Who we are
We are committed to providing a high standard of service, taking every aspect of your relationship with us seriously, including data protection.
We are registered with the Information Commissioners Office and we comply with regulations laid down by the General Optical Council and NHS Scotland NSS and receive professional guidance from the Professional Associations of which we are members of or are registered with.
What data do we collect?
We collect data in store, by email, post and social media when you contact us:
• Visiting in store to make appointments or discuss purchases relating to your needs
• Making appointments over the phone
• Direct referral from another Healthcare provider, such as General Practitioner or Hospital Eye Service.
When you contact us we will collect the data appropriate to your enquiry and can include:
• Date of birth
• Phone numbers – mobile and home
• Email address
• Postal address for recall letters or deliveries
• Medical history and medication taken
• General Practitioner’s Name and Practice address
• Community Health Index (CHI) number if known
• Order and purchases made
• Previous spectacle prescription used and approximate date when dispensed
• Results of the eye examination and advice given
• Digital images of the eye
• Digital facial measurements to dispense spectacle lenses
• Images and recordings by CCTV and other cameras as part of your eye test as appropriate
Explaining the lawful basis we rely on
We collect and process your personal data for a number of reasons, such as:
To provide our services we need to collect, use and store personal information. This includes the collection, validation, processing and storage of health relating to primary care services requested by patients either residing in or accessed in Scotland attending our Practice.
When using personal information our legal basis is that its use is necessary for:
• the performance of a task carried out under General Optical Council regulations governing eye examinations;
• the provision of eye health care or treatment or the management of eye health care systems and services.
On some occasions we may rely on another basis, which will usually be that the use is necessary:
• in order to protect the vital interests of an individual.
When accessing our service we may need to collect and process your personal data to as part of our statutory obligations under General Optical Council, National Health Service and professional bodies to meet the required standard of care, retaining this data as regulated for a minimum period of time.
As a Contractor to NHS Fife we are duty bound to keep comprehensive medical records of patient data in order to validate NHS Scotland General Ophthalmic Services funded eye tests and vouchers to the NHS.
How do we collect consent?
We believe in informed consent which requires to be provided through an affirmative action.
In order to provide our service to you we will require written or verbal consent from you to process your personal data in certain circumstances:
• Referring you to another Healthcare Provider: Hospital, General Practitioner, Optometrist or Lawyer
• Consent from a child, who is deemed capable of consent, to the release of data to any parent
• Release of personal data to another family member
When you contact us we make use of informed, implied consent to collect sufficient personal data to facilitate eye examination appointments.
The consent you have given to us can be changed at any time for marketing and other processing at any time. In order to change your consent from opted in to opted out please contact us to change your consent. This can be done in person, by phone on 01592 642422, email email@example.com or write to us at 35 Whytescauseway, Kirkcaldy, Fife KY1 1XF
How long do we keep data?
In order to comply with the regulations and legislations we will keep your data for the following periods:
• Adult patient data will be retained for 10 years, following the last contact with the patient
• In case of children under 18 , who have not been seen since their 18th birthday, the patient data will be retained until their 18th birthday
• For deceased patients data will be kept for 10 years following the last contact with the patient
Who do we share your personal data with?
Personal information is shared only when it is lawful to do so. We operate principally on the basis that data processed by and sent to NSS Practitioner Services is sent on a statutory legal basis, not on the basis of consent.
When a Patient is required to be referred to the Hospital Eye Service, or other Registered NHS Provider, this is discussed with the Patient before doing so in order to gain either verbal or written consent. The referral information is then sent securely to the Hospital Eye Service using a secure method provided by NHS Scotland, which is covered by their own GDPR, in order to facilitate this.
When Patients access our primary care service, they sign a General Ophthalmic Services form which in part is a data protection notice explaining to patients how their data may be lawfully shared.
Prescription details with first and last name identifiers are used when ordering Patients spectacle lenses, for which automatic deemed consent is given when the Patient requests that we order their new spectacles for them. No medical data is sent to the spectacle suppliers, except in certain cases in order to facilitate a specially manufactured product due to facial characteristics, fitting or needs which will help facilitate with a bespoke requirement.
How and why do we use your personal data?
We process your personal data to provide you with our services such as eye examinations, spectacles, contact lenses, accessories and to keep you up to date with marketing appropriate to your needs.
We will send you eye examination reminder letters, before and after your next due examination date, product information for vision correction and eye health as part of our medical service which is part of our legitimate interest in providing you with healthcare, forming part of our statutory obligations under General Optical Council, National Health Service and professional bodies to meet the required standard of care.
What are your rights over personal data?
You have rights under the data protection legislation.
Right to be informed on how we collect and use your data.
Right of rectification – if data is inaccurate you can request it to be changed. If the request relates to information supplied to us by a third party we reserve the right to review this and make any changes at our discretion.
Right of erasure – you can request your personal data to deleted. If the request relates to information supplied to us by a third party we reserve the right to review this and make any changes at our discretion.
Please note that our statutory obligations and legislation will enforce us to keep your data as discussed in “How long do we keep data”
Right of Data portability – in certain circumstances you can request your data in electronic format. In order to do so we will require written consent and a current email address to forward this to.
How do you contact us or request a change
If you wish to change the personal data we hold on you, change your consent, stop us contacting you or wish to opt out of marketing please contact us on 01592 642422, firstname.lastname@example.org or write to us at 35 Whytescauseway, Kirkcaldy, Fife, KY1 1XF
Subject access requests by third parties
We will not provide any personal data to a third party without prior written consent.
The written consent must be complete to include name and address of the individual, data requested, contact details of the recipient and a method to confirm identity, with a dated signature from the person whose data is to be provided.
We will not provide other Authorities requesting personal data without written consent of the individual. The written consent must include full details of the Authorities requesting the information – name, rank and position with full verifiable contact information. Details of the person and data requested and the reason for the request being made should be outlined if regulations allow.
Contacting the supervising authority
We are registered with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone 0303 123 1113 www.ico.org.uk/concerns
Should you feel we have not met our obligations under data protection then please contact the Information Commissioner’s Office above.
We comply with current and future legislations, codes and regulatory guidelines from the following providers:
• General Optical Council guidelines
• NHS (General Ophthalmic Services) (Scotland) Regulations 2006
• NHS Optical Charges and Payments) (Scotland) Regulations 1998
• Information Commissioner’s Office
• Association of British Dispensing Opticians
• College of Optometrists
• NHS Records Management Code of Practice 2016
• Data Protection Act 1998
• Access to Health Records Act 1990
• Human Rights Act 1998
• Equality Act 2010
• Protection of Freedoms Act 2012
• HMRC, safety and employment legislation
• General Data Protection Regulations 2016 (GDPR)
Updates to our privacy statement
We will keep our privacy statement up to date on our website with notice of any updates made.