RC Pinder Privacy Notice

 

Who we are?

We at RC Pinder Ltd are registered with the Information Commissioners Office as a Data Controller registration number Z5543456. We are specialists in supplying optical goods and services and operate from:

Pinders 20 Queen Street Southwell NG25 0AA

Pinders 5-9 Queen Street, Mansfield NG18 1JL

Pinders 8 Rufford Avenue, Mansfield NG18 2BT

Pinders 33 Forest road, New Ollerton NG22 9PR

Pinders 1a Sherwood Street, Warsop, NG20 0JP

 

Your Privacy

Your privacy matters to us and we are committed to the highest data privacy standards and patient confidentiality. To disclose this to you, our Privacy Notice includes the following:

  • What data we collect from you.
  • How and why we process it.
  • Who we share it with and why.

We adopt the six core principles of data protection which are:

  1. Lawfulness, fairness and transparency- we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitation- we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisation- we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracy- we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitation- we delete personal data when we no longer need it. Whilst the timescales in most cases aren't set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentiality- we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your Personal Data

We collect your personal information via disclosure directly from you or your parent or guardian. This might be via our website, via our booking system, telephone or face to face engagement.

Categories and Type of Personal Data Collected and processed.

We collect contact details from you including:

  • Name
  • Address
  • Telephone number(s)
  • email addresses
  • Date of Birth

In addition to this contact information we collect clinical data including:

  • Current and past relevant health and medication information.
  • Examination results including retinal images.
  • Relevant lifestyle information such as pastimes or work impacting on eye care.

Finally, we collect financial information where appropriate including:

  • Payment card details via EPOS.
  • Banking details for direct debit mandates.

We treat all personal data as sensitive but acknowledge that we also process special category data.

Child Data

Article 8 of the GDPR and Article 9 of the UK Data Protection Act 2018 specify how we are permitted to process data relating to children under 16 (For the UK this is under 13). Given our industry we comply with this requirement by permitting parents or guardians to make appointments for children and to provide us with their own contact details to use on behalf of the children. On the appointment confirmation we offer a statement of understanding which confirms that the recipient is indeed a parent or guardian of the child.

Reason for Data collection and processing activities.

Contact information is captured to enable us to contact you through various communication channels on matters directly related to your treatment. This could include appointment reminders, results, check up reminders and any other information which is felt to be crucial to your eye care including offers from us about our services.

Clinical data is collected as an essential means of providing you with the service which you require and without collecting this information our service could not be delivered.

Payment information is collected to facilitate the payment of our services.

Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

A full list of processors is available from our Data Protection Officer but includes Optix Software Limited (Our business software provider), lens manufacturers, frame manufacturers, contact lens manufacturers and payment processors.

We may also need to share your data with other health care providers, such as the NHS, where this is needed to ensure you receive appropriate treatment and care.

Securing and Processing of your Personal Data

Your data is stored mainly within our software system provided by Optix Business Software Limited. They hold ISO 27001 and as part of our own due diligence our Data Protection Officer has reviewed security processes in place including the results of penetration testing undertaken.

Your data is also stored within local devices secured using passwords and user authentication. All branches offer a high level of physical security and operational rigour to ensure data and the devices on which that data resides, are protected.

 

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office; who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

 

Our legal basis for processing your personal data?

We are required to identify one of six possible legal grounds for processing. These are:

  • consent
  • contract
  • legitimate interests
  • vital interests
  • public task
  • legal obligation

 

As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.

 

We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.

 

Where special category of data is processed, we do so Article 9 (2) h – processing in necessary for…the provision of health or social care.

 

How long do we keep your personal data for?

We process three categories of personal data and retain this data for different periods of time.

 

Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last appointment.

 

Based on the guidance of the The College Of Optometrists:

For Adults over the age of 18 we keep records for 10 years after the last seen appointment or until the patient's 25th birthday if later.

 

Payment information is held by us only as long as is necessary to process the payment or to set up the direct debit mandate.

