Privacy Notice - Website

Who We Are

Eyesite Opticians (UK) Limited (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

Eyesite Opticians (UK) Limited’s registered office is at 96 King Street, Cottingham, East Yorkshire, HU16 5QE and we are a company registered in England and Wales under company number 08281114. We are registered on the Information Commissioner's Office Register; registration number Z9381428, and act as the data controller when processing your data. Our designated Data Protection Officer is Katie Jones, who can be contacted via dataprivacy@eyesiteopticians.co.uk or by phoning 01482 845651.

Information That We Collect

Eyesite Opticians (UK) Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. 

The personal data that we collect from is:

(but not limited to)

  • Name and date of birth

  • Home address and post code

  • Contact information such as a personal and/or business email, home telephone and/or mobile number

  • National Insurance number and where required, other identification information such as a passport number, driver’s license number, etc.

  • Special Category Data (i.e. health/medical information, details about religion, sexuality etc.)

We collect information in the below ways:

Face-to-face in our branches and shops, over the telephone, via online contact and booking forms on our website, via referrals from other professionals, through employment applications and CVs, etc..

How We Use Your Personal Data (the Lawful Basis for Processing)

Eyesite Opticians (UK) Limited takes your privacy very seriously and will never disclose, share or sell your data without your consent unless we are required to do so by law or regulation. We only retain your data for as long as is necessary and for the purposes specified in this privacy notice. Where you have consented to us keeping in touch with you and providing you with promotional offers and marketing, you are free to withdraw this consent at any time. 

The purposes and reasons for processing your personal data are detailed below: 

  • We may collect your personal data when we provide you with our services such as conducting and eye test, providing you with glasses or contact lenses, etc., (this is known as a ‘contractual obligation’)

  • We collect and process your personal data as part of our legal obligation for business accounting, payroll and tax purposes

  • We have a contractual obligation and legal obligation to share your personal data when processing credit and debit card payments

  • We have a legal obligation as part of our GOS (General Ophthalmic Services) contract with the NHS and NHS Digital to share your personal data and special category data

  • We may collect and process your personal data should you seek or gain an employment contract with us. Depending on your role, your personal data may be shared with organisations carrying out legally required checks such as with the Data Baring Services (criminal records checks), etc.

We may wish to send you marketing information which we believe is and have assessed as being, beneficial to you as a customer and in our interests. Such information will be non-intrusive and processed on the lawful basis of legitimate interest.

Your Rights

You have the right to access any personal information that Eyesite Opticians (UK) Limited processes about you and to request information about:

  • What personal data we hold about you

  • The purposes of the processing

  • The categories of personal data concerned

  • The recipients to whom the personal data has/will be disclosed

  • How long we intend to store your personal data for

  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. 

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use. 

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

As an NHS patient, you have the right to opt-out from the use of your personal data for planning and research by NHS Digital and we are legally required to assist you or provide you with information on how to opt-out.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Eyesite Opticians (UK) Limited uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Examples of who we may share personal data with include, but are not limited to:

Optical Equipment Providers
We use a variety of optical equipment providers such as lens makers, etc., who will tailor products to our client’s specific needs. This will involve the sharing of limited personal data with these organisation in order for them to be able to deliver the service required.

Data Baring Service
We will use third parties to carry out legally required criminal records checks on our behalf under the Data Baring Service (DBS Checks). We will provide the minimum personal data required to enable the service to be completed. Organisations carrying out DBS Checks on our behalf are regulated under law for the provision of that service and operate as a joint controller for the processing of personal data.

Accounting and Legal Services
We use accountants to audit our financial records for taxation and other legally obligated functions and we use the legal services of lawyers when seeking legal guidance, etc. and during the provision of these services, these organisations may have access to personal data. These organisations are regulated under law for the provision of that service and operate as a joint controller for the processing of personal data.

NHS and NHS Digital
We are legally obligated to provide specific and limited personal data of our patients to the NHS and NHS Digital who are themselves, regulated under law.

Read the section below on Personal Data Shared with the NHS and NHS Digital to learn more.

