01302 349193

Who we are

Edwards & Walker Opticians is a private independent Opticians operating from 16 Priory Place, Doncaster, DN1 1BZ. We are registered with the Information Commissioners Office as a Data Controller, registration number Z5343084.

Your privacy

This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.

  1. Lawfulness, fairness and transparency: We process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitation: We only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisation: We ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracy: We take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitation: We delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentiality: We keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

If you do not wish to give us information, please be aware that we will not be able to perform a NHS eye examination or give you the best care possible.

Collection of your Personal Data

Where you provide personal data to us, we will become responsible for it as the data controller.

We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.

We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.

We may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others.

Main Categories and Type of Personal Data Collected and processed
Processing ActivityPersonal Data Required/HeldRetention TimeReason to hold Data
Optical service and productsName, date of birth, telephone numbers, address and email. Current and past health and medication information, family history, your examination results, and lifestyle information. Data received from other healthcare professionals as part of your ongoing care10 years after last contact or until age 26, whichever is laterContract – in order to provide the service or products you have requested. Where health data is processed, we do so for the provision of healthcare.
RemindersName, email address, address, telephone numbers10 years after last contact or until age 26, whichever is later or until asked to stop by youContract – In order to provide the ongoing service appointment reminders are sent
MarketingName, email address, address, telephone numberUntil asked to stop by you or until consent withdrawn by youLegitimate interests – we will provide information which we believe is of genuine interest to you.
Consent – you have given consent to receive information about products or services that are of interest to you
Credit/Debit card paymentsCardholder name, card number, security numberDuration of the transactionContract – you have agreed to provide these details to pay for the service or products ordered
CCTV footageImages7 daysLegitimate interests – Prevention and detection of crime. Protection of our colleagues and visitors. Investigation of accidents, incidents, criminal activities and breaches of our policies.
Collection of online identifiers for analytical purposes (Cookies)Cookie information. IP address. Device ID. Session ID. Interaction history. Website feedback.See Cookie PolicyConsent – Ensuring visitors get the best experience.

We treat all personal data as sensitive but acknowledge that we also process special category data including health data and children’s data.

Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.

If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.

A full list of processors is available from our Data Protection Officer.

Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

You can decline to be referred if you wish. While you do have the right to opt out of our reminder system, we cannot erasure your record as we are legally required to keep your record for 10 years.

Securing and Processing of your Personal Data

To provide and manage our services your electronic data is stored and processed by XEYEX Ltd, certified by QMS International, having been independently assessed and approved for the security standard of ISO 27001.

Your data is also stored within our own IT systems, which are secured to prevent access or intrusion by anyone who is not authorised to have access to your data. Our practice is operated to ensure that all records and equipment holding your personal data are physically protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we will inform you if the loss or unauthorised access of your data has potential to cause you harm. We may report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

Your rights in relation to personal data

Under UK data protection law, you have following rights which you can exercise by emailing our Data Protection Officer on info@edwardsandwalker.com

RightExplanation
Right to be InformedThis means that we have to be transparent in how we collect and use your personal data
Right of AccessYou have the right to access your personal data.
Right to RectificationIf the information we hold about you is inaccurate or incomplete you can request that we correct this
Right to ErasureYou can request that we delete or remove personal data in certain circumstances
Right to Restrict ProcessingYou have the right to request that we cease processing your data ifyou consider it inaccurate or incomplete and/oryou object to the reason we’re processing your dataWe will review the validity of your request and respond to you with our decision
Right to Data PortabilityWhere you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party
Right to ObjectYou have the right to object to our processing in certain circumstances. For example, you can object to:direct marketing andprocessing for the purposes of scientific/historical and statistics
Rights relating to Automated Decision-Making including ProfilingWe do not use automated decision-making or profilingWhere automated decision-making is applied, organisations mustgive you information about the processingintroduce simple ways for you to request human intervention or challenge a decisioncarry out regular checks to make sure that our systems are working as intended

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use call their hotline on Tel No.: 0303 123 1113 or use the following link: https://ico.org.uk/concerns/

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

Data Protection Officer: Prabhpreet Badh

Phone Number: 01302 349193

Email: info@edwardsandwalker.com