Privacy Notice

Who we are?
We at Homehealth Opticians Ltd. are registered with the Information Commissioners Office as a
Data Controller registration number Z1622512. We are specialists in-home delivery optometry
services and are registered from Central House Rear Office, 124 High Street, Hampton Hill
Middlesex, TW12 1NS

Your Privacy
Your privacy matters to us and we are committed to the highest data privacy standards, patient
confidentiality and adherence with the Data Protection Act 2018 and UK GDPR.

We adopt the six core principles of data protection which are:

  1. Lawfulness, fairness and transparency – we process personal data lawfully, fairly and in a
    transparent manner in relation to you, the data subject.
  2. Purpose limitation – we only collect personal data for a specific, explicit and legitimate
    purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect
    data for as long as necessary to complete that purpose.
  3. Data minimisation – we ensure that personal data we process is adequate, relevant and
    limited to what is necessary in relation to the processing purpose.
  4. Accuracy – we take every reasonable step to update or remove data that is inaccurate or
    incomplete. You have the right to request that we erase or rectify erroneous data that
    relates to you, and we will complete this task as soon as possible but guarantee to do so
    within a month.
  5. Storage limitation – we delete personal data when we no longer need it. Whilst the
    timescales in most cases aren’t set, we outline our retention strategy within this Privacy
    Notice.
  6. Integrity and confidentiality – we keep personal data safe and protected against
    unauthorised or unlawful processing and against accidental loss, destruction or damage,
    using appropriate technical or organisational measures.

Collection of your Personal Data
We collect your personal information via disclosure directly from you or your parent or guardian.
This might be via our website, via our booking system, telephone or face to face engagement.
Categories and Type of Personal Data Collected and processed.

We collect contact details from you (name, address, telephone number(s), email addresses and date
of birth). In addition to this, we collect other relevant details including current and past relevant
health and medication information, your examination results including images, and relevant lifestyle
information such as pastimes or work impacting on health care. We may also store associated
information received from other health care professionals as part of your ongoing care.

Finally, we collect financial information where appropriate including payment card details and
banking details for direct debit mandates.
We treat all personal data as sensitive but acknowledge that we also process special category data.

Child Data
Article 8 of the UK GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are
permitted to process data relating to children under 16 (For the UK this is under 13). Given our
industry, we comply with this requirement by permitting parents or guardians to make appointments
for children and to provide us with their own contact details to use on behalf of the children. On the
appointment confirmation, we offer a statement of understanding which confirms that the recipient
is indeed a parent or guardian of the child.

Reason for Data collection and processing activities.
Contact information is captured to enable us to contact you through various communication
channels on matters directly related to your treatment. This could include appointment reminders,
results, check up reminders and any other information which is felt to be crucial to your care. We
may also send offers from us about our services.

Clinical data is collected as an essential means of providing you with the service which you require
and without collecting this information our service could not be delivered.
Payment information is collected to facilitate the payment for our services.

Sharing of Personal Data
During the delivery of our service to you, we will share your data with other companies who are
critical for the provision of our service to you and will be viewed as Data Processors. They are under
contract with us and have provided sufficient guarantees that they will process your data only as per
the terms of that contract and throughout processing activities will ensure your data is protected
using appropriate technical and organisation measures. We may also need to share your data with
other health care providers, such as the NHS, where this is needed to ensure you receive
appropriate treatment and care.

We may pass information to external agencies and organisations, including the police, for the
prevention and detection of fraud and criminal activity. Should any claim be made, we may pass
your personal information to our insurers and if our business is wholly or partially transferred to a
third party, your personal information may be one of the transferred assets.
A full list of processors is available from our Data Protection Officer.

Securing and Processing of your Personal Data
Your data is stored and processed by Optix Software Ltd within their UK facilities which has
appropriate security processes and is is certified to ISO27001. If we collect Direct Debits from you
these payments will be processed by Eyecare Payments Ltd. Any third-party company is only
permitted to process your data for the specified purposes and in accordance with our instructions.
Your data is also stored within local devices secured using passwords and user authentication. Our
practice is secure and operated to ensure data and the devices on which that data resides, are
protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed
by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised
access of your data has potential to cause you harm, we will also report this to the Information
Commissioners Office, who are responsible for regulating data protection legislation in the UK.
https://ico.org.uk/

Our legal basis for processing your personal data?
We are required to identify one of six possible legal grounds for processing. These are:
• consent
• contract
• legitimate interests
• vital interests
• public task
• legal obligation

As all of our processing activities are crucial to the provision of the service which we enter into a
contract with you to provide, we process your data based on that contractual relationship.
We could also process your data under our legitimate interests as all processing activities are
essential for the provision of our service to you.

Where special category of data is processed, we do so Article 9 (2) h – processing is necessary
for…the provision of health or social care.

How long do we keep your personal data for?
We process three categories of personal data and retain this data for different periods of time.
We retain your information for as long as reasonably necessary to fulfil the purpose for which it was
collected, to provide our products and services and to maintain records to satisfy tax and other legal
requirements.

Contact information is retained as long as you are a customer of ours. Where you have not used our
services recently, and in the absence of a direct data subject request, we hold contact information
for a period of 10 years from the last appointment.
Based on the guidance of The Association of Optometrists the clinical data we process is held for a
period of 10 years.

Payment information is held by us only as long as is necessary to process the payment or to set up
the direct debit mandate.
Your rights in relation to personal data

Under the UK GDPR, you have the right to access and control your personal data. These rights include:
• access to personal information
• correction and deletion
• withdrawal of consent (if processing data on the condition of consent)
• data portability
• restriction of processing and objection
• lodging a complaint with the Information Commissioner’s Office

You can exercise your rights by emailing our Data Protection Officer on
EyecareOpticiansDPO@@clinicaldpo.com

If you are unhappy with anything we have done with your data, you have the right to complain to
the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline
on Tel No.: 0303 123 1113.     https://ico.org.uk/concerns/ 

Use of cookies and other technologies
A cookie is a small text file containing information that a website transfers to your computer’s hard
disk for record-keeping purposes. A cookie cannot give us access to your computer or to your
personal information. Most web browsers automatically accept cookies; consult your browser’s
manual or online help if you want information on restricting or disabling the browser’s handling of
cookies. If you disable cookies, you can still view the information on our website, but the
functionality of certain areas may be reduced.

How to contact us?
For all data protection matters or questions relating to how we manage your data, you can contact
our Data Protection Officer via these means:

Data Protection Officer: Clinical DPO.
Phone Number 0203 411 2848
Email: EyecareOpticiansDPO@@clinicaldpo.com