Privacy policy

Why we collect and process your personal data

Taank Optometrists is a registered data controller. This privacy notice sets out our privacy policy.

We collect and process patients’ personal data for the purposes of healthcare and marketing.

Our legal bases for processing personal data for healthcare purposes, including appointment reminders, include public task or legitimate interests.

  • When we provide services under the NHS General Optical Services contract (such as a sight test funded by the NHS), our legal basis for processing personal data in respect of that service is public task
  • Otherwise our legal basis is legitimate interests

Our condition for processing special category data is the provision of health or social care.

We process our patients’ personal data for marketing purposes with their consent or to meet a legitimate interest. This means we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.

The data we may collect and process

The personal data of patients that we may collect and process includes:

  • Your name, contact details and personal identifiers (such as date of birth and NHS number)
  • Your general and ocular health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about
  • Details of medicines, spectacles and contact lenses prescribed for you
  • Details of examinations and other healthcare checks and treatments we provide
  • Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives

How we hold and share your personal data

We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.

We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.

In the course of processing your personal data we may share it with:

  • The healthcare professionals working at this practice and those under their supervision
  • Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them
  • Your GP, ophthalmologists and other healthcare providers and commissioners, and suppliers of optical appliances or similar products, in connection with your ongoing healthcare treatment
  • Software providers for our patient record, data back up and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you

Your rights

You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights at ico.org.uk. The rights that are most relevant to the way in which we use your personal data include:

  • The right to be informed about how we use personal data – this privacy notice gives that information
  • The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests
  • The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
  • The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)
  • The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you

Contacting us and the ICO about your personal data

Please speak to us first if you have any questions or concerns about the way in which we process personal data.

You have the right to complain to the ICO if you have a concern about our handling of your personal data which you do not think we can resolve. You can contact the ICO at www.ico.org.uk

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Cookie policy

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website onto their computer’s hard drive they should take necessary steps within their web browser security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer hard drive in order to track and monitor your engagement and usage of the website but will not store, save or collect personal information.

Updates

Our Privacy Policy may change from time to time and all updates will be posted on this page.

If you feel that we are not abiding by this privacy policy, you should contact us immediately.