Who we are?

We at Hatch End Eyecare are registered with the Information Commissioners Office as a Data Controller registration number Z1799972. We are specialist in optometry services and operate from 394 Uxbridge Road, Hatch End, Middlesex, HA5 4HP

Your Privacy

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR.

We adopt the six core principles of data protection which are:

1. Lawfulness, fairness and transparencywe process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.

2. Purpose limitationwe only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.

3. Data minimisationwe ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.

4. Accuracywe take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.

5. Storage limitationwe delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.

6. Integrity and confidentialitywe keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your Personal Data

We collect your personal information via disclosure directly from you or your parent or guardian. This might be via our website, via our booking system, telephone or face to face engagement.

Categories and Type of Personal Data Collected and processed.

We collect contact details from you including:

– Name
– Address
– Telephone number(s)
– email addresses
– Date of Birth

In addition to this contact information we collect clinical data including:

– Current and past relevant health and medication information.
– Examination results including images.
– Relevant lifestyle information such as pastimes or work impacting on health care.

Finally, we collect financial information where appropriate including:

– Payment card details.
– Banking details for direct debit mandates.

We treat all personal data as sensitive but acknowledge that we also process special category data.

Child Data

Article 8 of the UK GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are permitted to process data relating to children under 16 (For the UK this is under 13). Given our industry we comply with this requirement by permitting parents or guardians to make appointments for children and to provide us with their own contact details to use on behalf of the children. On the appointment confirmation we offer a statement of understanding which confirms that the recipient is indeed a parent or guardian of the child.

Reason for Data collection and processing activities.

Contact information is captured to enable us to contact you through various communication channels on matters directly related to your treatment. This could include appointment reminders, results, check-up reminders and any other information which is felt to be crucial to your care. We may also with your consent send offers from us about our services.

Clinical data is collected as an essential means of providing you with the service which you require and without collecting this information our service could not be delivered.

Payment information is collected to facilitate the payment of our services.

Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

A full list of processors is available from our Data Protection Officer.

We may also need to share your data with other health care providers, such as the NHS, where this is needed to ensure you receive appropriate treatment and care.

Securing and Processing of your Personal Data

Your data is stored mainly within Optix, our cloud based patient management system which has appropriate security processes in place.

Your data is also stored within local devices secured using passwords and user authentication. Our practice is secure and operated to ensure data and the devices on which that data resides, are protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

Our legal basis for processing your personal data?

We are required to identify one of six possible legal grounds for processing. These are:

– consent
– contract
– legitimate interests
– vital interests
– public task
– legal obligation

As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.

We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.

Where special category of data is processed, we do so Article 9 (2) h – where processing is necessary for the provision of health or social care.

How long do we keep your personal data for?

We process three categories of personal data and retain this data for different periods of time.

Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last appointment.

Based on the guidance of The Association of Optometrists the clinical data we process is held for a period of 10 years.

Payment information is held by us only as long as is necessary to process the payment or to set up the direct debit mandate.

Your rights in relation to personal data

Under the UK GDPR, you have rights to access and control your personal data. These rights include:

– access to personal information
– correction and deletion
– withdrawal of consent (if processing data on condition of consent)
– data portability
– restriction of processing and objection
– lodging a complaint with the Information Commissioner’s Office

You can exercise your rights by emailing our Data Protection Officer on HatchEndDPO@clinicaldpo.com

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113   

https://ico.org.uk/concerns/ 

National Data Opt Out Statement

Hatch End Eyecare is one of many organisations working in the health and care system to improve care for patients and the public.Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:


– improving the quality and standards of care provided
– research into the development of new treatments
– preventing illness and diseases
– monitoring safety
– planning services


This may only take place when there is a clear legal basis to use this information. All these
uses help to provide better health and care for you, your family and future generations.
Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

Hatch End Eyecare – National Data Opt Out 7

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-
data-matters. On this web page you will:

– See what is meant by confidential patient information
– Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
– Find out more about the benefits of sharing data
– Understand more about who uses the data
– Find out how your data is protected
– Be able to access the system to view, set or change your opt-out setting
– Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
– See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until September 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our organisation is compliant with the national data opt-out policy.

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

Data Protection Officer:  Clinical DPO.

Phone Number:  0203 411 2848

Email:  HatchEndDPO@clinicaldpo.com

Easy as that

It’s never been easier to order contact lenses. Simply fill out our online form and the team will be in touch to confirm your order. It’s as easy as that!

    Verified by MonsterInsights