Privacy Policy

Privacy Notice

 

Who we are?

Bird Opticians is a private independent Opticians operating from 41-43 Surrey Street, Sheffield, S1 2LG. We are registered with the Information Commissioners Office as a Data Controller, registration number Z7998021.

 

 

Your Privacy

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. However you choose to interact with us, we will only collect data that is necessary for us to deliver the best possible service and ensure you are reminded about appointments or anything else relevant to your ongoing care. This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

We adopt the six core principles of data protection which are:

  1. Lawfulness, fairness and transparency- we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitation- we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisation- we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracy- we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitation- we delete personal data when we no longer need it. Whilst the timescales in most cases aren't set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentiality- we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your Personal Data

We collect your personal information via disclosure directly from you or your parent or guardian. This might be via our website, via our booking system, telephone or face to face engagement.

 

Categories and Type of Personal Data Collected and processed.

We collect contact details from you (name, address, telephone number(s), email addresses and date of birth). In addition to this we collect other relevant details including current and past relevant health and medication information, your examination results including images, and relevant lifestyle information such as pastimes or work impacting on health care. We may also store associated information received from other health care professionals as part of your ongoing care.

 

Finally, we collect financial information where appropriate including payment card details and banking details for direct debit mandates.

 

We treat all personal data as sensitive but acknowledge that we also process special category data.

 

Child Data

Article 8 of the UK GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are permitted to process data relating to children under 16 (For the UK this is under 13). Given our industry we comply with this requirement by permitting parents or guardians to make appointments for children and to provide us with their own contact details to use on behalf of the children. On the appointment confirmation we offer a statement of understanding which confirms that the recipient is indeed a parent or guardian of the child.

 

Reason for Data collection and processing activities.

The information we collect about you is used to ensure we provide you with the best and most appropriate products and services. In addition to your ongoing eye care, we will remind you when appointments are due and suggest relevant products or services that we believe would be of interest. We use your contact information to respond to queries from you, and where appropriate your bank details to collect Direct Debit payments as agreed. We may occasionally contact you to ask for your feedback on services we have provided and to offer the opportunity to trial new products.

 

Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures. We may also need to share your data with other health care providers, such as the NHS, where this is needed to ensure you receive appropriate treatment and care.

 

We may pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

 

A full list of processors is available from our Data Protection Officer.

 

Securing and Processing of your Personal Data

Your data is stored and processed by Optix Software Ltd within their UK facilities which has appropriate security processes and is certified to ISO27001. Any third-party company is only permitted to process your data for the specified purposes and in accordance with our instructions.

 

Your data is also stored within local devices secured using passwords and user authentication. Our practices are secure and operated to ensure data and the devices on which that data resides, are protected.

 

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

 

Our legal basis for processing your personal data?

We are required to identify one of six possible legal grounds for processing. These are:

  • consent
  • contract
  • legitimate interests
  • vital interests
  • public task
  • legal obligation

 

As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.

 

We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.

 

Where special category of data is processed, we do so under Article 9 (2) h – processing is necessary for…the provision of health or social care.

 

How long do we keep your personal data for?

We retain your information for as long as reasonably necessary to fulfil the purpose for which it was collected, to provide our products and services and to maintain records to satisfy tax and other legal requirements.

 

Contact information is retained as long as you are a customer of ours. Where you have not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last appointment.

 

Based on the guidance of The Association of Optometrists the clinical data we process is held for a period of 10 years.  For Children clinical data is held until they reach the age of 21.

 

Payment information is held by us only as long as is necessary to process the payment or to set up the direct debit mandate.

 

Your rights in relation to personal data

Under the UK data protection law, you have rights to access and control your personal data. These rights include:

Right Explanation
Right to be informed This means that we have to be transparent in how we collect and use your personal data
Right of access You have the right to access your personal data.
Right to rectification If the information we hold about you is inaccurate or incomplete you can request that we correct this
Right to erasure You can request that we delete or remove personal data in certain circumstances
Right to restrict processing You have the right to request that we cease processing your data if

·       you consider it inaccurate or incomplete and/or

·       you object to the reason we're processing your data

We will review the validity of your request and respond to you with our decision

Right to data portability Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party
Right to object You have the right to object to our processing in certain circumstances. For example, you can object to:

·       direct marketing and

·       processing for the purposes of scientific/historical and statistics

Rights relating to automated decision-making including profiling Where we apply automated decision-making, we must

·       give you information about the processing

·       introduce simple ways for you to request human intervention or challenge a decision

·       carry out regular checks to make sure that our systems are working as intended

We do not use automated decision-making or profiling

 

You can exercise your rights by emailing our Data Protection Officer on BirdOpticiansDPO@Clinicaldpo.com

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113   

https://ico.org.uk/concerns/

 

Use of cookies and other technologies

A cookie is a small text file containing information that a web site transfers to your computer’s hard disk for record-keeping purposes. A cookie cannot give us access to your computer or to your personal information. Most web browsers automatically accept cookies; consult your browser’s manual or online help if you want information on restricting or disabling the browser’s handling of cookies. If you disable cookies, you can still view the information on our web site, but the functionality of certain areas may be reduced.

 

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

 

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

 

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

 

Data Protection Officer:               Clinical DPO.

Phone Number                              0203 411 2848

Email:                                              BirdOpticiansDPO@Clinicaldpo.com