top of page

Privacy Policy

This policy describes the data that we hold about patients, how we hold it, how we protect it, how we use and process it (including what patients need to be provided with) and how we transfer it (if necessary).


There are certain legislative requirements for every organisation to hold information. Information about this is provided below.


  • The Practice complies with the eight data protection principles under the Data Protection Act 1998 in its processing of personal data in that such data is:

  • fairly and lawfully processed

  • processed for limited purposes

  • adequate, relevant and not excessive

  • accurate and up to date

  • not kept for longer than is necessary

  • processed in line with patients’ rights

  • secure

  • not transferred to other countries without adequate protection


  • The practice is registered with the Information Commissioner - Registration No. ZA056392


  • The practice has an up to date Freedom of Information Act statement and this is available to patients


  • A practice policy notice on handling patient data is available to patients (See appendix below)


What information we hold and how we hold it


  • Patient records are held in a variety of formats:

Paper records for sight test and contact lens clinical records.

  • Paper records are used for spectacle prescription and dispensing information

  • Clinical records are held electronically on computer

  • Spectacle prescription and dispensing information is held in the practice management software.

  • Recall dates are held in the practice management software.

  • Photographic information (retinal and anterior segment) is held in the imaging software.

  • Visual Field records are held as a paper record.


How we protect this information


All practice staff have a confidentiality clause within their contracts.


  • All personal information contained on practice records, whether paper or electronic, is considered confidential.


  • No personal information is discussed with anyone other than the patient or their parent or guardian (except where Gillick competency applies) without the patient’s permission.


  • Care is taken that records are not seen by other people in the practice


  • All staff are aware of the importance of ensuring and maintaining the confidentiality of patients’ personal data and that such data must be processed and stored in a secure manner.


  • All electronic data is protected by suitable back-up procedures and any on-line backup uses a service, which encrypts the data securely before transmitting it from the practice PC. When computers are replaced, old hard drives are securely erased or physically destroyed.


  • Records are retained for periods as agreed by the optical bodies. (See record retention policy below).


  • Confidential paper information requiring destruction is shredded.


  • Records due for destruction are shredded.


  • We have an IT security policy regarding specific access to electronic information (See IT security policy below)


  • If the need arises to transfer information we have procedures that include consent and secure transfer (See section on how we transfer personal data below)


  • Any suspected breaches of security or loss of information are reported immediately and are dealt with appropriately by the person responsibility for confidentiality and data management.


  • Paper records are kept secure and away from access by the public.


How we use and process the information we hold


To discharge our legal and contractual duties:


  • Patients are given a copy of their spectacle prescription immediately following their sight test.


  • If a patient is referred, they are given a written statement that they are being referred, with a reason [e.g. “cataract” written on the GOS2 or similar private form]. They are also offered a copy of the referral letter.


  • Patients are given a copy of their contact lens specification on completion of the fitting process.


  • Where a patient has diabetes or glaucoma, the GP is informed of the result of the sight test


  • Staff assisting in the provision of GOS are appropriately trained, and supervised for the tasks that they undertake.


We may also use the information we hold about patients to remind them when they are due for checkups and we may send them eye care and eyewear information.


How we transfer personal data


We always transfer personal information (data) in a secure manner.


We seek permission before transferring personal information except in some cases where it is to another healthcare professional responsible for patient care and who needs that information to assist in patient care or where we are legally required not to.


See Policy & procedures on:


Patient consent to the provision of information (see appendix below)


Handling requests for Rx and clinical information (see appendix below)


Transferring Patient Identifiable Data (see appendix below)




The practice displays the following as a part of the information poster in the waiting room:


We hold various pieces of information about you including your name and address, and clinical details such as the state of health of your eyes, your spectacle and/or contact lens prescription, and copies of any letters we have written about you or received from other professionals, such as your doctor. You are entitled to a copy of this information although there may be an administrative charge for providing it. If you wish to see your records, please ask David Canton and we will respond as quickly as possible and in any case are required to do so within 40 days. If you require independent advice, contact the Information Commissioners Office at


We adhere to the guidelines of the College of Optometrists and the Data Protection Act and will not pass any of your personal information to a third party without your consent unless there is a clear public interest duty to do so. You will need to provide us with your consent if you wish us to pass your information to another optometrist.


If you are an NHS patient, we are obliged to provide the portion of your record that relates to NHS services to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that we have been paid for, and to improve quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as a sight test or spectacles) as part of this monitoring.


Within the practice we may use the information to analyse trends, or to audit our performance. This enables us to monitor and improve the quality of care that we offer you. Wherever possible (i.e. if we do not need to know who an individual patient is) we will only analyse trends from anonymised information.


If you have any queries about this please contact us and we will be happy to help.

bottom of page