Privacy Policy

Percy Harrison Opticians are committed to the highest privacy standards. We only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or anything else relevant to your ongoing care.

This policy provides detailed information on when and why we collect your personal information, how we use it, and the very limited conditions under which we may disclose it to others.

Collection of your personal details

Percy Harrison Opticians is a registered data controller. We collect and process clients’ personal data for the purposes of healthcare and marketing.

Our legal bases for processing personal data for healthcare purposes, including appointment reminders, include public task or legitimate interests.

  • When we provide services under the NHS general optical services contract (such as sight test funded by the NHS) our legal basis for processing personal data in respect of that service is public task

  • Otherwise our legal basis is legitimate interest.

Our condition for processing special category data is the provision of health or social care.

We only process our clients’ personal data for marketing purposes with their consent or to meet a legitimate interest. This means that we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.

The data we may collect and process

The personal data of clients that we may collect and process includes:

  • your name;

  • your date of birth;

  • your contact telephone numbers (including mobile);

  • your email and postal address ;

  • your general and ocular health history, your family medical and ocular history, and any relevant signs or symptoms that you tell us about;

  • details of medicines spectacles and contact lenses prescribed for you;

  • details of examinations and other healthcare checks and treatments we provide;

  • information relevant to your continued care from other people who care for you or know you well such as other health professionals and relatives;

  • any other information voluntarily provided to us by you from time to time.

How we use this information

We may use your personal information for the purposes of:

  • your ongoing eye care;

  • letting you know when your next appointment is due and reminding you to book an appointment if you've not had one for a while;

  • providing our products and services to you;

  • notifying you about changes to our products and services;

  • letting you know of relevant products or services that we believe would be of interest to you;

  • obtaining feedback on services and products that we have provided to you;

  • responding to queries from you;

  • processing and retaining personal data relating to your credit/debit card and other details to enable the fulfilment of your orders and to deal with any queries or refunds of payment;

  • carrying out security checks to protect against fraudulent transactions at or following any purchase order you make to prevent and detect criminal activities;

  • responding to and addressing any claims made against us;

  • maintaining records for tax, compliance with laws, defensive claims and other corporate purposes;

  • managing and administrating insurance claims.

How we store your information

We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.

Personal information will be retained by us for as long as it is reasonably necessary [or as defined under the applicable healthcare laws and regulations] to provide products and services including aftercare services and to maintain records as required to satisfy tax and other legal or regulatory requirements as well as to protect and offend against claims.

We will usually keep any personal data we hold about you for 10 years after we have lost contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collect the data when you were aged under 18, we will keep it until your 25th birthday (in line with the NHS requirements). In exceptional cases, we may need to retain personal data for a longer period and will explain our reasons for doing so on request.

When we may share your personal information

Where necessary we may disclose your information to healthcare professionals including the NHS. We may also pass information to external agencies and organisations, including the Police, for prevention and detection of fraud and reporting any suspected criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

In the course of processing your personal data we may share it with:

  • healthcare professionals working at this practice and those under their supervision;

  • healthcare professionals, and those under their supervision, at other optical practices but only if you have specifically asked us to pass your personal data [such as your prescription] to them;

  • your GP, Ophthalmologists or any other healthcare providers or commissioners, suppliers of optical appliances (or similar products) in connection with your ongoing healthcare treatment;

  • software providers for our patient record and invoicing systems or financial institutions, so that we can keep patient records up-to-date and manage any payment for services we may provide to you;

  • external agencies and organisations, including the Police and other law enforcement agencies, for the prevention and detection of fraud [including fraudulent transactions] and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks;

  • in the event that we buy or sell the business or any associated assets, we may disclose personal information about customers to the prospective buyer or seller of such business or assets;

  • if we, or substantially all of our assets, are acquired by a third party, personal information held by us about customers will be one of the transferred assets.

  • we may pass certain personal information to your employer, where you have been referred to us as a corporate eye care customer;

  • we might pass your personal information to third parties in order to comply with any legal obligation (including court orders) or to enforce the terms and conditions of use of website, or any other agreements we may have with you, solely to protect our rights, our property and/or the safety of our clients, employees or other third parties.

Your rights

You have legal rights in respect of the personal data we hold about you. The Information Commissioner's Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:

  • the right to be informed about how we use our personal data – this Privacy Policy provides that information;

  • the right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes, where our legal basis is legitimate interests (see “collection of your personal information” above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests;

  • The right of access – if you ask us for the personal data we hold about you, we will provide it within a month, free of charge (unless we have already provided it to you within the last 12 months, in which case, we reserve the right to charge you an administrative fee to cover the cost of providing it again).

  • The right to rectification – if you ask us to correct personal data that we hold about you that is inaccurate or incomplete, we will do so within one month (unless we need longer, in which case we will discuss this with you).

  • the right to erasure (also known as the “right to be forgotten”) – if you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see “how and when we may share your personal information” above) while we have a duty to keep accurate records. For example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you.

How we protect your personal information

We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.

As effective as modern security practices are, no physical or electronic security system is entirely secure so we cannot guarantee that complete security of our database, nor can we guarantee that information that you supply will not be intercepted while being transmitted to us over the Internet. Any transmission is at your own risk.

In the event that there is an interception of your personal information or unauthorised access or use of our database, we will not be liable or responsible for any resulting misuse of your personal information.

We have no control over the contents of third party sites or resources which are linked to our website. We accept no responsibility or liability for them, or the privacy practices they use, or for any loss or damage that may arise from your use or such websites or resources.

Privacy policy updates

We reserve our right to make any changes and updates to this privacy policy without giving you notice as and when we need to. The most up-to -date Privacy Policy will always be available on our website.

Contacting us and the ICO about your personal data

Please speak to us first if you have any questions or concerns about the way in which we process your personal data. You can contact us by e-mail or by writing to us, please address any letter – FAO: Data Protection Officer, Percy Harrison (Opticians) Ltd., 117 Elm Grove, Southsea, PO5 1LH.

You have the right to complain to the ICO if you have a concern about our handling of your personal data, which you do not think we can resolve.

Cookies

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by online service providers, including us, in order to work more efficiently, as well as to provide reporting information.

The cookies we use include:

  • Essential Cookies – these are strictly necessary cookies that enable the site to function as intended and are mainly used to effectively operate our website and securely capture you may send us (for example, via our contact form)..

  • Analytical & Performance Cookies – these enable us to monitor the performance of our website (content loading, page speeds, etc.) to ensure that everything is functioning correctly to ensure you have the best online experience on our website.

Last updated 28 January 2023