Privacy Policy

Last update - 30/07/2024

Privacy policy for our website

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

Privacy policy from our practice

We receive, collect and store any information you give to us on our Practice management software provider Xeyex Ltd.

Key Points:

• Encryption between the practice computers and cloud servers is 256-bit SSL securely encrypted

• Access to data is restricted by the business owner (Scartho eyecare Ltd) by means of user accounts with varying permissions

• Data is held in a purpose built high security data centre

• Data is held in an encrypted stated when it is not being used (encryption at rest)

• Data is replicated in real time so that 3 copies of the live data always exist

• Data is backed up nightly and 30 days worth of data is store

Data processing and infrastructure at Xeyex Ltd.

Xeyex act in relation to customer data as a Data Processor under the Data Protection Act 2018 (and the General Data Protection Regulations). Xeyex have implemented technical security measures (password, firewall and IP restricted controls) to prevent unauthorised access, accidental loss or destruction/ damage. Xeyex have soft control measures where our employees are explicitly engaged by way of contract of employment to strict confidentiality measures for the non-disclosure of data.

In line with requirements of DPA/GDPR, Xeyex operate data centres that reside fully within the EU, namely Dublin and Amsterdam. Xeyex contract with Microsoft directly for these services and have contractual agreements in place, as well as encryption protocols to prevent unauthorised access to data. Connection between the end user (Scartho eyecare) and our data centre is encrypted industry standard SSL encryption protocols, and access within the practice is further controlled by the customer by means of Access Control functionality per user, allowing that data is exposed only to those individuals that require it. Xeyex’s business hours system infrastructure runs across multiple load balanced servers, with real-time multiple copies of data being held, as well as having a failover facility in the event our primary data centre was to suffer permanent damage or an outage.

Data handling from our practice

We hold various pieces of information about you including your name and address, and clinical details such as the state of health of your eyes, your spectacle and/or contact lens prescription, and copies of any letters we have written about you or received from other professionals, such as your doctor. You are entitled to a copy of this information. If you wish to see your records, please ask Rob Eastwood and we will respond as quickly as possible and in any case are required to do so within 30 days. If you require independent advice, contact the Information Commissioners Office at www.ico.gov.uk.

We adhere to the guidelines of the College of Optometrists and the Data Protection Act and will not pass any of your personal information to a third party without your consent unless there is a clear public interest duty to do so. You will need to provide us with your consent if you wish us to pass your information to another optometrist.

If you are an NHS patient, we are obliged to provide the portion of your record that relates to NHS services to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that we have been paid for, and to improve quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as a sight test or spectacles) as part of this monitoring.

Within the practice we may use the information to analyse trends, or to audit our performance. This enables us to monitor and improve the quality of care that we offer you. Wherever possible (i.e. if we do not need to know who an individual patient is) we will only analyse trends from anonymised information.

If you have any queries about this please contact us and we will be happy to help.

Contacting you from our practice

We will generally contact you when:
- You are due your next appointment with us
- We have a new product / promotion / discount that we feel you would be interested in
- Your ordered products are ready for collection.

Privacy policy updates ​

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.


How we look after and safeguard information about you in practice

 

Our optical practice and its staff are members of your local healthcare team.

They aim to provide you with the highest quality of healthcare. To do this they need to keep records about you, your health and the care we have provided or plan to provide to you.

We know that you value your privacy and the security of personal information held about you.

 

Information recorded

Information recorded may include:

·        basic details about you, such as address, date of birth, next of kin;

·        details of your spectacle or contact lens prescription;

·        details of glasses or contact lenses supplied to you;

·        other details and notes about your health and medical treatment;

·        records of medicines you have been prescribed by your doctor;

·        information relevant to your continued care from other people who care for you and know you well, such as other health professionals and relatives.

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details about your ocular health, your general health, advice given and referrals made to other health professionals. This information won’t be shared with anyone else except under the circumstances described below in ‘Sharing Information’.

 

Sharing Information

The information held about you will not be shared for any reason, unless:

·        you ask us to do so;

·        we ask and you give us specific permission;

·        we are permitted by law, for example where public interest overrides the need to keep the information confidential.

The types of people we may ask you for permission to share information with include your doctors (GP and hospital) and other health professionals.

Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions of the types listed above.

Your Rights

You have the right to confidentiality under the Data Protection Act 2018, the Human Rights Act 1998 and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply).

We also comply with the NHS Code of Practice on Confidentiality and optical practices have a requirement under their professional Code of Ethics to keep records about you confidential, secure and accurate.

All of our staff contracts of employment contain a requirement to keep patient information confidential.

 

Our guiding principle is that we hold your records in strict confidence.

 

Your right to view your health record

You have the right to ask for a copy of all our records about you.

Your request must be made in writing to the optical practice holding your information. We are required to respond to your request within 1 month.

You will need to give adequate information in order for optical staff to identify you (for example, full name, address and date of birth).

If you think any information we hold on you is inaccurate or incorrect, please let us know.

Point of contact

A.Betts, 11 Waltham Road, Scartho, Waltham, Grimsby, DN33 2LY

Tel: (01427) 877235