Here at Enhanced Optometry Services Ltd. we take your privacy seriously and will only use your personal information for the purposes of providing your eye care and to provide the products and services you have requested from us.Here at Enhanced Optometry Services Ltd. we take your privacy seriously and will only use your personal information for the purposes of providing your eye care and to provide the products and services you have requested from us.
Who is responsible for processing my data?
The organisation responsible for managing, controlling and processing your data (the Data Controller) is Enhanced Optometry Services Ltd. 15 Market Hill, Coggeshall, CO6 1TS
What is the legal basis for processing my data?
We process your data for the purposes of legitimate interests pursued by the data controller and where processing is necessary for the purposes of the provision of health care or treatment or management of health care systems and services on the basis of Union or Member State law or a contract with a health professional.
How long do you keep my data?
The NHS specifies 7 years or, in the case of children under 18, until their 25th birthday. College of Optometrists guidance is that it is best practice for records to be kept for 10 years.Who will use or process my data?Only registered healthcare professionals working for or on behalf of Enhanced Optometry Services Ltd. will use or process your data.
Do you share or transfer my data to anyone else?
The information held about you will not be shared for any reason, unless:
- you ask us to do so;
- we ask and you give us specific permission;
- we are required by law,
- we are permitted by law, for example where public interest overrides the need to keep the information confidential.
The types of people we may ask you for permission to share information with include your doctors (GP and hospital) and other health professionals such as nurses.
Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions of the types listed above.
The General Data Protection Regulation provides the following rights for individuals:
- You have the right to be informed about the collection and use of their personal data
- You are entitled to a copy of your health record free of charge. We are required to respond to your request within 1 month. To make a Subject Access Request, please write to us detailing the information that you seek. Please try to be as specific as possible, because as a small company searches can be expensive. We will charge a reasonable fee based on the administrative cost for searches that we deem to be excessive or unfounded. We will charge a fee for repeat searches, even if the original search was free. Requestors should not assume we have received the request until they have received an acknowledgement
- You have the right to have inaccurate personal data rectified or completed if it is incomplete. We are required to respond to your request within 1 month. To make a request for deletion or rectification, please write to us or speak to us, detailing the information that you believe needs correcting, and evidence of why the data we hold is incorrect. We will confirm receipt of the request in writing
- You have the right to object to us processing your data, however your objection must have grounds relating to your particular situation and we may not stop processing your data if we can demonstrate compelling legitimate grounds for the processing or if the processing is for the establishment, exercise or defence of legal claims.
- You have the right to lodge a complaint with the Information Commissioners Office for further information please visit https://ico.org.uk/concerns/handling/