Privacy policy

Introduction

We care about our customers and are committed to taking care of their personal data. We safeguard your privacy by keeping your personal data secure and process personal data where we have a lawful basis to do so. We aim to be clear and transparent as to why and how we use your personal data and draw your attention to your rights as a data subject.

In this Privacy Notice, we tell you about:

  • Your rights and how to contact us so as to exercise these rights.
  • The personal data that we collect, our uses of the data and the legal basis for processing.
  • The recipients or categories of recipients to whom your personal data are disclosed.
  • Where data is transferred to a third country or international organisations, the safeguards that we rely, in the absence of the recipient country having received an adequacy decision.
  • Information relating to the criteria used to determine how long personal data is retained.

This Privacy Notice applies to customer personal data that we process and includes data collected, for example, in our stores, from our website, via the use of online forms, social media, emails, complaints, customer satisfaction surveys, written correspondence and information gathered with speaking to you.

In this Privacy Notice, when we refer to ‘you, your’, we mean the person whose personal data we collect, use and process. This includes anyone who engages with us in connection with the products and services we provide or who interacts with us in another manner, for example, in store or by using our website at www.gardineropticians.co.uk

For our use of cookies on our website, please read our cookie policy.

This policy does not apply to other companies or organisations (which advertise our products and services and use cookies, tags and other technology) who process your personal information to offer online advertisements to you. You can link to other organisations’ websites, apps, products, services and social media from our websites. You should review their privacy policies before giving them your personal information.

About us

This Privacy Notice applies to Gardiner Opticians – 9 Church Road, Burgess Hill, RH15 9BB

How to contact us

You can contact us in a number of ways:

  • Email us at info@gardineropticians.co.uk including if you want to escalate a matter to the Data Protection Officer. We will aim to acknowledge receipt of your email within 48 hours.
  • Call us on 01444 248277

Write to us at Gardiner Opticians – 9 Church Road, Burgess Hill, West Sussex, RH15 9BB

  • Protecting your confidentiality

To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make when exercising your rights or sending a complaint.

Our responses may include sensitive personal data and confidential data, so in certain instances we require:

That your requests are given to us in writing (including email) or are given verbally.

Details of identity; including as a minimum, first name, last name, address and date of birth.

Please note – in most instances access to your personal data is free of charge. However, we do reserve the right to charge a fee for repeated requests.

We are only able to comply with requests that relate to personal data held in accessible, structured filing systems for which we are the data controller.

Your rights

Your rights:

Right of access (also known as a Subject Access request):

  • At your request, we will confirm whether or not we are processing your personal data.
  • You have a right to receive a copy of your personal data that we process.
  • You have the right to consent to us making your personal data available to a third party.

Right of rectification

You can request that incorrect or inaccurate information is corrected.

We will:

Once we have received sufficient information to process your request, we will make your information available to you within the regulated timeframe.

We will make your personal data available to a third party if you have consented to this.

For more information on giving consent to a third party or family member, please see the section ‘Subject Access Requests by Third parties’ below.

We will assess your request but may need to verify the new data that you provide to us, or we may take our own steps to verify that the new data you have supplied us with is correct.

In certain circumstances we may refuse your request for rectification, but in such a case, we will confirm this to you and explain our decision.

Right to restrict processing

In certain instances, you can request that we stop processing some or all of your information, for example, where you believe the information is inaccurate, or you believe there is no legal reason for us to continue to process your personal data.

Where we agree to processing being restricted, we will (with the exception of storage) not process your personal data without your consent, unless we have a legal basis for doing so. This could include, without limiting the right, the need to institute or defend a claim, or we need to protect another individual’s rights.

Right to data portability

You have the right to have information transferred to another entity where this is technically possible.

We will provide your personal data to you in a structured, commonly used method.

Right to object

You have the right to object to the processing of your personal data for purposes of direct marketing or where we use ‘legitimate interests’ as the lawful purpose for processing.

We will record your request and stop processing your personal data for purposes of direct marketing. This may take 28 days to take effect after receiving your request.

We will stop processing your personal data where we rely on ‘legitimate interests’ as the lawful basis for processing unless we believe that we have a legitimate overriding reason to continue processing, or we need to defend any legal claims against us.

Right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to withdraw your consent.

We will stop processing your personal data for the purpose that consent was given upon your consent being withdrawn.

