We take the security and protection of our patients’ data extremely seriously. All data will be processed in full accordance with the Data Protection Act 2018 incorporating GDPR. This Policy includes the requirements of the national Data Security Standards applicable to an optical practice.
Quality Glaze Optical Laboratories Ltd t/as Speccies – The Specs Warehouse is an independent Dispensing Opticians whose registered office is 2nd Floor 201 Haverstock Hill, London, NW3 4QG. We are registered with the Information Commissioners Office as a Data Controller, registration number ZB152339
This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
Your privacy matters to us and we are committed to the highest data privacy standards, client confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.
Where you provide personal data to us, we will become responsible for it as the data controller.
We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.
We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.
We may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others.
We require/hold the following personal data:
Optical service and products
Name, date of birth, telephone numbers, home address and email address, optical prescription and lifestyle information
Retention time: 7 years after last contact
Reason to hold Data: Contract – in order to provide the service or products you have requested. Where health data is processed, we do so for the provision of healthcare.
Reminders and Recall
Name, email address, telephone numbers
Retention: 7 years after last contact or until asked to stop by you
Reason to hold Data: Contract – in order to provide the ongoing service appointment reminders are sent
Marketing
Name, email address, telephone number
Retention: Until asked to stop by you or until consent withdrawn from you
Reason to hold Data: 1. Legitimate interests – we will provide information which we believe is of genuine interest to you. 2. Consent – you have given consent to receive information about products or services that are of interest to you.
Credit/Debit Card Payments
Cardholder name, card number, security number
Retention:
Duration of the transaction
Reason to hold Data:
Contract – you have agreed to provide these details to pay for the service or products ordered.
Collection of online identifiers for analytical purposes (Cookies)
Google Analytics. No personal data held.
Retention: Until asked to stop by you or consent is withdrawn by you.
Reason for collecting Data: Consent – Ensuring visitors to our website get the best experience.
Special Category Data
We treat all personal data as sensitive and acknowledge that we also process some special category data including health data and children’s data.
We do not collect details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, Nor do we collect any information about criminal convictions and offences.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please our Data Protection Officer.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We use different methods to collect data from and about you including through:
Directly: You may give us your personal data by filling in forms on our website or by corresponding with us by post, phone, email or by visiting our showroom. This includes personal data you provide when you:
During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.
Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.
If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.
A full list of processors is available from our Data Protection Officer.
Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
Third Party Marketing
We do not share your personal data with any company for marketing purposes.
To provide and manage our services your electronic data is stored and processed by Optinet Ltd within their UK facilities, certified to ISO27001, which has appropriate security processes in place.
Your data is also stored within our own IT systems, which are secured to prevent access or intrusion by anyone who is not authorised to have access to your data. Our practices are operated to ensure that all records and equipment holding your personal data are physically protected.
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately if the loss or unauthorised access of your data has potential to cause you harm. We will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK. https://ico.org.uk/
Under UK data protection law, you have following rights which you can exercise by emailing our Data Protection Officer on admin@thespecswarehouse.co.uk
Right to be informed: This means that we have to be transparent in how we collect and use your personal data
Right of Access: You have the right to access your personal data
Right to Rectification: If the information we hold about you is inaccurate or incomplete, you can request that we correct this
Right to Erasure: You can request that we delete or remove personal data in certain circumstances
Right to Restrict Processing: You have the right to request that we cease processing your data if:
We will review the validity of your request and respond to you with our decision
Right to Data Portability: Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data to be provided to a third party
Right to Object: You have the right to object to our processing in certain circumstances. For example, you can object to:
Rights relating to Automated Decision-Making including Profiling: We do not use automated decision-making or profiling.
No fee required – with some exceptions
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links and checking or unchecking relevant boxes to adjust your marketing preferences, or by following the unsubscribe links on any marketing message sent to you by us.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, appointment confirmations and reminders, recall reminders or essential operational messages.
Please keep us informed if your personal data changes during your relationship with us. It is important that the personal data we hold about you is accurate and current.
For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:
Data Protection Officer: Ben Huckle
Tel: 01256 325161
Email: admin@thespecswarehouse.co.uk
Address: Unit 9 The Beresford Centre, Wade Road, Basingstoke, RG24 8FA
If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.
To make a complaint to the Information Commissioners Office use the link below or call their hotline on 0303 123 1113. https://ico.org.uk/concerns/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK