Data Protection Policy

We hold various pieces of information about you including your name and address, and clinical details such as the state of health of your eyes, medication taken, your spectacle and/or contact lens prescription, and copies of any letters we have written about you or received from other professionals, such as your doctor.

If you email us to book an appointment, or contact via any other form of messenger, we take this as permission to store and use your information solely for the purpose of making the appointment and will do so until the point where you come in and sign for full permission to share. We do not share for Marketing purposes, and only use the data given for your eyecare, or to contact you to notify you that your eye exam is due. 

We protect this information using secure records back up and storage, CCTV, telecommunicating alarms, offsite secure electronic storage and following policies to keep the data private unless you have given specific permission to share, for example with the NHS or a Private referral service. This will only be done with your knowledge and permission.

(Please note we use security measures to protect our staff and your data, we do not use CCTV during your eye exam unless there is a very specific reason and you have been made fully aware of this. None of your healthcare data will be stored in this form)

You are entitled to a copy of your information although occasionally there may be an administrative charge for providing it. Anything that is covered by the Freedom of Information Act we will provide according to that act on written request. 

If you wish to see your records, please ask KATHRYN BATCHELOR-DOVE who will respond as quickly as possible (Expected reply to email within 1 week, other forms of contact 2 weeks so please contact again if no answer. We would aim to get your records to you within 20 days.)

If you require independent advice, contact the Information Commissioners Office at www.ico.gov.uk.

We adhere to the guidelines of the College of Optometrists and the Data Protection Act and will not pass any of your personal information to a third party without your consent unless there is a clear public interest duty to do so.

You will need to provide us with your consent if you wish us to pass your information to another optometrist.

If you are an NHS patient, we are obliged to provide the portion of your record that relates to NHS services to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this.

This is usually to confirm that we have provided the NHS services that we have been paid for, and to improve quality of care.

It is also possible that the NHS may contact you to ask if you have received services (such as a sight test or spectacles) as part of this monitoring.

Within the practice we may use the information to analyse trends, or to audit our performance. This enables us to monitor and improve the quality of care that we offer you.

Wherever possible (i.e. if we do not need to know who an individual patient is) we will only analyse trends from anonymised information.

Policy Agreed and signed by Kathryn Batchelor-Dove on behalf of Dove Eyecare, trading as Dove & Conway Opticians.

Reviewed 12/03/2019 and regularly from then on, amended on here and date changed only if any change to the information. 

Registered with ICO under number   00010459246

Senior Information Risk Officer : Kathryn Batchelor-Dove

Caldicott Guardian : Kathryn Batchelor-Dove or Michelle Dove

DPIA process checklist - taken from ICO website and filled in for our services.

☐ We describe the nature, scope, context and purposes of the processing.

We only use information for the providing of eyecare services and to contact patients when their eye exam is due or overdue.

☐ We ask our data processors to help us understand and document their processing activities and identify any associated risks.

We have a secure server with access rights only by password and have confidentiality agreements with this provider.

☐ We consider how best to consult individuals (or their representatives) and other relevant stakeholders.

If any issues arise we would contact individuals to notify them and confirm permission before any sharing of information. However should be no reason to share other than with prior knowledge and permission of the patient.

If data sharing is necessary it is done using pseudonymisation and keeping identifiable data to a minimum.

☐ We ask for the advice of our data protection officer.

As well as this, we would consult our governing bodies and follow any NHS guidelines. Our reasons for sharing information are only for eyecare services and only with patient knowledge.

☐ We check that the processing is necessary for and proportionate to our purposes, and describe how we will ensure compliance with data protection principles.

We only use for eyecare health purposes and to contact when eye exams are due.

☐ We do an objective assessment of the likelihood and severity of any risks to individuals’ rights and interests.

Risk analysis done and low likelihood or severity if any details shared, since minimum of sensitive clinical data stored, however we treat all information as if it was a high risk item to make sure no information is shared that could cause any harm

☐ We identify measures we can put in place to eliminate or reduce high risks.

Measured identified and actions taken if any high risk issues arise.

☐ We record our decision-making in the outcome of the DPIA, including any difference of opinion with our DPO or individuals consulted.

No difference of opinion, both Kathryn Batchelor-Dove and Michelle Dove agree with these principles.

☐ We implement the measures we identified, and integrate them into our project plan.

Any measures identified would be integrated. No plans to share outside the uses already agreed by the patient on joining the practice.

☐ We consult the ICO before processing, if we cannot mitigate high risks.

We would do so if any situations arose.

☐ We keep our DPIAs under review and revisit them when necessary.

We would do this if any needed.

Dove & Conway Opticians

100 Sheep Street

Bicester

Oxon

OX26 6LP

Phone: 01869 242740

E-mail: admin@doveeyecare.com 

Please note that Kathryn tends to deal with emails and the website admin. 

If something should be for Michelle's eyes only, please put that in the subject of the email.

THE FORM BELOW WILL TEND TO BE SLIGHTLY SLOWER THAN EMAILING US DIRECTLY.