Right to Erasure

You have the right to request that we delete the personal information we hold on you. You have the right to have your personal data deleted only in the following circumstances:

  1. Where we no longer need your data for the purposes it was originally collected.
  2. Where you have withdrawn consent that you had previously given.
  3. Where you object to us processing your data and we have no overriding legal reason to continue processing it.
  4. Where the personal data has been unlawfully processed.

Where law requires us to delete the personal data.

We will assess your request and confirm if your request can be actioned. We are not always obliged to erase personal data as legislation or contracts that we have entered into may place an obligation on us to retain personal data for a period of time.

Where we have been asked to erase your data but have a obligation to keep it, we will:

  • Inform you of the obligation.
  • At your request, suppress your record to ensure that no further communications are sent to you.

Right to lodge a complaint with a supervisory body e.g. the ICO in the UK or the Data Commissioner in the Republic of Ireland.

The contact details are as follows:

  • ICO – Information Commissioner Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113. Email: casework@ico.org.uk

DPC – Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Eire, Republic of Ireland.

What data do we collect?

We collect personal data in a number of ways, including when you visit a store, via our websites, by phone, email, post, social media and any other engagement that we may have with you.

The type of personal data we collect is:

  • Information collected when booking an eye examination, for example, your name and surname, address, contact details (phone and email), date of birth, age and the store that you select.
  • Medical and health information concerning current or past eye health and other general health conditions, details of glasses or contact lenses prescribed, your medication, correspondence and reports between your optometrist, your GP or ophthalmologist.
  • Your prescription and other information relating to your eyes or eye health forming part of your eye examination or needed to dispense glasses or contact lenses.
  • Results and recommendations made by the examining optometrist, retinal photographs, referrals, optometrist comments.
  • Information received from other health or medical professionals, including the NHS.
  • Details of your purchases including past orders, any discounts applied as well as refunds processed.
  • Membership subscriptions that you have with us.
  • Your payment details and payment behaviour (where relevant).
  • Your marketing and communication preferences.
  • Information relating to your lifestyle and hobbies.
  • Relevant personal information about others e.g. your family history, next of kin, contact details of your family that you provide to us.
  • Feedback and survey responses.
  • Your correspondence with us either in writing or by phone e.g. details of queries, complaints, call recordings or notes taken during conversations, requests for access to information and other requests exercising your rights.
  • Any other information you have voluntarily given us.
  • Information that we have collected from a third party, if it is legal to do so.
  • Information that provides marketing and advertising assistance.

How and why do we use your personal data?

Your personal data is processed for the following reasons, so that we can provide you with the best possible eye health care and customer experience. Here’s how we use your data:

1. To provide professional eye care services:

  • To book and confirm your appointment for an eye examination. We will send you a confirmation if you book online and a courtesy reminder will be sent a short period before the appointment is due.
  • To carry out an eye examination so that we can understand the status of your eye health and any medical or other conditions.
  • To formulate your prescription so as to determine your needs for eyewear and for purposes of dispensing your eyewear.
  • To carry out aftercare services, for example, where you have purchased contact lenses from us.
  • To send you eye test reminders. Changes in your eyesight are usually very gradual, so regular eye tests are important. The recommendation is to have your eyes tested every two years, unless your optician prescribes otherwise. We’ll send you a reminder shortly before the end of the recommended recall period, and send you further reminders if we don’t hear from you.
  • To notify you that products that you have purchased are available for collection.
  • To refer you to other medical or health professionals, or to the NHS.

2. To process transactions

We will process your personal data:

  • So that we can provide our products and services to you and process any transactions, including payments, when you purchase our goods and services, or refunds.
  • In respect of payments made to us as well as payments using card processors where payment is processed using a credit or debit card.
  • And will make the required personal data available to third parties where you wish to conclude an agreement with that third party. For example, you may wish to apply for and enter into a payment arrangement with a third party, or you may want to apply for and obtain insurance over the product that you have purchased.
  • To meet our contractual obligations to third parties e.g. the NHS.
  • To ensure delivery of goods to your nominated address where you elect not to collect the goods from a store.

