Privacy Notice

Why we collect and process your personal data

Atlantic Home Eyecare is a registered data controller. This privacy notice sets out our privacy policy.

We collect and process patients’ personal data for the purposes of healthcare and marketing.

Our legal bases for processing personal data for healthcare purposes, including appointment reminders, include public task or legitimate interests.

  • When we provide services under the NHS General Optical Services contract (such as a sight test funded by the NHS), our legal basis for processing personal data in respect of that service is public task

  • Otherwise our legal basis is legitimate interests

Our condition for processing special category data is the provision of health or social care.

We process our patients' personal data for marketing purposes with their consent or to meet a legitimate interest. This means we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.

The data we may collect and process

The personal data of patients that we may collect and process includes:

  • Your name, contact details and personal identifiers (such as date of birth and NHS number)

  • Your general and ocular health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about

  • Details of medicines, spectacles and contact lenses prescribed for you

  • Details of examinations and other healthcare checks and treatments we provide

  • Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives

How we hold and share your personal data

We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.

We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.

In the course of processing your personal data we may share it with:

  • The healthcare professionals working at this practice and those under their supervision

  • Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them

  • Your GP, ophthalmologists and other healthcare providers and commissioners, and suppliers of optical appliances or similar products, in connection with your ongoing healthcare treatment.

  • Your next of kin, if requested and specified by you.

  • Software providers for our patient record and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you

Your rights

You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:

  • The right to be informed about how we use personal data – this privacy notice gives that information

  • The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests

  • The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).

  • The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)

  • The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you

Contacting us and the ICO about your personal data

Please speak to us first if you have any questions or concerns about the way in which we process personal data. You can contact Ben Brewer or Kevin Roberts via our usual practice contact details.

You have the right to complain to the ICO if you have a concern about our handling of your personal data which you do not think we can resolve. You can contact the ICO here.

Our GDPR Record Keeping Policy is viewable here.

Freedom of Information Act (FOI)

This document complies with the requirements of the Information Commissioner’s Model Publication Scheme for Atlantic Home Eyecare in accordance with the Freedom of Information Act 2000 and fulfils the obligations on opticians’ practices under the Act.

Introduction
This is a complete guide to the information routinely made available to the public by Atlantic Home Eyecare.  It is a description of the information about our NHS services that we make publicly available.  It will be reviewed at regular intervals. 

How is the information made available?    
The information within each Class is available in hard copy from:

PO Box 390, Barnstaple, Devon, EX32 2HE

or can be printed from this website.

This guide information
We will publish any changes we make to this guide or relevant information.  We will also publish any proposed changes or additions to publications already available.
    
Cost of Information
For the most part, we will only charge for duplicates of previously-provided information, hard copies, or copies onto media. 

We will inform you of the cost of these charges that will have to be paid in advance.

Accessed from our website – free of charge
Single hard copies – free of charge
E-mail will be free of charge. 


Your Rights to Information
The Freedom of Information Act 2000 is designed to promote openness and accountability amongst all organisations that receive public money.  

Like all NHS contractors, since 1 January  2005 there has been a FOI obligation on optical practices to respond to requests about the NHS related information that they hold, and a right of access to that information has been established in law.  

These rights are subject to exemptions (see below) that have to be taken into consideration before releasing information.

In addition to accessing the information identified in this guide, you are entitled to request information about our NHS services under the NHS Openness Code 1995.

Under GDPR, you are also entitled to access your clinical records or any other personal information held about you and you can contact any practice where your records are held to do this.

Feedback
If you have any comments about the operation of the Publication Scheme, or how we have dealt with your request for information from the scheme, please write to:

PO Box 390, Barnstaple, Devon, EX32 2HE

Classes of Information
All NHS information at Atlantic Home Eyecare is held, retained and destroyed within NHS guidelines.  Our commitment to publish information excludes any information that can be legitimately withheld under the exemptions set out in the NHS Openness Code or Freedom of Information Act 2000, the main reasons being the protection of commercial interests and personal information under GDPR.  This scheme has been written in accordance with those exemptions.  The information on this Scheme is grouped into the following categories:

1) Who we are and what we do
Atlantic Home Eyecare are a domiciliary opticians practice, who visit patients in their own home. The telephone number is 01271 590039.
Details of the opticians and optometrists employed in our practice can be obtained by contacting the practice directly.
Alternatively, details of all opticians and optometrists registered in the UK are available from the General Optical Council Tel: 0207 580 3898.
Company Registration number: 11006502

2)    Financial and funding information: what we spend and how we spend it.
For every sight test performed on behalf of the NHS the practice receives a set fee, which is fixed nationally. This practice also carries out the following enhanced services on behalf of the NHS: domiciliary examinations. The fees paid by the NHS for each service are available from the practice on request. They include a contribution towards optometrists’ and staff salaries, equipment costs and other practice overheads. Information in this class will be published only where it is unlikely adversely to affect the commercial position of the firm or practice.

3)     Our Priorities
To provide our patients with high quality eye care

4)     Decision Making
Any decisions made about the provision of NHS-funded services will be reflected in the services we provide and in the contract(s) held with the PCT/LHB. 

5)    Our policies and procedures
  Complaints
  Data protection
  Health and safety

They are available on request from the practice, either by making contact through this website, or by contacting Atlantic Home Eyecare, PO Box 390, Barnstaple, Devon, EX32 2HE

Complaints
If you have a complaint about any of our products or services, please do discuss any problems with the practice in the first instance. We find that most issues can be put right at this stage.  

A full copy of our complaints policy is available here.


6)     Lists and Registers
We don’t keep lists and registers. Our patient records are confidential.

7)    The Services We Offer
Atlantic Home Eyecare provide NHS-funded sight tests for those who are eligible. Patients may also be entitled to NHS vouchers that can be used against the purchase of spectacles or contact lenses as required. To find out if you are eligible for this assistance please click here or ask for details.


Appointments for sight tests can be booked over the phone, or online here.

 

Online Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.

When do we collect information?

We collect information from you when you fill out a form or enter information on our site.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

      • To follow up with them after correspondence (live chat, email or phone inquiries)

How do we protect your information?

We do not use vulnerability scanning and/or scanning to PCI standards.

We only provide articles and information. We never ask for credit card numbers.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use 'cookies'?

We do not use cookies for tracking purposes
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.that make your site experience more efficient and may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.

Third-party links

We do not include or offer third-party products or services on our website.

Google

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We have not enabled Google AdSense on our site but we may do so in the future.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf


According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

      • On our Privacy Policy Page

Can change your personal information:

      • By emailing us

      • By calling us

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It's also important to note that we do not allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.

Do we let third-parties, including ad networks or plug-ins collect PII from children under 13?

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email

      • Within 7 business days

We will notify the users via in-site notification

      • Within 7 business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to: reply to your correspondence.
To be in accordance with CANSPAM, we agree to the following: to stop e-mailing you if you ask us to.

If at any time you would like to unsubscribe from receiving future emails, you can email us and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Atlantic Home Eyecare, PO Box 390, Barnstaple, Devon, EX32 2HE

01271 590039


Last Edited on 2018-10-10