 

 

Your rights in relation to personal data

Under the GDPR, you have rights to access and control your personal data. These rights include:

  • access to personal information
  • correction and deletion
  • withdrawal of consent (if processing data on condition of consent)
  • data portability
  • restriction of processing and objection
  • lodging a complaint with the Information Commissioner’s Office

 

You can exercise your rights by emailing our Data Protection Officer on Southwell@pindersopticians.co.uk

 

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113   

https://ico.org.uk/concerns/ 

 

Use of cookies and other technologies

 

Please see links to our terms and conditions and cookie policy at https://pindersopticians.co.uk/terms

 

 

 

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

 

Data Protection Officer: Peter Herniman

Phone Number: 01636 812286

Email:  southwell@pindersopticians.co.uk

updated 19/02/2020

 

RC Pinder Ltd Cookie Policy

Updated 2021

 

What are cookies?

We may place small text files called ‘cookies’ on your device when you visit our website. These files do not contain personal data, but they do contain a personal identifier allowing us to associate your personal data with a certain device. Cookies are NOT viruses, any kind of malware, programs or applications. Cookies can't see the files on your device.

 

Why do we use cookies?

Cookies serve several useful purposes for you, including:

  • Allow you to access restricted content.
  • Tailoring our website’s functionality to you personally by letting us remember your preferences, location or device type.
  • Improves our website performance.
  • Improving your experience and allowing our website to recognise you when you return.
  • Helps us understand who our audience is so that we can provide content most relevant to you.
  • Allows third parties to provide services to our website.

We use three types of cookies on our website?

  • Essential cookies– Allow our website to perform its essential functions. Without these cookies, some parts of our websites would stop working.
  • Performance cookies– Monitor how our website is performing, and how you interact with it. We use them to know how best to improve our website or services.
  • Functional cookies– these are cookies that remember who you are as a user of our website. We use them to remember any preferences you may have selected on our website, like saving your username and password or settings.

 

 

 

 

Changing Cookie Settings?

You can alter your cookie settings on our website at any time using our cookie settings section.

Deleting cookies

Your internet browser generally accepts cookies automatically, but you can often change this setting to stop accepting them. You can also delete cookies manually.

Deleting or no longer accepting cookies may prevent you from accessing certain aspects of our website where cookies are necessary or because the website forgot your preferences.  

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org

 

Essential cookies

Cookie

laravel_session                                     

Purpose                                    

This cookie is used internally by the website’s owners, when uploading or renewing website content.

Duration

1 Day

Cookie

XSRF-TOKEN

Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.

Duration

1 Day

Functional Cookies                                          Purpose                               Duration

_hjClosedSurveyInvites

Hotjar cookie that is set once a visitor interacts with an External Link Survey invitation modal. It is used to ensure that the same invite does not reappear if it has already been shown.

365 days

_hjDonePolls

Hotjar cookie that is set once a visitor completes a survey using the On-site Survey widget. It is used to ensure that the same survey does not reappear if it has already been filled in.

365 days

_hjMinimizedPolls

Hotjar cookie that is set once a visitor minimizes an On-site Survey widget. It is used to ensure that the widget stays minimized when the visitor navigates through your site.

365 days

_hjShownFeedbackMessage

Hotjar cookie that is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the visitor navigates to another page where it is set to show.

365 days

_hjid

Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.

365 days

_hjRecordingLastActivity

This should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).

Session

_hjTLDTest

When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.

Session

_hjUserAttributesHash

User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.

Session

_hjCachedUserAttributes

This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.

Session

_hjLocalStorageTest

This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.

Under 100ms

_hjIncludedInPageviewSample

This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit.

30 minutes

_hjIncludedInSessionSample

This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit.

30 minutes

_hjAbsoluteSessionInProgress

This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.

30 Minutes

_hjFirstSeen

This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.

Session

hjViewportId

This stores information about the user viewport such as size and dimensions.

Session

_hjRecordingEnabled

This is added when a Recording starts and is read when the recording module is initialized to see if the user is already in a recording in a particular session.

Session

 

Performance cookies

_gat_UA-92443388-37, _gid, _ga, _gclxxxx, _gat_UA-145808401-2, _gat_xxxxxxxxxxxxxxxxxxxxxxxxxx

These cookies are set by Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies then we will not know that you have visited our site, and will not be able to monitor its performance.