This Privacy Statement applies to the processing by Elizabeth Evans Opticians of your personal data.
We take your privacy very seriously and treat all your personal data with great care.
We only collect the minimum amount of data from you in order to provide our services to you.
We do not share your data with anyone, unless you consent for us to do so.
Even then, this would only be with your GP or health care provider, and only with your consent.
PARTICULARLY IMPORTANT INFORMATION
WHO WE ARE: For the purpose of applicable data protection legislation, the data controller of your personal data is Evans Optometrists Ltd, 23 Front Street, Prudhoe, Northumberland. NE42 5HN.
2. COLLECTING YOUR PERSONAL DATA
Elizabeth Evans Opticians collects information about you in the following ways:
- Personal information you give to us (eg. name, address, date of birth,)
- Sensitive Information you give to us (eg. Medical history)
When you have provided your consent, in order to:
- subscribe to any of our marketing communications
- complete customer surveys, enter competitions or provide feedback.
We collect payment card information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services.
We also use CCTV at our practice for security reasons. However this information is held for a short time only on a secure database and is automatically deleted.
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We use the information we collect about you to arrange regular appointments, to contact you with relevant information, and to inform you of any changes to your products and services.
With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we provide which we think may be of interest to you.
4. SHARING YOUR DATA
We will only share your data with your General Practitioner or Hospital Trust when we think it is in your best interests, and there is a need for further medical examination and/or advice.
In each case, your written consent will be sought, and you have the right to refuse for your personal data to be shared.
5. YOUR RIGHTS
The GDPR provides the following rights for individuals:
Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward.
Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to firstname.lastname@example.org. We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.
Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to email@example.com.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the General Data Protection Regulation.
Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes. You can do this by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. an email newsletter), or (ii) by sending an email to firstname.lastname@example.org, or (iv) writing to the practice address.
Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.
We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.
6. PROTECTION AND STORAGE OF YOUR DATA
We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Your personal data will be encrypted and stored on an external UK-based server that is secured by means of state of the art protection measures. Only staff at Elizabeth Evans Opticians have access to your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. RETENTION OF INFORMATION
In line with healthcare regulations, we will retain your records for a period of ten years after final appointment. At this point we will securely destroy all information we hold regarding your identity and medical history.
We are committed to resolve any complaints about our collection or use of your personal data. In case you have any questions in relation to this Privacy Statement or our practices in relation to your personal data you may send an email to email@example.com. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date and we will notify you if we make any material updates. We may also notify you in other ways from time to time about the processing of your personal information.