Privacy

&

Cookie Policy

Reviewed June 2023

Contents


Introduction

Please read our Privacy and Cookie Policy carefully as this sets out how and why we collect personal information. By providing us with personal information you consent to the processing and transferring of personal information as set out in this Privacy and Cookie Policy


Information about Haine and Smith LLP

Haine & Smith Partnership LLP is a Limited Liability Partnership registered in England and Wales.

Registered Office:
31 The Brittox
Devizes
Wiltshire
SN10 1AJ

Reg. No: OC343092
VAT No: 501795944

Haine & Smith LLP are data controllers of your personal data for the purposes of applicable data protection legislation. Haine & Smith LLP shall ensure that any personnel that it authorises to process the Personal Data shall be subject to a duty of confidentiality.

We take our commitment to your privacy very seriously.


Data Relating to our Patients / Customers

What personal information may be collected and processed about you in practice

  • Name
  • Date of birth
  • Email address
  • Postal address
  • Contact telephone numbers (mobile/landline)
  • Clinical details (including current and past eye conditions, current medical details and general health conditions)
  • GP details
  • Examination and screening results
  • Spectacle prescriptions
  • Contact lens prescriptions
  • Dispensing history
  • Copies of any correspondence we have written about you or received from other professionals such as your doctor or ophthalmologist
  • Occupation, driving and lifestyle information
  • Payment details and history
  • Bank details for Direct Debit mandates
  • Signature on NHS GOS voucher applications
  • Any other information provided to us by you that is necessary for providing you with a better service
Note: Telephone calls between patients and providers will not be recorded or monitored at Haine and Smith. However, transcribed summarisations of import conversations will be logged on our systems.

We mainly collect this information from you when you give it to us voluntarily, but we may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others. We can also combine this information with information from public sources.

What personal information may be collected and processed about you on the Haine and Smith Website

  • Name
  • Email address
  • Contact telephone numbers (mobile/landline)
  • Information that you provide when filling in forms on our website
  • Data captured by Cookies (see below for further details)

Where your data is stored

  • Data collected in our practices is stored in a secure database.
  • Data collected from our website is stored on a trusted 3rd party server.

How and why your data is used

We use your personal information to provide you with our products and services in the best way possible.

We may use your data to:

  • Provide you with healthcare and eyecare services
  • Remind you when your next appointment is due via letter, email or SMS
  • Contact you regarding any fundamental changes to our service that could impact you
  • Send you health information that we feel is of genuine interest to you
  • Occasionally advise of new products and services that we think will be of genuine interest to you
  • Fulfil your order or refund (we do not store cardholder data)
  • Process a Direct Debit
  • Respond to queries from you
  • Send you requests for your feedback to improve our services
  • Contact you about your online shopping experience, or items left in your basket
  • Provide information to a 3rd party (see "Who your personal data is shared with" below for further details)
  • Analyse trends, or to measure our performance. This enables us to monitor and improve the quality of care we offer you. Any data used for these purposes is anonymised.

Explaining our legal basis for processing

The legal basis for processing your personal data can be summarised as follows:

  • Regulatory Compliance
    This is based on the provision of health care and is defined under the Opticians Act and the General Optical Council. By law we are permitted to process special categories of data (see Article 9 (2) h).
  • Contractual Obligations
    Processing may be necessary in order to carry out an agreement we have with you or a 3rd party e.g. the NHS.
  • Legitimate Interest
    Activities that relate to us managing our business to enable us to provide you with the best experience we can whilst remaining fair, secure and respectful of your personal requirements and rights. If we feel there is a risk of processing resulting in our interests overriding your interests, we will always seek your consent to continue. Examples of processing include contacting you about products and services that we think are relevant to you, sending you feedback surveys etc.
  • Legal Obligation
    In order to prevent and detect fraudulent or criminal activity we may share information with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this.
  • Consent
    You will be asked in practice to provide your marketing preferences, and often online too. You have the right to withdraw your consent at any time.
  • Vital Interest
    As we collect information regarding your eye health, in exceptional circumstances we may be required to provide this information to another healthcare provider for your safety and to prevent significant harm. For example - in exceptional circumstances we may provide information regarding your eye health to your hospital if you were unable to give us consent.

Who your personal data is shared with

We do share your personal data with trusted third parties as an essential part of being able to provide our services to you. Please be assured we do not sell personal data, and do not provide personal data to list providers for the purposes of marketing.

