In order to provide you with safe and effective medical care we need to collect and process your personal data. The General Data Protection Regulations is the law that governs how this should be done.
What information we need:
Personal information, meaning information which relates to or is obviously about you or through which you can be identified.
We receive information about you from the referring clinician, usually your GP or optometrist. We will also ask you to complete a patient information form when you first attend clinic. Your insurance company may also provide us with information about you that is relevant to the cover that you may have for your treatment.
How we use it:
We use your personal information to provide medical care for you, for accounting purposes, to manage any medicolegal queries, to communicate to others who have a duty of care for you (for example to send letters to your GP), to communicate with your health insurance provider (if you have one) and for internal audit of our activities.
Please note that we routinely send a copy of the letter generated after your clinic appointment to your optometrist. If you would prefer that this does not occur let us know, but in almost all instances it is advised that they are kept informed as they also have a duty of care for you with respect to your eye health.
We will never divulge any of your information for marketing purposes to third parties or share any information about you with organisations or people that aren’t directly involved with the care you have received.
How long the information is stored:
We will hold your personal / health information for at least as long as the minimum statutory requirement once you have been discharged.
As an organisation we take all appropriate steps to ensure your data remains safe. Paper files, when not in transit, are held under lock and key. Our electronic records are held on servers within the EU based on the Microsoft Azure platform. When we send out emails that contain personal information we do so in an encrypted format. To prevent your personal health information from being intercepted on route, we suggest you do the same when sending us emails that contain sensitive details.
The UK GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
For further information on these rights see:
If you would like to make a request about how your information has been or will be processed, or would like to discuss our policies further, please contact us.
PO Box 942,
Mrs Louise Ayre – Practice manager
Phone: 0161 927 7322