We are specialists in ophthalmic eye care and the supply of spectacles and contact lenses and operate from:
27 High St,
London E17 7AD
Your privacy matters to us and we are committed to the highest data privacy standards and patient confidentiality. To disclose this to you, our Privacy Notice includes the following:
What data we collect from you.
How and why we process it.
Who we share it with and why.
Collection of your Personal Data
We collect your personal information via disclosure directly from you or your parent or guardian. This might telephone, email or face to face engagement.
Categories and Type of Personal Data Collected and processed
We collect contact details from you including:
Date of Birth
In addition to this contact information we collect clinical data including:
Relevant health/medications as well as family ocular history information.
Exam results e.g OCT scans and retinal imaging.
Occupations and hobbies to help assess visual requirements.
Finally, we collect financial information where appropriate including:
Payment card information where necessary on receipts.
Direct debit information
We treat all personal data as sensitive but acknowledge that we also process special category data.
Article 8 of the GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are permitted to process data relating to children under 16 (For the UK this is under 13). Given our industry we comply with this requirement by permitting parents or guardians to make appointments for children and to provide us with their own contact details to use on behalf of the children.
Reason for Data collection and processing activities.
Contact information is captured to enable us to contact you through various communication channels on matters directly related to your treatment. This could include appointment reminders, results, check up reminders and any other information which is felt to be crucial to your eye care including offers from us about our services.
Clinical data is collected as an essential means of providing you with the service which you require and without collecting this information our service could not be delivered.
Payment information is collected to facilitate the payment of our services.
Sharing of Personal Data
During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.
A full list of processors is available from our Data Protection Officer but includes Opticabase software (Our business software provider), lens manufacturers, frame manufacturers, contact lens manufacturers and payment processors.
We may also need to share your data with other health care providers, such as the NHS, where this is needed to ensure you receive appropriate treatment and care.
Your data is also stored within local devices secured using passwords and user authentication. All branches offer a high level of physical security and operational rigour to ensure data and the devices on which that data resides, are protected.
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office; who are responsible for regulating data protection legislation in the UK.
Our legal basis for processing your personal data?
We are required to identify one of six possible legal grounds for processing. These are:
As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.
We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.
Where special category of data is processed, we do so Article 9 (2) h – processing is necessary for…the provision of health or social care.
How long do we keep your personal data for?
We process three categories of personal data and retain this data for different periods of time.
Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last appointment, or in the case of a child or young adult the contact information is held for 10 years or until the subject reaches the age of 25, whichever is the later.
Payment information is held by us only as long as is necessary to process the payment or to set up the direct debit mandate.
Your rights in relation to personal data
Under the GDPR, you have rights to access and control your personal data. These rights include:
access to personal information
correction and deletion
withdrawal of consent (if processing data on condition of consent)
restriction of processing and objection
lodging a complaint with the Information Commissioner’s Office
You can exercise your rights by emailing our Data Protection Officer on
If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office. To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.