Tel: (01743) 354468 / 368235 | Email: jh.optic@hotmail.co.uk
Privacy Policy
29th July 2023
About this Policy
At Joseph Hayes Opticians we respect your privacy and are committed to protecting your personal data. We are bound by the General Data Protection Regulation (GDPR) which applies across the European Union (including, at this time, the UK) and we are responsible as a “Data Controller” of the information we collect. This “Privacy Policy” explains what personal data we collect, why we need it, what we do with it, how we protect it, who we share it with and what rights you have to control what we do with it
Who are we ?
We are Joseph Hayes Opticians, we are an Independent, family owned and run business, which started in 1992
We have 2 Optometrists, Joseph & Alison Hayes, 1 Dispensing Optician, and a staff of 3 other Optical Assistants, and a Glazing Technician
The practice is at 2 Wyle Cop, Shrewsbury, Shropshire, SY1 1UT
Tel: 01734 354468 / 368235
Email: jh.optic@hotmail.co.uk
Website: www.josephhayesopticians.co.uk
What data do we collect ?
We only collect data that is necessary for us to deliver the best service to our patients and customers:
Basic contact information, Name, Address, Phone Number, Email, Date of Birth etc.
Your Eye Examination results
Any relevant details of general health, including medication and previous optical treatment
Any relevant details of family history
Any relevant documents from third parties such as other Optical Practices, Doctors, healthcare Consultants, any other HealthCare Professionals etc.,
Payment details for Standing Order contact lens patients
Retinal Photographs
Facial Photographs to aid accurate spectacle dispensing and fitting measurements
Certain lifestyle information, again to assist with accurate spectacle dispensing and advising on the best possible frame and lens options
Why do we collect data from you and what do we do with it ?
Basically, we collect your data to enable us to provide you with the best and most appropriate eyecare service that we can. We need to be able to remind you when you are due for an eye examination, inform you when glasses or contact lenses are ready for collection, keep a record of your prescription, the health of your eyes etc. We also need to be able to monitor any ongoing issues with your eyes, to enable us to advise you on the best course of action
What is our lawful basis for storing and processing your data ?
This is defined as “Legitimate Interest”
In the case of persons entitled to NHS-funded eye examinations and/or spectacles (under the GOS), our lawful basis is “Public Task“
How do we store your data ?
Usually your patient record will be a paper one, with a duplicate stored electronically on computer, or an electronic record in the case of retinal photos. These are password-protected. We take the utmost care to store all records securely, and only staff under the supervision of Joseph or Alison Hayes have access to them. Backups are done daily to enable the restoration of data in the event of a computer problem, and these are encrypted and kept off site
How long do we keep your data ?
We are legally required to keep your records for 7 years, but it is recommended that this should actually be 10 years. In the case of someone under 16 at their eye examination, it is recommended that we keep the record until they are 25 years old. In the case of persons deceased, it is recommended that we keep the record for 10 years
After this time, if the record is inactive, it is securely shredded
Who do we share your data with ?
Unless required to by law, we only share your data (in your best interests and with your consent) with other health care professionals, eg your Doctor or healthcare Consultant. In the case of persons entitled to services funded through the NHS, we also need to pass on details to the NHS for payment purposes. Your data is processed by Ocuco Ltd, which is our practice management software company – they are “Data Processors” for the purposes of the GDPR
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind
What (new) Rights do I have under the GDPR ?
The right to be forgotten – should you wish us to erase your data, we will do so, as long as it is beyond the legal period which we are obliged to keep records for
The right to be informed – the purpose of this policy is to do exactly that
The right to access data – should you wish to have access to your records, we require a written request and photo id, and will then comply within a 30 day period
The right to data accuracy – should there be an error on your record, simply inform us and we will correct it as soon as possible. Technically, we have 30 days to comply, but in most cases this can be done more or less immediately
The right to restrict processing – should you wish us NOT to send out reminder letters etc., simply inform us and we will comply
The right to data portability – you have the right to take a copy of your data in electronic format. Same rules apply for accessing a copy of your records
The right to object – same as the “restrict processing” above
The right to object to automated processing – we actually do no automated processing / profiling in any case. Lifestyle questionnaires to assist with appropriate and accurate dispensing might come under this heading, but should you wish us not to do this, we will comply
How often is this policy updated ?
We reserve the right to update this policy whenever new regulations or the situation demands it
This Policy was written by Joseph Hayes on 29th July 2020
Address:
Joseph Hayes Opticians
2 Wyle Cop
Shrewsbury
Shropshire
SY1 1UT
Tel No:
(01743) 354468
(01743) 368235
Email:
jh.optic@hotmail.co.uk