Privacy & Cookie Policy



Please read our Privacy and Cookie Policy carefully as this sets out how and why we collect personal information. By providing us with personal information you consent to the processing and transferring of personal information as set out in this Privacy and Cookie Policy

Information about Haine and Smith LLP

Haine & Smith Partnership LLP is a Limited Liability Partnership registered in England and Wales.

Registered Office: Units 7 & 8, Salisbury Road Business Park, Pewsey, Wilts. SN9 5PZ.
Reg. No: OC343092 VAT No: 501795944
Haine & Smith LLP are data controllers of your personal data for the purposes of applicable data protection legislation. Haine & Smith LLP shall ensure that any personnel that it authorises to process the Personal Data shall be subject to a duty of confidentiality.
We take our commitment to your privacy very seriously.

Data Relating to our Patients

What personal information may be collected and processed about you in practice

  • Name
  • Date of birth
  • Email address
  • Postal address
  • Contact telephone numbers (mobile/landline)
  • Clinical details (including current and past eye conditions, current medical details and general health conditions)
  • GP details
  • Examination and screening results
  • Spectacle prescriptions
  • Contact lens prescriptions
  • Dispensing history
  • Copies of any correspondents we have written about you or received from other professions such as your doctor or ophthalmologist
  • Occupation/driving and lifestyle information
  • Payment details and history
  • Bank details for Direct Debit mandates
  • Any other information provided to us by you that is necessary for providing you with a better service
Note: Telephone calls between patients and providers will not be recorded or monitored at Haine and Smith. However, transcribed summarisations of import conversations will be logged on our systems.

What personal information may be collected and processed about you on the Haine and Smith Website

  • Name
  • Email address
  • Contact telephone numbers (mobile/landline)
  • Information that you provide when filling in forms on our website
  • Data captured by Cookies (see below for further details)

Where your data is stored

  • Data collected in our practices is stored in a secure database at the Haine and Smith practice that you are registered with. It is also copied to another secure database at Head Office in Pewsey.
  • Data collected from our website is stored on a trusted 3rd party server.

How your data is used

  • Your eyecare
  • Processing data relating to your credit/debit card and order details to enable to fulfilment of your order
  • Reminding you when your next appointment is due
  • Providing products and services/advising of new products and services that we think will be of interest to you
  • Processing monthly Direct Debits
  • Responding to queries from you
  • Within the partnership we may use the information to analyse trends, or to measure our performance. This enables us to monitor and improve the quality of care we offer you. The information is anonymised

Who your personal data is shared with

We will not pass your personal information to anyone outside Haine & Smith LLP without your prior consent, except the following:

  • When your next appointment is due, we will send your data to a trusted 3rd party to fulfil the printing and posting of a reminder letter. Your data is processed securely and is encrypted.
  • If you are an NHS patient, we are obliged to provide your record to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that have been paid for, and to improve quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as the sight test or spectacles) as part of this monitoring. (See Appendix 1 - Disclosure of Data and Appendix 2 - NHS Care Record Guarantee).
  • We may pass personal information to external agencies and organisations, including the police and other law enforcement agencies, for the prevention and detection of fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks.
  • We pass on certain personal information to your employer when you have been referred to us through our Business Services dept.
  • We pass on personal information onto our insurers if a claim is made against us or could be made against us.
  • In the event that Haine & Smith LLP sells or buys any business or assets, in which case we may disclose your personal information to the prospective buyer or seller.
  • If you are a contact lens patient, necessary details regarding your CL specification and some contact details will be shared with our trusted suppliers, including Adaro Optics Ltd.
  • If you pay for products via Direct Debit, your payment details, contact details and product details will be shared with Adaro Optics Ltd. in order to process payments and to ensure that you are supplied the products that you are paying for.
  • If we introduce a new service that we think would be of genuine interest to you, offering you health, wellbeing or lifestyle benefits, we would undergo data processing in order to inform you. This could lead to data being shared with 3rd parties. We always exercise due diligence to ensure that these 3rd parties are GDPR compliant, ensure that data is kept secure and not retained for any longer than absolutely necessary.

How long we keep your Information

  • Our data retention policy is tailored to the categorisation of the data in question. This is to ensure that data is minimised in respect of the individuals’ rights, we are abiding by the law and that we are considering our business interests.
  • Data is retained for as long as is reasonably necessary. Record retention follows regulations for the industry. Records related to tax follow HMRC regulations.

How we keep your information safe

  • We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.
  • We have Data Protection Agreements with all of our 3rd Party Data Processors, ensuring that they maintain Privacy standards that comply with current UK Data Protection Regulations
  • We have no control over the contents of third party sites or resources which are linked to our website and we accept no responsibility or liability for them or the privacy practices they use or for any loss or damage that may arise from your use of such websites or resources.

How can you amend or update your personal Information

You can amend or update personal information by visiting any of our practices. You may also call or write to any of our practices, or our Head Office using the address in Section 2.

Data Relating to our Business Services Clients

What personal informatiom may be collected

  • Contact name
  • Company name
  • Department
  • Company address
  • Phone and fax number
  • Email address

How your data is used

Establishing contact regarding contracts and the employees of the client.

Where is your data stored

In a password protected database on a server located in a secure office.

Who your personal data is shared with

Personal data is only shared internally for the purposes of fulfilling contruactual obligations.