3. To communicate with you

  • We send you services messages which may including communications about eye health, vision correction and information on how to look after the health of your eyes.
  • We may send you messages to notify you of any relevant changes, for example, to matters that could affect or inconvenience you. For example, a change to your usual store’s location, shop opening or closing hours.
  • We may send you direct marketing communications – we will send you information about our products, offers and discounts by email and/or post. You are free to opt out of these communications at any time by contacting us or going online and updating your preferences. For details, refer to the ‘How to contact us’ section.
  • We process your personal data to respond to complaints, queries and any claims made against us.

4. To engage with you via our website

  • If you are just browsing our website, we will not collect any information which will identify you by name, unless you provide this information, for example when rating our products or services.
  • We will process your personal data in order that you can create and manage information in the online account that you have created with us.
  • We will collect information using cookies or traffic data which uses IP addresses or other numeric identifiers, which analyse how people use our website. Please refer to our Cookies policy for more information.
  • We will process your personal data so as to create and administer your online account.

5. Other reasons

  • We may need to provide your personal data to a regulator requesting information when they are carrying out their function.
  • We may also make your personal data available to third parties in terms of a contract that we are bound by or who have the legal right to access your personal data. Examples of third parties are our data processors, companies who provide us with updated personal information (e.g. changes to your address, deceased indicators, etc) external auditors and lawyers, the NHS, the police, social services, etc.
  • We may need to make your personal data available to other optometrists, medical practitioners, health and social care providers or the NHS.
  • For purposes of fraud prevention and detection and for the health and safety of members of the public, our staff and our customers
  • For our Corporate requirements, including mergers and acquisitions.

Third Parties we share data with or receive data from

  • We use technologies such as cookies within digital marketing networks, ad exchanges and social media networks such as Facebook and other social media to get relevant marketing messages across to you and other customers.
  • Delivery or courier companies who we appoint to deliver products that you have purchased from us.

Lawful purpose for processing your personal data

We need a lawful purpose to process your personal data.

1. For processing your special personal data

The services offered by Gardiner Opticians are classified as health services. Health service providers are permitted to process your special personal data (for example, information relating to your health, medical information, etc) as processing is necessary for the purpose of your eye health care or treatment, or for purposes of preventative or occupational medicine, medical diagnosis and for the assessment of the working capacity of an employee.

If we wish to process your special personal data for another purpose, we must have a lawful purpose to do so, which may be the following:

(i) by getting your consent to process your personal data;

(ii) processing is necessary to establish, exercise or defend legal claims or whenever courts are acting in their judicial capacity;

(iii) processing is necessary in the public interest in the area of public health, subject to local laws and safeguarding measures (in particular professional secrecy) or

(iv) processing is necessary for archiving purposes in the public interest, scientific or historical research or statistical purposes, subject to local laws.

2. For processing your personal data

We rely on legal obligations where we have a statutory or other legal obligation to process the information:

  • To meet our obligations as registered and dispensing optometrists. The provision of eye health services in the UK is regulated by the Opticians Act and the Rules issued by the General Optical Council. In the Republic of Ireland, the provision of eye health services is regulated by the Health and Social Care Professional Act and the Optical Registration Board bye-laws. They legally require us to collect and process your personal data including special categories of your data.
  • To make your personal data available to other optometrists, medical practitioners, health and social care providers.
  • To generate and issue invoices.
  • Regulators may request information when carrying out their functions.
  • Other third parties who have a legal right to access personal data e.g. the police, our insurers, lenders, external auditors and investigators.
  • Other companies who provide us with updated personal information e.g. changes to your contact information, deceased indicators.
  • If you choose to exercise your data rights e.g. requesting a subject access request.
  • To respond to any complaints or claims we receive from regulators or other third parties.
  • For purposes of fraud prevention and detection.
  • For purposes of health and safety of members of the public, our staff and our customers.
  • Corporate requirements including mergers and acquisitions.

We rely on contractual obligations when we process your information to fulfil a contract that we have entered into with you:

  • To process any transactions when you purchase our goods and services.
  • To process credit and debit card payments as well as payments using payment card processors. We provide your information to the relevant bank in order that they can process payment of a transaction.
  • For purposes of us providing our products and services to you, including without limitation our aftercare contact lens service.
  • To deliver products purchased to your nominated address.
  • To meet any other contractual obligations that we have undertaken to you.
  • To meet the contractual obligations that we have with the NHS – the NHS Optical contract defines that we have to keep up to date and accurate patient and medical records and provide details of any NHS funded eye tests or purchases to the NHS.

