GDPR Compliance

Our Commitment to GDPR

At Eye Care at Home, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page outlines how we meet our obligations under GDPR and your rights regarding your personal data.

Data Controller Information

Eye Care at Home is the data controller for personal information collected through our services. Our contact details are:

Email: info@EyeCareAtHome.co.uk
Phone: 0121 382 8183

Personal Data We Collect

As a healthcare provider, we collect personal data including:

  • Basic identity information (name, date of birth, contact details)
  • Health information relevant to your eye care
  • NHS number and GP details (where applicable)
  • Financial information for payment processing
  • Appointment history and service preferences

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing necessary for the performance of our contract to provide eye care services
  • Legal obligation: Processing necessary for compliance with legal obligations (e.g., maintaining health records)
  • Vital interests: In emergency situations to protect your vital interests
  • Legitimate interests: Where processing is necessary for our legitimate interests (e.g., appointment reminders)

For special category data (health information), we process this based on:

  • Provision of health care or treatment (Article 9(2)(h) of GDPR)
  • Public health (where required by law)

How We Use Your Data

We use your personal data to:

  • Provide appropriate eye care services and treatment
  • Manage appointments and send reminders
  • Process payments and maintain accounts
  • Communicate important information about your eye care
  • Maintain your health records as required by law
  • Improve our services through anonymized data analysis

Data Sharing

We may share your data with:

  • NHS services and your GP (with your consent or as required for your health care)
  • Other healthcare providers involved in your care
  • Regulatory bodies such as the General Optical Council
  • Service providers who process data on our behalf (e.g., secure payment providers)

All third parties are required to respect the security of your data and treat it in accordance with the law.

Data Retention

We retain your health records for the periods required by UK healthcare regulations (typically a minimum of 10 years after your last consultation). Financial records are kept for 7 years as required by tax legislation.

Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Request erasure of your personal data (where legally possible)
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of your personal data
  • Withdraw consent where processing is based on consent

Please note that some of these rights may be limited in the context of healthcare provision to ensure appropriate care and to comply with legal obligations.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@EyeCareAtHome.co.uk
Phone: 0121 382 8183

We will respond to all legitimate requests within one month.

Complaints

If you have concerns about how we handle your data, please contact us first so we can address your concerns. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Last Updated: 6 April 2025