1. Who are “we”?
In this policy, “we”, “us” and “our” mean the Yorkshire Eye Specialists LLP. Our registration number with the Information Commissioners Office is ZA209259.
3. What information do we collect?
If you choose to access our services, we collect information from you that we require as part of your medical record so you can receive care and treatment.
The personal data we collect includes your name, date of birth, postal address, email address, contact telephone numbers, registered GP, next of kin and their contact details.
The medical data we collect pertains to your eye health, glasses prescription, general health, medications, eye examinations, results of investigations, scans and photographs, treatment notes and information received from other health professionals.
The purchase data we collect pertains to the services or products you have received from us.
You can access our website anonymously and without giving us any information about yourself, but we do collect the information you provide if you choose to subscribe to our mailing list or if you respond to a survey or fill out a form.
4. What do we use your information for?
The personal data that we collect allows us to provide the professional eyecare service, product or essential information that you request from us. We keep your personal data, together with details of your care, because it may be needed if we need to see you again and it allows for your continuity of care.
Where you have given us consent to do so, we use your information to keep you informed about your eye care and upcoming appointments and to give you the opportunity to provide feedback to us about the service you have received. This helps us to better respond to your individual needs and improve our service to you.
Your clinical information will only be disclosed to those involved in your treatment and care, or to their agents, and, if applicable, any person or organisation who you have stated may be responsible for meeting your treatment expenses, or their agents.
Your information also allows us to meet our regulatory obligations, for example if you choose to exercise your data rights, allows us to process your transactions when you pay for our services or products and so we can respond to any complaints or queries.
5. How do we protect your information?
The security of your data and our information systems is incredibly important to us. Threats to data security are constantly evolving and we therefore have robust security measures in place to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed illegitimately.
Our databases are only accessible to the business owners and employees who are authorised to view them and who have special access rights to such systems.
Emails sent to you, which contain personal and/or sensitive data, will be sent in an encrypted format using either Microsoft’s Office 365 Message Encryption (OME) or the Egress encrypted message platform. This does not include emails about appointment reminders, feedback requests, replies to an information request from you or requests for you to make contact with our administration team.
We have policies and procedures in place to deal with any suspected data breach and processes to notify you and any applicable regulator of any breach where we have a legal requirement to so.
Our employees complete mandatory information security and data protection training when they start with us and on an annual basis thereafter to reinforce their responsibilities and requirements.
Cookies are small text files containing information that a website transfers to your computer. Your computer stores cookies in a file in your web browser. Cookies enable the website to recognise your browser and capture and remember certain information.
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly.
7. Do we disclose information to third parties?
Please be assured, we do not sell your personal information to third parties or provide personal data to list providers for the purposes of marketing.
We may have to share your personal data with
- Companies or hospitals who provide services to us.
- Service providers who provide IT and system administration services.
- Personal advisors including solicitors, auditors and insurers.
- Government bodies that require us to report activities.
In the case of subject access requests, we will not provide personal data to third parties unless we have your consent, or we have a legal obligation to do so. If you have authorised a third party to submit a request for the release of your personal data, the third party will need to provide written proof of your consent or an original or certified power of attorney.
8. Links to third party websites
This policy was last modified on 05/02/2021.