You have trusted us to take care of your eye and hearing needs so you can completely trust us with your privacy and personal information. We are committed to the highest level of privacy standards. However you interact with us we only collect data that is necessary for us to deliver the best care and service possible, to ensure you are reminded about appointments or anything else related to your on-going care.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with United Kingdom data protection regulations applicable to Brooks and Wardman Ltd.
This privacy notice provides information on when, how and why we collect your personal information, your privacy rights, how the law protects you and the very limited conditions when we may disclose it to others.
Information about Brooks and Wardman
The “controller” for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Brooks and Wardman Ltd.
28 The Ropewalk,
Brooks and Wardman are a UK registered company, registered with companies house (08599716).
The Data Subject (You)
In this privacy notice any reference to you is the person whose personal information we collect, use and process. This will include anyone who contacts us in connection with the products and services we provide or who interacts with us in any other way such as our website www.brooksandwardman.co.uk or in practice.
The personal information we may collect and process
The personal data of patients that we may collect and process includes:
- Your name, contact telephone number details (including mobile), your email and postal addresses and personal identifiers (such as date of birth and NHS number)
- Your relevant current and previous general, eye and ear health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about
- Details of medicines, spectacles and contact lenses prescribed for you
- Details of examinations and other healthcare checks and treatments we provide
- Your employment, lifestyle and driving information
- Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives
- Your payment details
- Information you provide by filling in forms on the Brooks and Wardman website
- Details of your visit to the website and any transactions you carry out on the website
- Any other information voluntarily provided by you.
This information is generally collected from you as you have voluntarily provided to us. Where lawful to do so we may also collect information from other sources such as the NHS, other health care providers, from individuals authorised to provide information (e.g. parents or legal guardians), financial institutions, government, tax or law enforcement agencies.
How we use this information
The information we collect about you is used to ensure we provide you with the best and most appropriate products and services. In addition to your ongoing eye care, we will remind you when appointments are due and suggest relevant products or services that we believe would be of interest. We use your contact information to respond to queries from you, and where appropriate your bank details to collect Direct Debit payments as agreed. We also process information to maintain records for legal, regulatory, tax and other corporate purposes. We may occasionally contact you to ask for your feedback on services we have provided and to offer the opportunity to trial new products.
We only process your information where we are allowed to on the legal basis of:
- the purposes of health care (a condition for processing special category data) for examination records and appointment reminders
- meeting a legitimate interest to inform you of eye and hearing health products and services which may be relevant to you.
- carrying out an agreement we have with you
- fulfilling a legal obligation
- you having agreed to it
- public task when we provide services under the NHS Contract for a sight test funded by the NHS
Our policy on storage, processing and retention of your information.
To provide and manage our services, your data is stored and processed by Optix Software Ltd within their UK facilities that are certified to ISO27001. If we collect Direct Debits from you these payments will be processed by Eyecare Payments Ltd. Any third-party company is only permitted to process your data for the specified purposes and in accordance with our instructions.
We retain your information for as long as reasonably necessary to provide our products and services and to maintain records to satisfy tax and other legal requirements.
How and when we may share your Personal Information
Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
You have certain legal rights under UK Data Protection Legislation and European GDPR in respect of the personal data we hold about you. The rights that are most relevant to the way in which we use your personal data include:
- The right to be informed about how we use personal data:
this privacy notice gives that information
- The right of access:
if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
- The right to rectification:
if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you). It’s important to keep us up to date with your latest contact details.
- The right to object:
if you object to us processing your data for marketing purposes, or for healthcare purposes or where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests.
- The right to erasure:
also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you.
Updating your communication preferences
You may ask that we do not send you communications using any of the contact details we hold on our records, this may include your email, SMS, telephone and postal information. You may also request we restrict our communications to clinically necessary messages. Your personal preferences can be changed at any time by using the link at the end of every email and SMS message we send or by using our contact details below.
For those patients registered with MySight you can log in and book appointments, amend your contact details and your communication preferences via https://brooksandwardman.mysight.uk/Home/Welcome#.
Please visit our contact page for all details of how to contact us by email or post.