Stephen Beirne Optometrists customer privacy notice
This privacy notice tells you what to expect us to do with your personal information.
Your information is only used for legitimate reasons by Stephen Beirne Optometrists. We do not allow your information to be passed to any third party , that is not required for our business with you.
Our contact details:
Post
Forth Valley Eyecare Ltd, 15 Foundry Loan, LARBERT, Stirlingshire, FK5 4AW, GB
Telephone
01324227960
What information we collect, use, and why
We collect or use the following information to provide services and goods, including delivery:
-
Names and contact details
-
Addresses
-
Date of birth
-
Payment details (including card or bank information for transfers and direct debits)
-
Health information (including dietary requirements, allergies and health conditions)
-
Account information
-
Information relating to loyalty programmes
-
Photographs or video recordings
-
Identification documents
We collect or use the following information for the operation of customer accounts and guarantees:
-
Names and contact details
-
Addresses
-
Payment details (including card or bank information for transfers and direct debits)
-
Purchase history
-
Account information, including registration details
-
Information used for security purposes
We collect or use the following information to prevent crime, prosecute offenders, or defend against legal action:
-
Names and contact information
-
Customer or client accounts and records
-
Video and CCTV recordings of public areas (including indoor and outdoor spaces)
-
Financial transaction information
We collect or use the following information for service updates or marketing purposes:
-
Names and contact details
-
Addresses
-
Marketing preferences
-
Purchase or viewing history
-
Website and app user journey information
-
Records of consent, where appropriate
We collect or use the following information for research or archiving purposes:
-
Names and contact details
-
Addresses
-
Purchase or viewing history
-
Website and app user journey information
-
Records of consent, where appropriate
We collect or use the following information to comply with legal requirements:
-
Identification documents
-
Financial transaction information
We collect or use the following information for recruitment purposes:
-
Contact details (eg name, address, telephone number or personal email address)
-
Date of birth
-
National Insurance number
-
Copies of passports or other photo ID
-
Employment history (eg job application, employment references or secondary employment)
-
Education history (eg qualifications)
-
Right to work information
Lawful bases
Our lawful bases for collecting or using personal information to provide services and goods are:
-
Consent
-
Contract
-
Legal obligation
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient if required
-
Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:
-
Consent
-
Contract
-
Legal obligation
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient
-
Our lawful bases for collecting or using personal information to prevent crime, prosecute offenders or defend against legal action are:
-
Consent
-
Contract
-
Legal obligation
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient 4 protection in case of complaints or for reference in a legal situation.
-
Our lawful bases for collecting or using personal information for service updates or marketing purposes are:
-
Consent
-
Contract
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient
-
Our lawful bases for collecting or using personal information for research or archiving purposes are:
-
Consent
-
Contract
-
Legal obligation
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient
-
Our lawful bases for collecting or using personal information for legal requirements are:
-
Consent
-
Contract
-
Legal obligation
-
Legitimate interest:
-
1 retain clinical information, including the patient’s history 2 facilitate the clinical management of the patient and continuity of care 3 enable another practitioner to take over the care of the patient 4 protection in case of complaints or for reference in a legal situation.
-
Our lawful bases for collecting or using personal information for recruitment purposes are:
-
Consent
-
Contract
-
Legitimate interest:
-
We need to collect the information to allow for recruitment purposes.
-
Where we get personal information from
-
People directly
-
CCTV footage, or other recorded images
How long we keep information
Recommended period of retention for records
adult patients
10 years after they were last seen, even if the patient has subsequently died.
children and young people
10 years after they were last seen or until the patient’s 25th birthday, if later.
If the child or young person has died, keep the records for 10 years after they were last seen.
Who we share information with
Data processors:
Xeyex Limited
This data processor does the following activities for us: XEyeX manages our patient management system
Other organisations
-
Insurance companies
-
Health care providers
-
Financial or fraud investigation authorities
-
Relevant regulatory authorities
-
Professional consultants
-
Organisations we’re legally obliged to share personal information with
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint