OUR PRIVACY PROMISE
1. We respect your privacy and your choices.
2. We make sure that privacy and security are embedded in everything we do.
3. We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
4. We will never sell your personal data.
5. We are committed to keeping your personal data safe and secure.
6. We are committed to being open and transparent about how we use your personal data.
7. We will not use your personal data in ways that we have not told you about.
8. We respect your rights and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.
For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.
WHO WE ARE
Visioncare At Home Limited (Company registration number SC322804) is the data controller responsible for the personal data that you share with us. The company is registered in the UK and complies with all country regulations.
We have an appointed data protection officer who can be contacted at email@example.com and provides oversight on all our data protection issues.
WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, user generated content and health information.
HOW DO WE COLLECT OR RECEIVE YOUR PERSONAL DATA?
We might collect or receive personal data from you via our websites, forms or otherwise. Sometimes you give this to us directly (e.g. when you create an account in PCR Portal, when you contact us, when you purchase from our store.
WHAT DATA DO WE COLLECT?
The type of data that we collect may depend on the purpose you contact us. Personal data is likely to include:
• Residential address and delivery address
• Age and date of birth
• Phone number (mobile and landline)
• Purchase and order history
• Eye health and medical information
• Lifestyle and hobbies as part of your eye test
• Feedback and survey responses
• Correspondence in writing, email or over the phone
• Payment information
• Information on the pages you have visited on our website (please see our cookies policy for more information)
• When applying for a job with Visioncare at Home we will collect information provided on your CV including education and qualifications, previous employment history, health information, information relating to criminal offences and referee contact details.
EXPLAINING THE LAWFUL BASIS WE RELY ON
The list below sets out which legal basis we rely on when processing your personal data for each context.
• Performance of a contract
This applies where you provide us with your personal data in order for us to provide you with a service.
(e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics)
• Legitimate interests –
1. This applies where you provide us with your personal data and we use it to:
Improves our products and services. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services, so they match your needs.
2. Prevent fraud. Where you provide us with your personal data, it means we can action any payment you make when you purchase any of our products and/or services, and importantly, check that your payment is free from fraud.
3. Secure our tools: We may use your personal data to keep our tools (websites/apps/devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure.
• Comply with a legal obligation
This is where you provide us with your personal data which we need to keep for our legal reasons.
(e.g. when you make a purchase, we need to keep your transaction information to comply with our tax and financial reporting obligations)
• Protect the vital interests of an individual
This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.
HOW AND WHY DO WE USE YOUR PERSONAL DATA?
We may automatically process personal data to evaluate certain personal aspects about an individual. The reasons for processing data are administration, your eyecare treatment, providing products and services relevant to you, data quality, commercial, financial, legal, marketing, medical, safety and security, letting you know when your next appointment is, dealing with queries, payments, service provision, employment and statistical analysis.
We may also use the information for carrying out customer service surveys, letting you know about service changes, carrying out security checks to protect against fraudulent transactions.
We will do this with the intention of making any communication as tailored, relevant and with as little intrusion as possible. We will do this if it is in our legitimate business interest.
Customers may typically receive the following communication: –
• Patient list confirmation – this is to ensure we have an accurate list of who is to receive an eye test in order to ensure nobody is missed and we can inform the relevant health board. This is part of our service and contractual obligations.
• Eye test reminders and booking – as part of our medical service we will remind you when eye exams are due and arrange a suitable time to conduct these eye tests. We may follow up if we do not hear from you. This is part of our legitimate interest in the provision of eye health services.
• 72 Hour Check – we will contact you 72 hours before a test day to ensure there are no changes to the patient list and confirm our appointment. This is part of our service and contractual obligations.
• Service notifications – we may need to inform you about changes to our service which may inconvenience you. This is part of our contractual and legal compliance.
• Patient eye health communication – as part of our medical eye health service we
may need to communicate relevant findings. This is part of our legitimate interest in the provision of eye health services.
• Glasses delivery – we will contact you to arrange a suitable date to deliver and fit the glasses. This is part of our legitimate interest in the provision of eye health services.
• Glasses repair service – on your request, we will contact you to arrange a suitable time to perform repairs to glasses. This is part of our legitimate interest in the provision of eye health services.
