Our Data Protection Officer (DPO) is Ann Forbes who is a member of staff.
INFORMATION WE HAVE:
We keep paper and computer Patient , Customer and Staff records comprising name, date of birth, and Doctor’s name/surgery and contact details. Patient records may include retinal photographs, referral letters, fields results etc. Customer records may include bank direct debit/payment details. In addition, on our Website we receive enquiries. We aim to be clear that that we retain personal data freely given which is only accessible by us, the Partners and staff of Alexander Opticians. Our Patient Database is used solely for our reminder system. The system is password protected and kept up to date with ant-virus software in place. We do not share or sell this information with anyone else.
HOW YOUR INFORMATION WILL BE USED:
In the case of Patients and Customers, it will be used to fulfill our duty to care for your eyes, spectacles and contact lenses and comply with longstanding NHS obligations and rules laid down by the General Optical Council (GOC). With your consent, we may need to refer you to your GP or Eye Departments at hospitals, perhaps as an emergency. So your Data may need to be shared with Registered healthcare professionals and those under their supervision.
In the case of Staff, we will need to share your information with our Accountants: J.F. Francis, Francis House, 2, Park Road, Barnet, Herts., EN5 5RN in the normal course of employment laws.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA:
In the case of Patients and Customers, the basis is Legitimate Interest and for the purposes of health care.
HOW LONG WE KEEP YOUR INFORMATION:
In the case of Patient records, the NHS specifies 7 years or, in the case of children under 18, until their 25th birthday. College of Optometrists guidance is that it is best practice for records to be kept for 10 years.
In the case of Customer records and Staff records, these must be kept for tax purposes and future claims/information.
When records are deemed to be no longer required, this is checked by one of the partners and/or our DPO, and then they are securely deleted from the computer system and paper records are shredded.
All registered staff comply with GOC standards, which ensure they respect patient confidentiality. All other staff are fully versed in the need to do the same. Paper records are kept securely. Electronic data is password protected and there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date.
The above applies to Patients, Customers, and Staff.
Individual Rights are as follows and would be adhered to as long as they do not clash with NHS /GOC rules and TAX Office rules as already mentioned.
GDPR includes the following rights for individuals:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling ( we do not undertake profiling)
We occasionally include offers/vouchers with our reminder letters. If you wish to opt out of knowing about these offers kindly let us know.
Complaints in the first instance should be directed to the Partners of Alexander Opticians and/or our DPO at the above address: verbally, in writing or by e-mail.
If the Complaint remains unresolved then it should be directed to the Information Commissioner’s Office at https://ico.org.uk