Employee Support Services
We outsource several employee related functions to vetted, audited and contracted providers. These include organisations such as pension and insurance providers, etc. When delivering their contracted services, they will need to be provided with personal data. There work is monitored, and they are obligated through strictly controlled contracts to maintain the strictest of security at all times. Most of these organisations are regulated under law for the provision of that service and operate as a joint controller for the processing of personal data.

Technical Support Services
We outsource several support functions to vetted, audited and contracted providers. These include organisations such as IT Systems and Network Providers, etc. When delivering their contracted services, they may need to access areas of our systems where personal data is processed. There work is monitored, and they are obligated through strictly controlled contracts to maintain the strictest of security at all times.

Personal Data Shared with the NHS and NHS Digital

Whenever you use an NHS supported service, important information about you and your service is collected in a patient record. Collecting this information means that you get the best possible care and treatment. 

When this information is shared with the NHS and NHS Digital, it can also be used, and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided

  • Research into the development of new treatments

  • Preventing illness and diseases

  • Monitoring safety

  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential NHS patient information about your health and care is only used like this where allowed by law. 

Most of the time, anonymised NHS patient data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your NHS held confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential NHS patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

  • See what is meant by confidential patient information

  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care

  • Find out more about the benefits of sharing data

  • Understand more about who uses the data

  • Find out how your data is protected

  • Be able to access the system to view, set or change your opt-out setting

  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone 

  • See the situations where the opt-out will not apply

You can change your mind about your choice at any time.

Safeguarding Measures

Eyesite Opticians (UK) Limited takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including but not limited to:

  • SSL, TLS, encryption, pseudonymisation, network access security, two-factor authentication, firewalls, anti-virus and malware detection and control, etc.

Transfers Outside the EU

Personal data in the UK and European Union is protected by data protection law but some other countries may not necessarily have the same high standard of protection for your personal data. 

Eyesite Opticians (UK) Limited utilise some services (or parts of them) that are hosted in the United States, which means that we may transfer any information which is submitted by you through the website outside the European Economic Area ("EEA") for the purpose of website hosting.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Eyesite Opticians (UK) Limited, however, as this information is required for us to provide you with our services and the products that you may order from us, we will not be able to offer some or all of our services without it.

Legitimate Interests

As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate. 

We use the legitimate interests’ legal basis for processing to send you marketing information which we believe is and have assessed as being, beneficial to you as a customer and have identified that our interests are that we are selling products and services which have been used by you or may be appropriate to you.

How Long We Keep Your Data

Eyesite Opticians (UK) Limited only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. As an example, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed however, we have identified different retention periods for different types of personal data and you can learn about these in our Data Retention and Erasure Policy here. 

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Special Categories Data

Owing to the products, services or treatments that we offer, Eyesite Opticians (UK) Limited sometimes needs to process sensitive personal information (known as special category data) about you. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

Children’s Personal Data and their Consent

Eyesite Opticians (UK) Limited provides services to people of all ages and as such, we may collect and process the personal data of patients who are identified in law as a child. You may believe that the age of a child is someone below the age of 18 however, under data protection law the UK government has defined the age at which a child is responsible for consenting to the processing of their personal data at 13 years. This means that where we are relying on consent as the lawful basis for processing the personal data of a person aged under 13, we will require the explicit and freely given consent of a verified parent or guardian of that child.

Parents and guardians also need to understand that because of this age definition, where a person is aged 13 years or more but under 18 years of age, the parent or guardian will not have an automatic right to access the personal data of that person aged 13 years or more but under 18 years of age.

Eyesite Opticians (UK) Limited will make every attempt to ensure that persons identify as under 13 years on our systems, are not subjected to marketing under legitimate interest as described above.

Lodging A Complaint

Eyesite Opticians (UK) Limited only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority. 

Eyesite Opticians (UK) Limited

  • Katie Jones (Data Protection Officer)

  • Eyesite Opticians (UK) Limited’s registered office is at 96 King Street, Cottingham, East Yorkshire, HU16 5QE

  • dataprivacy@eyesiteopticians.co.uk 

Information Commissioner’s Office

  • Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

  • Fax: 01625 524 510

  • Website Complaint Submission: https://ico.org.uk/concerns/handling/

Cookie Notice

A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options.

Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly. 

Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit https://www.aboutcookies.org.