Data Protection and the General Data Protection Regulations (GDPR)

How The Eye Company looks after and secures information concerning you.

The Eye Company and its staff aim to provide you with the highest quality healthcare. To do this they need to keep records about you, your health, and the care we have provided or plan to provide to you. We will manage the storage and security of this information to the best of our abilities.

The information recorded may include:

  • Basic details about you, such as address, date of birth, next of kin;
  • Details of your spectacle or contact lens prescription;
  • Details of glasses or contact lenses supplied to you;
  • Other details and notes about your health and medical treatment;
  • Records of medicines you have been prescribed by your doctor;
  • Information relevant to your continued care from other people who care for you and know you well, such as other health professionals and relatives.

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details about your ocular health, your general health, advice given and referrals made to other health professionals. This information won’t be shared with anyone else except under the circumstances described below in ‘Sharing Information’.

  • The information held about you will not be shared for any reason, unless:
  • You ask us to do so;
  • We ask and you give us specific permission;
  • We are permitted by law, for example where public interest overrides the need to keep the information confidential.

The types of people we may ask you for permission to share information with include your doctors (GP and hospital) and other health professionals.

Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions of the types listed above.

Following an eye examination (or on completion of a contact lens fitting) patients can ask to be given a copy of their prescription (specification).Duplicate copies of both the above documents can be issued although we reserve the right to make a small charge,  for the safeguard of our patients the following should be noted:

  • The document will need to be signed by the prescribing optician. He or she may be available on the same day, but the signature may be delayed until the optician is next in the practice.
  • Details will not be given out over the telephone; this is for both security and the elimination of transcription errors.
  • Under no circumstances will patient details be given out to a 3rd party unless under strict written authorization of the patient concerned.

You have the right to confidentiality under law, NHS Code of Practice, and our professional Code of ethics to keep records about you confidential, secure and accurate. Our guiding principle is that we hold your records in strict confidence.

You have the right to ask for a copy of all our records about you. You will need to give adequate information in order for optical staff to identify you (for example, full name, address and date of birth). If you think any information we hold on you is inaccurate or incorrect, please let us know.

Regarding data protection; all personal data will be relevant and lawfully collected, any data we collect data will only be held and used for lawful purposes. Data held on a specific patient will not be disclosed unless under written permission from the said patient. Every effort will be made to ensure data is accurate and up to date.

An individual shall be entitled at reasonable intervals and without undue delay or expense;

  • To be informed by any Data User whether he holds personal data of which that individual is the subject
  • To have access to any such data held by a Data user; and where appropriate, to have such data corrected or erased.

We will from time to time send out reminders that the individual is due an appointment for an eye test. With the permission of the individual we will also communicate information about promotions and marketing events that we are running.


Where we have already provided the information and you require a duplicate (such as a duplicate copy of your prescription) we reserve the right to charge a reasonable fee which is payable in advance.

A request for access to personal data must be made in writing subject to any applicable exemptions. A copy of information held both on manual record and computer will be provided, we reserve the right to charge a reasonable fee which takes into account the work involved and is payable in advance. We are required to respond to your request within 21 days.

Since patient data is of a medical nature we will retain all prescription and dispensing data for a minimum of 7 years with no upper limit.  At the written request of the patient, however, we will delete all data held about that individual.