How long we keep hold of your Information

Clients are contacted annually to ensure that the data we store is up to date. Personal Data relating to an individual is erased when either:

  • a) The individual requests it

  • b) The invididual is no longer employed by the company/is no longer the relevent person to contact

  • c) The contract with the client expires

How we keep your information safe

We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.

How to amend/update personal information?

You can update or amend personal information by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively write to Katrina Thomas using the address in section 2

Cookie policy


This policy covers our use of cookies, IP addresses and other technologies.

What are cookies?

Cookies and other online tracking technologies are small bits of data or code that are used to indentify your devices when you use and interact with our websites and other services.

What are cookies and how do we use them?

Web Beacons

These are bits of data that count the number of users who access a website or webpage and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been or that an email message was successfully delivered and read in a marketing campaign. Web beacons are also used to verify any clicks through to links contained in emails.

Flash cookies

We may, in certain situations, use Adobe Flash Player to deliver special content, such as video clips or animation. To improve your user experience, Local Shared Objects (commonly known as Flash cookies) are used to provide functions such as remembering your settings and preferences. Flash cookies are stored on your device, but they are managed through an interface different from the one provided by your web browser.

Tracking URLs

Tracking URLs are a special web link that allow us to measure when a link is clicked on. They are used to help us measure the effectiveness of campagins and advertising

If you access our services from a mobile device

We may collect a unique device identifier assinged to that device, geo-location data, and other transactional information for that device. wem ay also use the unique identifier to validate free trials, for example.

How we use cookies

Usage of services

To collect, use and store information about your usage of our services, website, such as pages you have visited, content you have viewed, search queries you have run, and advertisments you have seen or interacted with.

To provide relevant content

The content on our websites and in our communications with you may be adjusted depending on what we know about the content, products and services that you like. This means we can highlight content and articles that we believe will be of interest to you. We provide personalisation by using cookies, IP addresses, web beacons, URL trakcing and mobile app settings.

Managing cookies

Most modern browsers are set to accept cookies by default, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser.

Controlling OBA cookies

The 'Your Online Choices' website provides more information about controlling cookies. It also provides an easy way to opt out of behavioural advertising from each (or all) of the networks represented by the European Interactive Digital Advertising Alliance.

Controlling Flash cookies

You can manage the use of Flash technolgoies with the Flash management tools avaliable at Adobe's website at,

Controlling web beacons

You can prevent web beacons from tracking your activity, although you won't be abl to declive recieving them in emails. For information about managing your cookie options, please click here


If you have any concerns about the way your Personal Data is handeld, you can contact our Head Office on 01672 513686 or write to the Data Protection Team at the address in section 2.
Alternatively, you can contact the Information Commisioner's Office. Visit for further details.


All employees are expected to become familiar with and abide by Haine & Smith policies, standards and guidelines related to Privacy.

The designated Data Protection Team is responsible for overseeing day to day Privacy issues; developing and maintaining policies, standards, procedures and guidance, coordinating PRivacy in the Optical practice, raising awareness of Privacy and ensuring that there is ongoing compliance with the policy and its supporting standards and guidelines.

The Partnership is responsible for ensuring that sufficent resources are avaliable to support the implementation of Privacy procedures to ensure compliance with legal and professional requirments and the NHS Data Security Requirements.


This policy ill be reviewed annually, and without delay when any applicable standards or regulations are revised.


Violation of the standards, policies and procedures presented in this document by an employee will result in diciplinary action, from warnings to reprimands up to and including termination of employment. Claims of ignorance, good intentions or using poor judgement will not be used as excuses for non-compliance.

APPENDIX A - Disclosure of Data to commissioners

The practice (provider) agrees to provide anonymised, pseudonymised or aggregated data as may be requested by the co-ordinating commissioner or LOC Company.

Personal data will not be disclosed without written consent or lawful reason for disclosure.

Exceptions to this are covered by:

Section 251 of the NHS Act 206 (originally enacted under Section 60 of the Health and Social Care Act 2001), allow the common law of duty and confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable.

APPENDIX B - NHS Care Record Guarantee

All data processed on behalf o fhte commissioner with regard to community services must be processed and handled in line with NHS Care Record Guarantee.

All staff handling data should be aware of the obligations placed upon them by the NHS Care Record Guarantee and the commitments laid out in it.

In summary this covers:

    As the basis for health decisions
  • Ensure safe effective care
  • Work effectively with other
  • Clinical audit
  • Protect health of the general public
  • Monitor NHS spending
  • Manage the health service
  • To investigate complaints
  • Teaching and research

Laws relating to records

  • Confidentiality under common-law duty of confidentiality
  • General Data Protection Regulation (2016)
  • Privacy (Human Rights Act 1998)

These rights are not absolute, and they need to be balanced against those of others.

Other patient rights recording records:

  • To ask for a copy of all records held in paper or electronic form (a fee may be payable)
  • Choose someone to make decisions about the patient’s healthcare if the patient becomes unable to do so (lasting power of attorney)

Duties placed upon practice (provider)

  • Maintain accurate records of the care provided
  • Keep records confidential, secure, and accurate (even after the patient dies)
  • Provide information in accessible formats (e.g. large print)

The complete NHS Care Record Guarantee will be avaliable for staff members to consult.

Back to top

General Enquiries

01672 513686

Haine & Smith Enquiries
7-8 Salisbury Road Business Park
Salisbury Road

We want to
hear from you!

Click on the link to fill out our online feedback form, let us know about your experience with us.