Privacy policy, cookies policy and other terms and conditions

Robert Stanley Opticians Ltd Privacy Policy and Cookie Notice / Policy
 
Robert Stanley Opticians Ltd Privacy Policy

We are obliged by law under the General Data Protection Regulations (GDPR), formerly the Data Protection Act, to protect any data that you may choose to give us.  Given the clinical nature of our work, we take this very seriously.  We use only the highest level of security protection and data encryption at all levels of our business.



Who we are?
We at Robert Stanley Opticians are registered with the Information Commissioners Office as a Data Controller, registration number Z141673X.

We are specialists in Optical and Hearing services and operate from:

Abingdon store - 23 Stert Street, Abingdon, OX14 3JF
Bicester store - Unit EY4 Bure Place, Pioneer Square, Bicester, OX26 6FA
Grove/Wantage store - Wantage Health Centre, Mably Way, Grove, Wantage, OX12 9BN
Headington store - 137 London Road, Headington, Oxford, OX3 9HZ
Thame store - 22 Cornmarket, Thame, OX9 2BL
Wallingford store - 8 St Martin’s Street, Wallingford, OX10 0AL

Your Privacy
Your privacy matters to us and we are committed to the highest data privacy standards and patient confidentiality. To disclose this to you, our Privacy Notice includes the following:

What data we collect from you.
How and why we process it.
Who we share it with and why.

We adopt the six core principles of data protection which are:

1. Lawfulness, fairness and transparency - we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
2. Purpose limitation - we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
3. Data minimisation - we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
4. Accuracy - we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
5. Storage limitation - we delete personal data when we no longer need it. Whilst the timescales in most cases aren't set, we outline our retention strategy within this Privacy Notice.
6. Integrity and confidentiality - we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your Personal Data
We collect your personal information via disclosure directly from you or your parent or guardian.  This might be via our website, via our booking system, telephone or face to face engagement.
 
Categories and Type of Personal Data Collected and processed
We collect contact details from you including:

Name
Address
Telephone number(s)
Email addresses
Date of Birth

In addition to this contact information we collect clinical data including:
Current and past relevant health and medication information.
Examination results including retinal images.
Relevant lifestyle information such as pastimes or work impacting on eye care. 

Finally, we collect financial information where appropriate including:

Payment card details via EPOS.
Banking details for direct debit mandates.  We treat all personal data as sensitive but acknowledge that we also process special category data.
 
Child Data

Article 8 of the GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are permitted to process data relating to children under 16 (For the UK this is under 13).  Given our industry we comply with this requirement by permitting parents or guardians to make appointments for children and to provide us with their own contact details to use on behalf of the children.  On the appointment confirmation emails we offer a statement of understanding which confirms that the recipient is indeed a parent or guardian of the child.
 
Reason for Data collection and processing activities
Contact information is captured to enable us to contact you through various communication channels on matters directly related to your treatment. This could include appointment reminders, results, check-up reminders and any other information which is felt to be crucial to your eye care including offers from us about our services.

Clinical data is collected as an essential means of providing you with the service which you require and without collecting this information our service could not be delivered.

Payment information is collected to facilitate the payment of our services.
 
Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors.  They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

A full list of processors is available from our Data Protection Officer but includes Optix Software Limited (Our business software provider), lens manufacturers, frame manufacturers, contact lens manufacturers and payment processors.  Your data is completely anonymised before ordering items for you from our frame, spectacle lens and contact lens suppliers.

We may also need to share your data with other health care providers, such as the NHS, where this is needed to ensure you receive appropriate treatment and care.  In these cases we will always seek your express permission first.
 
Securing and Processing of your Personal Data
Your data is stored mainly within our software system provided by Optix Business Software Limited. They hold ISO 27001 and as part of our own due diligence our Data Protection Officer has reviewed security processes in place including the results of penetration testing undertaken.
 Your data is also stored within local devices secured using passwords and user authentication.  All branches offer a high level of physical security and operational rigour to ensure data and the devices on which that data resides, are protected.
 
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately.  If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office; who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/
 
Our legal basis for processing your personal data?
We are required to identify one of six possible legal grounds for processing. These are:

Consent, Contract, Legitimate interests, Vital interests, Public task and Legal obligation.

As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.
 
We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.
 
Where a special category of data is processed, we do so for Article 9 (2) h of the Act – the processing is necessary for the provision of health or social care.
 
How long do we keep your personal data for?
We process three categories of personal data and retain this data for different periods of time.
 
Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last appointment.
 
Clinical data - Based on the guidance of the professional bodies and General Optical Council the clinical data we process is held for a period of 10 years.
 
Payment information is held by us only as long as is necessary to process the payment or to set up a direct debit mandate.
 
Your rights in relation to personal data
Under the GDPR, you have rights to access and control your personal data. These rights include:

Access to personal information
Correction and deletion
Withdrawal of consent (if processing data on condition of consent)
Data portability
Restriction of processing and objection
Lodging a complaint with the Information Commissioner’s Office 

If you wish to raise any concerns with the handling of your data by Robert Stanley Opticians Limited, we recommend you contact your local store in the first instance http://www.robertstanley.co.uk/contact-us/

You can also exercise your rights by emailing our Data Protection Officer on robertstanleyDPO@clinicalDPO.com
 
If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.
 To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113
 
https://ico.org.uk/concerns/



Robert Stanley Opticians Limited - Cookie Policy



What are cookies?
 
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
 
What are cookies used for?
 
Cookies allow a site or services to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
 
What types of cookies does Robert Stanley Opticians use?
 
There are generally four categories of cookies: “Strictly Necessary,” “Performance,” “Functionality,” and “Targeting.” Robert Stanley Opticians, through its MySight application uses only “Strictly Necessary” cookies.  Strictly Necessary Cookies are cookies that are essential, as they enable you to move around the Service and use its features, such as accessing logged in or secure areas, booking appointments etc.  Robert Stanley Opticians do not use cookies for any other purpose.
 
How long will cookies stay on my device?
 
The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
 
First and third party cookies
 
First-party cookies are cookies that belong to Robert Stanley Opticians, third-party cookies are those used by another party and are used by our MySight software provider to allow our online booking system to work for you.  Again these are “Strictly Necessary” cookies to enable us to offer you a booking service.
 
How to control and delete cookies
 
You can delete or disable cookies in your settings section of your PC or device.  Note that if you set your browser to disable cookies, you may not be able to access certain parts of our Service and other parts of our Service may not work properly. You can find out more information cookie settings at third-party information sites, such as www.allaboutcookies.org.