Last updated May 2018
You have trusted us to take care of your eye and hearing needs so you can completely trust us with your privacy and personal information. We are committed to the highest level of privacy standards. However you interact with us we only collect data that is necessary for us to deliver the best care and service possible, to ensure you are reminded about appointments or anything else related to your on-going care. This privacy notice provides information on when, how and why we collect your personal information, your privacy rights, how the law protects you and the very limited conditions when we may disclose it to others.
In this privacy notice any reference to you is the person whose personal information we collect, use and process. This will include anyone who contacts us in connection with the products and services we provide or who interacts with us in any other way such as our website www.leightons.co.uk or in practice.
The personal data of patients that we may collect and process includes:
This information is generally collected from you as you have voluntarily provided to us. Where lawful to do so we may also collect information from other sources such as the NHS, other health care providers, from individuals authorised to provide information (e.g. parents or legal guardians), financial institutions, government, tax or law enforcement agencies. We may also collect personal information from your use of other Leightons Group websites or services.
The information we collect about you is for the purposes of healthcare to ensure we provide you with the very best and appropriate advice, care, products and services you’ve requested and other purposes e.g.:
We only process your information where we are allowed to on the legal basis of:
Your personal information will be retained by the Leightons Group for as long as reasonably necessary (and as defined by health, legal and tax laws and regulations) for us to continue to provide you with products and services. We are also required to maintain records for legitimate purposes e.g. to satisfy tax and other legal requirements, to help us respond to queries or for other reasons e.g. responding to requests from regulators and the NHS and to protect and defend against claims.
We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.
We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.
In the course of processing your personal data we may share it with:
The data we collect from you may be electronically transferred to, stored and processed outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who works for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. For any personal data transfer outside the EEA, we ensure additional steps are taken in line with data protection laws. e.g. they remain on the US-EU Safe Harbor list and are certified under the EU-US Privacy Shield. These frameworks were developed to establish a way for companies to comply with the same data protection requirements when transferring personal data from the European Union and Switzerland to the US and Canada
We will ensure all reasonable steps are taken so that your data is treated securely and in accordance with this privacy notice and the requirements of UK Data Protection law
A cookie is a small text file containing information that a website transfers to your computer’s hard disk for record-keeping purposes. A cookie cannot give us access to your computer or to your personal information, and will not identify you by name. However, it will use a numeric identifier which analyses navigation and use of the website.
Most web browsers automatically accept cookies; consult your browser’s manual or online help if you want information on restricting or disabling the browser’s handling of cookies. If you refuse or disable some or all cookies, you can still view the information on our website, but the functionality of certain areas may be reduced.
You have certain legal rights under UK Data Protection Legislation in respect of the personal data we hold about you. The rights that are most relevant to the way in which we use your personal data include:
To ensure we can continue to provide you with excellent eye and hearing healthcare, we are required to send you ‘clinically necessary’ non-marketing material such as appointment reminders, notification when your prescription is due to expire, and when your products are available for collection.
We are updating our communication services so that from May 2018 each email and SMS we send, will have a link for you to update your contact details and personal preferences for communications from us and via which method. For those patients registered with MySight you can log in and book appointments, amend your contact details and your communication preferences via https://leightonsopticians.mysight.uk/Home/Welcome.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Modern physical and electronic security systems are not entirely secure and we cannot guarantee the complete security of our database. The transmission of information through the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to the website through the internet; any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Please speak to us first if you have any questions or concerns about the way in which we process personal data. You can contact us at: The Data Protection Manager, Leightons Holdings Limited Registered Office, Clarendon House, 63 Downing Street, Farnham, Surrey GU9 7PN or email firstname.lastname@example.org, or by telephone: 01252 823400.