Mackereth accessible communications policy
The Data Controller is Mackereth Opticians Ltd, 6 Regent Street, Halifax HX1 2SE. Jeremy Topliss is a Director and Optometrist and the Responsible Person for Data Protection.
What data do we keep and who do we share it with?
Patient records are used for the purposes of healthcare provision. These records are held in both paper and electronic form and include retinal photographs and referral letters to and from other registered healthcare professionals.
Customer records are also kept for the purpose of legitimate interest for the business; these include some customers' direct debit details in order to run our Visioncare Scheme for monthly payments by direct debit for contact lens services. In order to enact direct debit collection, bank details are shared securely with the data subject's bank via our appointed Direct Debit agent, which is authorized and regulated by the FCA. We will not sell or share your information with any other third parties unless we have obtained additional consent from you.
Staff records such as bank details, NI numbers and other personal information are used to ensure performance of a contract of employment and are kept for tax purposes. These employee details may be shared by our appointed Chartered Accountants and HMRC as part of our legitimate business operation.
How secure is your data?
Only registered healthcare staff or those under their supervision have access to a patient record which is considered confidential. All registered staff have to comply with GOC standards, which ensure they respect patient confidentiality at all times. Paper records are filed away from public access, behind the reception desk, which is constantly manned during business hours. CCTV is in operation on the premises. Our electronic data is password protected and all employees have a unique password, so that there is an audit trail. There is a robust encrypted back-up system, so that data can be restored. All anti-virus and anti-malware software is kept up to date.
How long do we keep your data for?
The NHS specifies that patient records should be kept for at least 7 years or, in the case of children under 18, until their 25th birthday. This practice follows the College of Optometrists guidance that it is best practice for records to be kept for at least 10 years. When records need to be disposed of, this is done securely in accordance with current advice.
What rights do you have over your data?
Under the GDPR there is a right for a data subject to request access to the data held about them and rights to rectify or in some cases erase their data, unless there is a lawful basis for us to retain certain data. A Subject Access Request should be made in writing to Jeremy Topliss who will respond within one month. There will be generally no charge for any reasonable request to be dealt with. There is a right under GDPR to lodge a complaint to the Information Commissioner's Office on 0303 123 1113 or via their website www.ico.org.uk.