Privacy Policy

WHO WE ARE?

PG Allder and Partners Ltd t/a Allders Opticians is a private independent Opticians and Audiologists registered at Radium Anchor Boulevard, Crossways Business Park, Dartford, England, DA2 6QH and operating from the following locations:

17 Bedford Street, Ampthill, Bedford, MK45 2LU

83A Bedford Road, Barton-le-Clay, Bedford, MK45 4LL 39 High Street, Biggleswade, SG18 0JH

42 High Street North, Dunstable, LU6 1LA

Unit 11, The Russell Centre, Coniston Road, Flitwick, Bedfordshire, MK45 1QY 17a Station Road, Harpenden, AL5 2SQ

1-5 Market Square, Leighton Buzzard, LU7 1EU 15 Eastcheap, Letchworth Garden City, SG6 3DA 21 Market Square, Sandy, SG19 1JA

15 High Street, Saint Neots, PE19 1BU

We are registered with the Information Commissioners Office as a Data Controller, registration number ZA039420.

YOUR PRIVACY

This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.

COLLECTION OF YOUR PERSONAL DATA

Where you provide personal data to us, we will become responsible for it as the data controller.

We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.

We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.

We may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions, or people you have authorised to provide information on your behalf, for example, parents or guardians, third-party service providers, government, tax or law-enforcement agencies, and others.

 

MAIN CATEGORIES AND TYPE OF PERSONAL DATA COLLECTED AND PROCESSED

Processing

Activity

Personal Data Required/Held

Retention Time

Reason to hold Data

Optical service and products

Name, date of birth, telephone numbers, address and email

Current and past health and medication information, family history, your examination results, and lifestyle information.

Data received other healthcare professionals as part of your ongoing care

10 years after last contact or until age 25, whichever is later

Contract – in order to provide the service or products you have requested

Where health data is processed, we do so for the provision of healthcare.

Hearing care service and products

Name, date of birth, telephone numbers, address and email

Current and past health and medication information, family history, your examination results, and lifestyle information.

Data received other

healthcare professionals as part of your ongoing care

10 years after last contact or until age 25, whichever is later

Contract – in order to provide the service or products you have requested

Where health data is processed, we do so for the provision of healthcare.

Reminders

Name, email address, address, telephone numbers

10 years after last contact or until age 25, whichever is later or until asked to stop

by you

Contract – In order to provide the ongoing service appointment reminders are

sent

Marketing

Name, email address, address, telephone number

Until asked to stop by you or until consent withdrawn by you

Legitimate interests – we will provide information which we believe is of genuine interest to you.

Consent – you have given consent to receive information about products or services that are of interest to you

Credit/Debit card payments

Cardholder name, card number, security number

Duration of the transaction

Contract – you have agreed to provide these details to pay for the service or

products ordered

Collection of online identifiers for analytical purposes

(Cookies)

Cookie information IP address

Device ID Session ID

Interaction history Website feedback

See Cookie Policy- alldersopticians.com/cookie- policy/

Consent – Ensuring visitors get the best experience.

 

We treat all personal data as sensitive but acknowledge that we also process special category data

including health data and children’s data.

SHARING OF PERSONAL DATA

During the delivery of our service to you, we will share your data with other companies who are essential for the provision of our service to you. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

Where necessary we may disclose your information to health care professionals including the NHS where we have a duty of care or to fulfil our legal obligations. We are compliant with the national data opt-out. For more details and to opt out see: https://www.nhs.uk/your-nhs-data-matters/manage-your- choice/

It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.

We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.

If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.

A full list of processors is available from our Data Protection Officer.

SECURING AND PROCESSING OF YOUR PERSONAL DATA

To provide and manage our services your electronic data is stored and processed by Optix, which has appropriate security processes in place.

Your data is also stored within our own IT systems, which are secured to prevent access or intrusion by anyone who is not authorised to have access to your data. Our practices are operated to ensure that all records and equipment holding your personal data are physically protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we will inform you if the loss or unauthorised access of your data has potential to cause you harm. We may report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

YOUR RIGHTS IN RELATION TO PERSONAL DATA

Under UK data protection law, you have following rights which you can exercise by emailing our Data Protection Officer.

 

Right

Explanation

Right to be Informed

This means that we have to be transparent in how we collect and

use your personal data

Right of Access

You have the right to access your personal data.

Right to Rectification

If the information we hold about you is inaccurate or incomplete

you can request that we correct this

Right to Erasure

You can request that we delete or remove personal data in certain

circumstances

Right to Restrict Processing

You have the right to request that we cease processing your data if you consider it inaccurate or incomplete and/or

you object to the reason we’re processing your data

We will review the validity of your request and respond to you with our decision

Right to Data Portability

Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can

request a copy of that data be provided to a third party

Right to Object

You have the right to object to our processing in certain

circumstances and an absolute right to object to direct marketing

Rights relating to Automated Decision- Making including Profiling

We do not use automated decision-making or profiling

Where automated decision-making is applied, organisations must give you information about the processing

introduce simple ways for you to request human intervention or challenge a decision

carry out regular checks to make sure that our systems are working as intended

HOW TO CONTACT US?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer:

Data Protection Officer:             Amicis Data Ltd t/a Clinical DPO Phone Number     0203 411 2848

Email:                                       AlldersOpticiansDPO@clinicaldpo.com

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioner’s Office call: 0303 123 113 or visit: https://ico.org.uk/make-a-complaint/ or Make a complaint | ICO