We rely on your consent:

  • To provide your personal data to a third party who does not have a legal right to receive the information, for example a lawyer, a friend, a member of your family who does not have parental responsibility over a child.
  • Received from a child to provide personal data to a parent, where the child has been deemed capable of giving consent.
  • When you enter a competition.
  • In order for a third party to provide you with payment options. In this case, we will pass the required information to them in order that that they can assess where you qualify for the payment method, and to tailor payment methods which they think may be suitable for you.
  • To provide your personal data to insurance companies where you wish to apply for insurance cover that you wish to take up. We will pass your contact and other personal data to the insuring company so that they can assess whether you qualify for insurance cover.

Where your personal data is transferred to a third party, for example, the bank, a lender or an insurer, these parties are data controllers and personal data that is transferred is processed in line with the recipient’s own privacy notice.

We rely on our Legitimate Interest when we process your information for any of the following purposes:

  • Sending service or direct marketing communications to you.
  • Booking an appointment for an eye examination.
  • Sending your reminders that your eye test is about to become due or is overdue.
  • Processing and reporting financial transactions.
  • Instituting and defending legal or other claims.
  • When you respond to questionnaires and surveys.
  • For purposes of market research and statistical analysis.

Our legitimate interests are derived from our requirement to protect and grow our business, including our commercial and financial interests, as well as our desire to retain existing and attract new customers.

We rely on Vital interests to process your personal data in certain circumstances.

As we collect information regarding your eye health, in exceptional circumstances we may be required to provide this information to another medical or healthcare provider for your safety and to prevent significant harm. For example, in exceptional circumstances we may provide information regarding your eye health to your hospital if you were unable to give us consent.

How long do we process personal data?

We will keep your personal data for as long as is reasonably necessary to provide our products and services, including aftercare services, and to maintain records as needed to satisfy tax and other legal or regulatory requirements, as well as to protect and defend against claims or allegations. We anonymise your personal data once we no longer need it.

When defining our retention periods, we consider healthcare laws and regulations which apply, contracts that we have entered into with the NHS and recommendations made by industry bodies, for example, the College of Optometrists.

Who do we share your personal data with?

We share your personal data within our group of companies, with data processors with whom we have entered into a Data Processing Agreement, with other medical or health professionals and with trusted third parties as an essential part of being able to provide our services to you. Please be assured we do not sell personal data, and do not provide personal data to list providers for the purposes of marketing.

Examples of third parties we work with to be able to provide our services to you, on our behalf include:

  • Operational companies such as delivery couriers who may deliver products or deliver communication to you on our behalf.
  • Product suppliers who make or provide the products we sell to you.
  • Third parties who we use to help us update your contact information to keep your data accurate.
  • IT and data companies who help support our websites and other business systems.
  • Other medical professionals including other optometrists, medical doctors or the NHS and third parties appointed by the NHS.
  • Public bodies who have the legal right to have access to the information e.g. the police, social services etc.

Subject access requests by third parties

Unless there is a lawful basis to do so, we will not provide your personal data to a third party unless we have your consent to do so. If you have authorised a third party to submit a request for the release of your personal data, they will be required to provide written proof of your consent or to provide a verifiable power of attorney. They will also be requested to provide documentation which identifies them. We require that the consent / power of attorney must:

(i) Be in writing; (ii) Detail your name, address and date of birth; (iii) Provide details of the personal data to be disclosed; (iv) Provide details of the recipient, including contact details and confirmation of identity; and (v) Be signed and dated by you.

Public authorities requiring data under exemptions may request personal data without your consent. These requests must: (i) Be in writing on an official letter head and must be signed; (ii) Provide full details of the affiliation or organisation; (iii) Provide full details of the requester, including name, rank or position as well as verifiable contact information; (iv) Provide the name, address, date of birth of the data subject, and specify the information being requested; (v) confirm the lawful basis for the request and the reason for the request (unless the requestor is not permitted to do so, being bound by confidentiality, professional secrecy or similar); (vi) Must detail the format and means by which the response is to be communicated.

All requests by authorities must be addressed to the Data Protection Officer.

We are only able to comply with requests that relate to personal data held in accessible, structured filing systems for which we are the data controller.

Last updated 7 May 2022.

We may update this privacy statement from time to time. Any updates will take effect as soon as they are posted on our website.

All of our rights are reserved.