  • When your next appointment is due, we will send your data to a trusted 3rd party to fulfil the printing and posting of a reminder letter. Your data is processed securely and is encrypted.
  • If you are an NHS patient, we are obliged to provide your record to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that have been paid for, and to improve quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as the sight test or spectacles) as part of this monitoring. (See Appendix A - Disclosure of Data and Appendix B - NHS Care Record Guarantee).
  • Other medical professionals including other optometrists, doctors or the NHS and third parties appointed by the NHS.
  • We may pass personal information to external agencies and organisations, including the police and other law enforcement agencies, for the prevention and detection of fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks.
  • We pass on certain personal information to your employer when you have been referred to us through our Business Services dept.
  • We pass on personal information onto our insurers if a claim is made against us or could be made against us.
  • In the event that Haine & Smith LLP sells or buys any business or assets, in which case we may disclose your personal information to the prospective buyer or seller.
  • If you are a contact lens patient, necessary details regarding your CL specification and some contact details will be shared with our trusted suppliers.
  • If you pay for products via Direct Debit, your payment details, contact details and product details will be shared with trusted suppliers in order to process payments and to ensure that you are supplied the products that you are paying for.
  • IT and data companies who help support our website and other business systems.
  • Third parties who we use to help us update your contact information to keep your data accurate.

How long we keep your Information

  • Our data retention policy is tailored to the categorisation of the data in question. This is to ensure that data is minimised in respect of the individuals’ rights, we are abiding by the law and that we are considering our business interests.
  • Data is retained for as long as is reasonably necessary. Record retention follows regulations for the industry. Records related to tax follow HMRC regulations.

How we keep your information safe

  • We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.
  • We have Data Processing Agreements with all of our 3rd Party Data Processors, ensuring that they maintain Privacy standards that comply with current UK Data Protection Regulations
  • We have no control over the contents of third party sites or resources which are linked to our website and we accept no responsibility or liability for them or the privacy practices they use or for any loss or damage that may arise from your use of such websites or resources.

How can you amend or update your personal Information

You can amend or update personal information by visiting any of our practices. You may also call or write to any of our practices, or our Head Office using the address in Section 2.


Data Relating to our Business Services Clients

What personal information may be collected

  • Contact name
  • Company name
  • Department
  • Company address
  • Phone and fax number
  • Email address

How your data is used

Establishing contact regarding contracts and the employees of the client.

Where is your data stored

In a password protected database on a server located in a secure office.

Who your personal data is shared with

Personal data is only shared internally for the purposes of fulfilling contruactual obligations.

How long we keep hold of your Information

Clients are contacted annually to ensure that the data we store is up to date. Personal Data relating to an individual is erased when either:

  1. The individual requests it
  2. The invididual is no longer employed by the company/is no longer the relevent person to contact
  3. The contract with the client expires

How we keep your information safe

We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.

How to amend/update personal information?

You can update or amend personal information by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively write to H&S Business Services using the address in section 2


Cookie policy

Introduction

This policy covers our use of cookies, IP addresses and other technologies.

What are cookies?

Cookies and other online tracking technologies are small bits of data or code that are used to indentify your devices when you use and interact with our websites and other services.

When you access and interact with our services cookies may collect certain information about those visits. For example, to permit your connection to our websites, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, other software or hardware information, and your geographic location.

What cookies do we use?

Performance Cookies

Performance cookies are used to see how visitors use the website, e.g. analytics cookies. These cookies cannot be used to directly identify a certain visitor.

Targeting Cookies

Targeting cookies are used to identify visitors between different websites, e.g. content partners, banner networks. These cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.

Unclassified Cookies

Unclassified cookies are cookies that do not belong to any other category or are in the process of categorization.

Web Beacons

These are bits of data that count the number of users who access a website or webpage and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been or that an email message was successfully delivered and read in a marketing campaign. Web beacons are also used to verify any clicks through to links contained in emails.

Tracking URLs

Tracking URLs are a special web link that allow us to measure when a link is clicked on. They are used to help us measure the effectiveness of campagins and advertising

If you access our services from a mobile device

We may collect a unique device identifier assinged to that device, geo-location data, and other transactional information for that device. wem ay also use the unique identifier to validate free trials, for example.

How we use cookies

Usage of services

To collect, use and store information about your usage of our services, website, such as pages you have visited, content you have viewed, search queries you have run, and advertisments you have seen or interacted with.