• Invoice payment – we may contact you to discuss options and arrange payment for any glasses you have ordered.
• Marketing communications – we may contact you to inform you of a new product or service. You are free to opt out of these communications at any time by contacting us at the address below.
• Survey and feedback requests – we have a legitimate interest to listen to your feedback as it helps improve our services and products and makes them more relevant to you.
WHO MAY ACCESS YOUR PERSONAL DATA?
First, we want to be clear that we do not sell your personal data.
Your personal data may be accessed within Visioncare At Home. Where appropriate, we may share your personal data between our brands to harmonise and update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics.
• Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you.
• The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features.
IS MY PERSONAL DATA SECURE?
We are committed to keeping your personal data secure and take all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and, once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access including: –
• Data encryption and backup
• Industry leading antivirus software
• Controlling access to systems and networks
• Staff training to make them aware of how to handle sensitive information and what to do if something goes wrong
• Regular testing of our technology and ensuring we have the latest security updates
• Secure shredding and any paper information
As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.
WHERE DO WE STORE YOUR PERSONAL DATA?
Data is stored on a secure server located in the UK. We use a variety of security technology and procedures to help protect your personal information from unauthorized access and use.
The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area (“EEA”).
For further information, please contact us as per the “Contact” section below.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
• The purpose for which we hold your personal data.
• Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations.
• Whether you are no longer actively participating or engaging with services.
• Any specific requests from you in relation to the deletion of your personal data
• Our legitimate business interests in relation to managing our own rights, for example the defense of any claims.
When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.
WHAT RIGHTS DO I HAVE?
Visioncare At Home ltd respects your right to privacy and the importance that you are able to control your personal data.
You have the following rights:
• The right to be informed
• The right of access
You have the right to access, and receive a copy of, any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing such access but only where permitted by law.
Visioncare at Home will not provide personal data to third parties unless we have consent of the individual or by statutory exemption.
If you have authorized a third party to submit a request for the release of your personal data, we will ask them for written proof of this consent or to provide a verifiable power of attorney. Consent must be in writing and contain the name, date of birth, address of the individual. Details of the data to be disclosed, the
recipient, confirmation of identity must also be provided. The consent form must be signed and dated by the data subject.
All requests should be made to the data protection officer at the address below. All requests will be processed within one month.
• The right to rectification
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function.
• The right to erasure/right to be forgotten
In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.
• The right to withdraw consent at any time for and personal data processing based on consent
You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal.
WHAT RIGHTS DO I HAVE?
• The right to lodge a complaint with a supervisory authority
You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.
• The right to data portability
You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means.
• The right to restriction
This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further. It applies in the following limited circumstances set out in the General Data Protection Regulation:
o The accuracy of the personal data is contested by you, for a period enabling
Visioncare at Home to verify the accuracy of the personal data.
o The processing is unlawful and you object the erasure of your personal data and request Visioncare at Home restricts the ways in which it processes your personal data.
o Visioncare at Home no longer needs your personal data for the purposes of its processing, but you require the personal data for the establishment, exercise or defense of legal claims.
HOW CAN I EXERCISE THESE RIGHTS?
For more information, or to request any of the rights noted above, please contact us on the details set out below.
Note that we may require proof of your identity and full details of your request, before we process any request(s).
DATA LEGISTATION AND GUIDELINES WE COMPLY WITH
Visioncare at Home must comply with relevant sections of numerous legistations, codes, regulations and regulatory guidelines. These include: –
• General Optical Council guidelines
• College of Optometrists Guidance for Professional Practice
• Data Protection Act 1998
• Access to Health Records 1990
• General Data Protection Regulations 2016
• Computer Misuse Act 1990
• Human Rights Act 1998
• Equality Act 2010
• Protection of Freedoms Act 2012
• Privacy and Electronic Communications Regulations 2003
• NHS Management Code of Practice 2016
• Information Commissioner’s Office Guidance
• Employment, Safety and Tax Legislation
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us
at firstname.lastname@example.org or by writing to us at:
Data Protection Officer
Visioncare At Home Ltd
50 Speirs Wharf
Last updated March 2019
© Visioncare at Home Ltd 2019. All rights reserved.