires to assist with appropriate and accurate dispensing might come under this heading, but should you wish us not to do this, we will comply

 

How often is this policy updated ?

 

                We reserve the right to update this policy whenever new regulations or the situation demands it

                

                This Policy was written by Joseph Hayes on 25th May 2018