To provide relevant content

The content on our websites and in our communications with you may be adjusted depending on what we know about the content, products and services that you like. This means we can highlight content and articles that we believe will be of interest to you. We provide personalisation by using cookies, IP addresses, web beacons, URL trakcing and mobile app settings.

Managing cookies

Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser. You can change your consent to cookie usage at any time on our Privacy Policy page or using the popup menu that appears when you visit the site. Alternatively you can change the settings in your browser.

Controlling OBA cookies

The 'Your Online Choices' website youronlinechoices.com provides more information about controlling cookies. It also provides an easy way to opt out of behavioural advertising from each (or all) of the networks represented by the European Interactive Digital Advertising Alliance.http://www.youronlinechoices.com/uk/your-ad-choices.

Controlling web beacons

You can prevent web beacons from tracking your activity, although you won't be able to decline receiving them in emails. For information about managing your cookie options, please click here


Questions, Further Information & Complaints

If you have any concerns about the way your Personal Data is handled, you can contact our Data Protection Officer:

This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Protection Officer
Haine & Smith Partnership LLP
First and Second Floors 31 The Brittox
Devizes
SN10 1AJ

Alternatively, you can contact the Information Commisioner's Office. Visit ico.org.uk/global/contact-us/ for further details.


Accountability

All employees are expected to become familiar with and abide by Haine & Smith policies, standards and guidelines related to Privacy.

The designated Data Protection Team is responsible for overseeing day to day Privacy issues; developing and maintaining policies, standards, procedures and guidance, coordinating Privacy in the Optical practice, raising awareness of Privacy and ensuring that there is ongoing compliance with the policy and its supporting standards and guidelines.

The Partnership is responsible for ensuring that sufficent resources are avaliable to support the implementation of Privacy procedures to ensure compliance with legal and professional requirments and the NHS Data Security Requirements.


Monitoring

This policy will be reviewed annually, and without delay when any applicable standards or regulations are revised.


Sanctions

Violation of the standards, policies and procedures presented in this document by an employee will result in diciplinary action, from warnings to reprimands up to and including termination of employment. Claims of ignorance, good intentions or using poor judgement will not be used as excuses for non-compliance.



APPENDIX A - Disclosure of Data to commissioners

The practice (provider) agrees to provide anonymised, pseudonymised or aggregated data as may be requested by the co-ordinating commissioner or LOC Company.

Personal data will not be disclosed without written consent or lawful reason for disclosure.

Exceptions to this are covered by:

Section 251 of the NHS Act 206 (originally enacted under Section 60 of the Health and Social Care Act 2001), allow the common law of duty and confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable.


APPENDIX B - NHS Care Record Guarantee

All data processed on behalf of the commissioner with regard to community services must be processed and handled in line with the NHS Care Record Guarantee.

All staff handling data should be aware of the obligations placed upon them by the NHS Care Record Guarantee and the commitments laid out in it.

In summary this covers:

  • As the basis for health decisions
  • Ensure safe effective care
  • Work effectively with others
  • Clinical audit
  • Protect health of the general public
  • Monitor NHS spending
  • Manage the health service
  • To investigate complaints
  • Teaching and research

Laws relating to records

  • Confidentiality under common-law duty of confidentiality
  • General Data Protection Regulation (2016)
  • Privacy (Human Rights Act 1998)

These rights are not absolute, and they need to be balanced against those of others.

Other patient rights recording records:

  • To ask for a copy of all records held in paper or electronic form (a fee may be payable)
  • Choose someone to make decisions about the patient’s healthcare if the patient becomes unable to do so (lasting power of attorney)

Duties placed upon practice (provider)

  • Maintain accurate records of the care provided
  • Keep records confidential, secure, and accurate (even after the patient dies)
  • Provide information in accessible formats (e.g. large print)

The complete NHS Care Record Guarantee will be avaliable for staff members to consult.

Back to top

General Enquiries

info@haineandsmith.co.uk

01672 513686

Haine & Smith Enquiries
31 The Brittox
Devizes
Wiltshire
SN10 1AJ

We want to
hear from you!

Click on the link to fill out our online feedback form, let us know about your experience with us.

TELL US WHAT YOU THINK

Not sure which is your closest practice?
Use our Practice Finder to locate your nearest Haine & Smith.

Practice Finder