Privacy Policy for Carter and Harding
Who we are?
EyeSense Eyecare Ltd; Fernandes Optometrists (Nailsea) Ltd, trading as Lynne Fernandes Optometrists; and Carter and Harding Opticians Ltd are private independent Opticians registered as data controllers for your personal data with the ICO and operating from:
- Carter & Harding Opticians – 5a Fore Street, Trowbridge, BA14 8HD. ICO number Z2821233
- Carter & Harding Opticians – 9 The Shambles, Bradford on Avon, BA15 1JS. ICO number Z2821233
- Lynne Fernandes Optometrists – 75 Gloucester Road, Bristol, BS7 8AS. ICO number Z1018762
- Lynne Fernandes Optometrists – 182a Wells Rd, Knowle, Bristol, BS4 2AL. ICO number Z1018762
- Lynne Fernandes Optometrists – 124a High Street, Nailsea, BS48 1AH. ICO number Z1018762
Your Privacy
This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.
Collection of your Personal Data
Where you provide personal data to us, we will become responsible for it as the data controller.
We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.
We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.
We may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others.
Main Categories and Type of Personal Data Collected and processed
Processing Activity
Personal Data Required/Held
Retention Time
Reasons to hold Data
Optical service and products
Name, date of birth, telephone numbers, address and email Current and past health and medication information, family history, your examination results, and lifestyle information. Data received other healthcare professionals as part of your ongoing careName, date of birth, telephone numbers, address and email Current and past health and medication information, family history, your examination results, and lifestyle information. Data received other healthcare professionals as part of your ongoing care
10 years after last contact or until age 25, whichever is later
Contract – in order to provide the service or products you have requested. Where health data is processed, we do so for the provision of healthcare
Reminders
Name, email address, address, telephone numbers
10 years after last contact or until age 25, whichever is later or until asked to stop by you
Contract – In order to provide the ongoing service appointment reminders are sent
Marketing
Name, email address, address, telephone number
Until asked to stop by you or until consent withdrawn by you
Legitimate interests – we will provide information which we believe is of genuine interest to you. Consent – you have given consent to receive information about products or services that are of interest to you
Credit/Debit card payments
Cardholder name, card number, security number
Duration of the transaction
Contract – you have agreed to provide these details to pay for the service or products ordered
CCTV footage
Images
3- 10 days for non-requested footage. 6 months for requested footage
Legitimate interests – Prevention and detection of crime. Protection of our colleagues and visitors. Investigation of accidents, incidents, criminal activities and breaches of our policies
Investigation of accidents, incidents, criminal activities and breaches of our policies
Cookies
We do not set and use cookies, tracking, or similar technologies to store and manage user preferences on our website, advertise, enable content, or otherwise analyse user and usage data.
Sharing of Personal Data
Your data is processed by our group under a joint controller agreement, to provide for your eyecare needs.
During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.
Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.
If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.
Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our regulator, professional associations, and our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
A full list of processors is available from our Data Protection Officer.
Your rights in relation to personal data
Under UK data protection law, you have following rights:
Right
Explanation
Right to be Informed
This means that we have to be transparent in how we collect and use your personal data
Right of Access
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Right to Rectification
If the information we hold about you is inaccurate or incomplete you can request that we correct this
Right to Erasure
You can request that we delete or remove personal data in certain circumstances
Right to Restrict Processing
You have the right to request that we cease processing your data if:
- you consider it inaccurate or incomplete and/or
- you object to the reason we’re processing your data
We will review the validity of your request and respond to you with our decision
Right to Data Portability
Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party
Right to Object
You have the right to object to our processing in certain circumstances
Rights relating to Automated Decision-Making including Profiling
We do not use automated decision-making or profiling
Right to complain to the Information Commissioner’s Office (ICO)
The ICO are responsible for regulating data protection legislation in the UK. To make a complaint visit ico.org.uk or call 03031231113
How to contact us?
If you have any questions about this privacy policy, or you would like to exercise any of your rights, please contact our Data Protection Officer.
Data Protection Officer: Clinical DPO
Phone Number: 0203 411 2848