At Stephen Evans Optometrists we are committed to the highest privacy standards. However you choose to interact with us, we will only collect data that is necessary for us to deliver the best possible service and ensure you are reminded about appointments or anything else relevant to your ongoing care. This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
Collection of your personal information. In addition to your basic contact information (name, date of birth, telephone numbers and your addresses) we will collect other relevant details including current and past health and medication information, your examination results, payment details and lifestyle information. We may also store associated information received from other health care professionals as part of your ongoing care. This information will not be disclosed or sold to any third parties.
How we use this information. The information we collect about you is used to ensure we provide you with the best and most appropriate products and services. In addition to your ongoing eye care, we will remind you when appointments are due and suggest relevant products or services that we believe would be of interest. We use your contact information to respond to queries from you, and where appropriate your bank details to collect Direct Debit payments as agreed. We may occasionally contact you to ask for your feedback on services we have provided and to offer the opportunity to trial new products.
Our policy on storage, processing and retention of your information. To provision and manage our services, your data is stored and processed by Optix Software Ltd within their UK facilities that are certified to ISO27001 (This includes personal details entered via the MySight online booking system). Your clinical images (Optomap, OCT and Visual Fields) are stored securely on our in practice dedicated and encrypted server. In addition to this the images are backed up every night onto an encrypted external hard drive with an up to date copy being kept securely off site to protect your data in the event of a fire or flood affecting our computers. We do not keep or record any credit / debit card details. Direct Debit information is held securely on on our own dedicated in practice computer server as above. Any third-party company is only permitted to process your data for the specified purposes and in accordance with our instructions. We retain your information for as long as reasonably necessary to provide our products and services and to maintain records to satisfy tax and other legal requirements.
How and when we may share your Personal Information. Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
Confidentiality. We strictly abide by the rules of confidentiality that govern the use of healthcare information. We observe the guidelines recommended in the Caldicott report protecting the confidentiality of patient information and enabling appropriate information-sharing. We use our patient records in a way that respects your rights and promote health and wellbeing. No patient identifiable referrals or records will be sent by email (unless you give us express permission to do this). Referrals will be sent by post (or fax followed by a phone call if urgency is required).
Updating your communication preferences. You may ask that we do not send you communications using any of the contact details we hold on our records, this may include your email, SMS, telephone and postal information. You may also request we restrict our communications to clinically necessary messages. Your personal preferences can be changed at any time by using the link at the end of every email and SMS message we send or by using our contact details below.
Your rights with respect to the Personal Information we hold. You are entitled to access the personal information that we hold on you; any such request should be made using our contact details below. If any data we hold is inaccurate, this will be corrected promptly on request. Under Article 17 of the GDPR regulations individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Optical records are required to be kept for a minimum period and therefore cannot be erased under this regulation.
Cyber Security. To mitigate against a Cyber threat we have an active firewall which is automatically updated as threats change. All of our computers have been upgraded to Windows 10 and are maintained with the latest security patches. Additionally our hard drives have been encrypted and we use a multi layered password protocol that has a high degree of complexity that demands regular re-sets.
Theft. All of our hard drives including external back ups and pen drives are encrypted so that the data will not be accessible in the event of theft.
Our Website. Our website collects and uses personal information purely for site visitation tracking. As with most websites, ours uses Google Analytics to track user interaction. We use this data to determine the number of visitors to our site, to better understand how they find and use our web pages, and to see their journey through the website.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Should you choose to contact us using the contact form on our website or by an email link, none of the data that you supply will be stored by this website or shared with any third parties.
If you have any queries or preferences about how we use your information and communicate with you please let us know.
Stephen Evans Optometrists
Ethos, Kings Road Swansea SA1 8AS
Last Updated: June 2018