Privacy and Security Policy
RS Optical Limited
The Website is operated by RS Optical Limited (referred to as “Eyediology”, “we”, “us” or “our”). RS Optical Limited is registered in England and Wales under company number 05948760 and has its registered office at 6th Floor AMP House, Dingwall Road, Croydon, CR0 2LX.
RS Optical Limited trades as Eyediology of 79 Commercial Street, London E1 6BD
Eyediology is committed to protecting the privacy of its users and customers. This Privacy and Security Policy (“Privacy and Security Policy”) is intended to inform you how we gather, define, and utilise personal information such as your name, address, telephone number, date of birth, credit card number, billing address and email address (“Information”). Please take a minute to read and understand the policy. All your personal Information shall be used in accordance with the Data Protection Act 1998 (the “Act”) and in accordance with our data handling policy in relation to the use of your health records. If you want to know what information we collect and hold about you, please click here to email us.
Eyediology is the data controller of your Information for the purposes of the Act.
If you are under 18, we require that you inform a parent or guardian about our Privacy and Security Policy as well as requiring their consent to the Privacy and Security Policy before ordering online.
We collect information about you when you initially register. This information is stored on our Secure Server (SSL) and is used to process your orders and to help protect you against fraud. The SSL encrypts all of your personal information, to ensure that the information you give us is protected against unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot ensure the security of your data transmitted to our Website. Any transmission is at your own risk. Once we have received your information we will use strict procedures and security features to prevent unauthorised access.
The personal data of patients that we may collect and process includes:
- Your name, contact details and personal identifiers (such as date of birth and NHS number)
- Your general and ocular health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about
- Details of medicines, spectacles and contact lenses prescribed for you
- Details of examinations and other healthcare checks and treatments we provide
- Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives
Use of Your Information
We collect and process patients’ personal data for the purposes of healthcare and marketing. Our legal bases for processing personal data for healthcare purposes, including appointment reminders, include public task or legitimate interests.
- When we provide services under the NHS General Optical Services contract (such as a sight test funded by the NHS), our legal basis for processing personal data in respect of that service is public task
- Otherwise our legal basis is legitimate interests
Our condition for processing special category data is the provision of health or social care. We process our patients’ personal data for marketing purposes with their consent or to meet a legitimate interest. This means we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.
The information we collect about you is used to process orders, keep you updated on the status of our service and Products (“the Products”) and to automate certain functions on our Website. We may collect and process the following data about you:
- Information that you provide by filling in forms on our Website. This includes information provided at the time of placing orders or requesting further services and Products.
- Details of transactions you carry out through our Website and of fulfilment of orders.
- Information about your computer including where available your IP address, operating system and browser type.
- Details of your visits to our Website and the pages and resources that you access.
And for the following purposes:
- To ensure content from our Website is presented in the most effective manner for you and your computer.
- To provide you with information, Products or services that you request from us.
- To notify you about changes to our services and Products and to update your Information.
We may also use your personal information for our internal marketing and demographic studies, together with non-personal data to monitor customer patterns so we can consistently improve our Website design to better meet our visitors’ needs.
From time to time we may update you on our latest products and news via email. You can stop these emails by either clicking the “deregister” or “unsubscribe” link in any emails you receive from us or by emailing us, entering “Deregister” “Unsubscribe” in the subject link and including your full name and email address in the text of the email.
This Privacy and Security Policy applies to Eyediology but not to websites maintained by other companies or organisations to which we link. Please ensure that you read the Privacy and Security Policy of such other companies before submitting any personal information.
Disclosing Your Information to Third Parties
Please see our policy on data handling for how we use your health records.
We may also disclose your Information to third parties:
- in the event that we sell or buy any business or assets in which case we may disclose your personal data to the seller or buyer of such business or assets;
- to pass your Information to our affiliates or certain suppliers/sub-contractors to supply goods, services or information requested by you and we may pass your Information to them for this purpose;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our Terms and Conditions and other agreements or protect the rights, property, or safety of Eyediology, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
We may provide other companies, such as advertisers (for the purpose of serving advertisements), suppliers, potential suppliers and potential customers of Eyediology and its affiliates with details about our services, but we will not provide them with any information which can be used to identify you.
We may also use or permit selected third parties to use your Information to provide you with information about goods and services which may be of interest to you in accordance with any permissions granted by you when registering or ordering Products on our Website .
You have the right to request us not to send such information or to pass information to third parties for such purposes, indicating before submitting your Information whether you mind your information being used in this way. Alternatively, you can exercise your right to do so by contacting us or filling out the deregistration form.
Storage of Your Personal Data
We process your personal data in strict confidence. We keep your personal data securely in our secure filing and encrypted electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.
For those that receive health care or prescribed ophthalmic devices, we will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements.
In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.
In the course of processing your personal data we may share it with:
- The healthcare professionals working at this practice and those under their supervision
- Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them
- Your GP, ophthalmologists and other healthcare providers and commissioners, and suppliers of optical appliances or similar products, in connection with your ongoing healthcare treatment
- Software providers for our patient record and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you
For information collected for online order purposes, this may be kept and stored for three year from last contact if not conflicting with the above. After which, data will be deleted and online account close, if no contact is made to remove earlier or provide permission to prolong storage.
The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area. By submitting your personal data you agree to this transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy and Security Policy.
Please keep your Eyediology password safe and do not share it with others. If you forget your password please click here or contact us directly so that we can email it to the email address you provided when registering.
You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:
- The right to be informed about how we use personal data – this privacy notice gives that information
- The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests
- The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
- The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)
- The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you
Updating Your Information
Should you need to update your Information, you may do so at any time by visiting the registration page. If you have any additional questions, please click here to send us an email.
Contacting us and the ICO about your personal data
Please speak to us first if you have any questions or concerns about the way in which we process personal data. If you have questions about shopping at Eyediology please send us an email.
You have the right to complain to the ICO if you have a concern about our handling of your personal data which you do not think we can resolve. You can contact the ICO here.
Eyediology reserves the right to make changes to this policy and you should check back from time to time to ensure you are aware of any changes.
Your continued use of this website will demonstrate your acceptance of these changes.