Sheppard Opticians is committed to respecting and protecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of Sheppard Opticians in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- Sheppard Opticians
- Contact details of Sheppard Opticians
- When we refer to ‘we’ it is Sheppard Opticians
Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We are an optical retail company that provides eyecare services in many areas to our patients and provide products such as glasses, contact lenses, accessories, eye drops etc to meet the needs of our customers.
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
- Nicole McKay
- 067 31009
Purpose for processing your data
We may collect and process information about you including:
- your name;
- your date of birth;
- your contact phone numbers (including mobile);
- your email and postal address;
- your relevant health details including (a) current and past eye health conditions, general health conditions and glasses, contact-lens details, (b) current medication details, and (c) correspondence between your optometrist and your GP or ophthalmologist;
- your examination and test results;
- your payment details;
- your employment, lifestyle and driving information;
- details of any prescription supplied to you by your healthcare professional or medical practitioner;
- information that you provide by filling in forms on our website;
- details of your visit to the website and any transactions you carry out on the website;
- any information or images you give us when you use our virtual try-on technology; and
- any other information you have voluntarily given us.
We mainly collect this information from you when you give it to us voluntarily, but we may also collect it from other sources if it is legal to do so. This includes from healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others. We can also combine this information with information from public sources.
We rely on our legitimate interests to provide you with a professional eye care in the most secure and appropriate way:
- To perform eye examinations so we can understand your eye health and any medical conditions
- To determine your prescription for eyewear and dispense your eyewear.
- To book your eye tests.
- To send you eye test reminders. Changes in your eyesight are usually very gradual, so regular eye tests are important.
- To send you eye and hearing health communication regarding eye health and vision correction and how you can look after this.
- To communicate with you as well as send you healthcare information, details of special offers and discounts relevant to you.
- So we can respond to complaints, queries and any claims made against us.
Why are we processing your data? Our legal basis
For us to provide you with our eyecare services Sheppard Opticians need to collect personal data for. Our reason (lawful reason) for processing your data under the GDPR is:
- Administration of your online account
- To process any transactions when you purchase our goods and services
- To payment card processors to process credit and debit card payments and store payment information.
- So we can provide our products and services to you
- To meet our contractual obligations
We rely on legal obligations where we have a statutory or other legal obligation to process the information, such as for the investigation of crime:
- We may need to make your personal data available to other optometrists, medical practitioners, health and social care providers or the HSE.
- Regulators may request information when carrying out their functions
- Other third parties who have a legal right to access personal data e.g the Garda our insurers, external auditors and investigators
- Other companies who provide us with updated personal information e.g. changes to your contact information, deceased indicators.
- If you choose to exercise your data rights e.g. a subject access request
- So we’re able to meet our obligations as registered and dispensing optometrists.
- So we can respond to any complaints or claims we receive from regulators or other third parties
- Fraud prevention and detection
- Health and safety of members of the public, our staff and our customers
In any event, Sheppard Opticians are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Sheppard Opticians will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
We may pass your personal data on to third-party service providers contracted to Sheppard Opticians in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Sheppard Opticians procedures.
If we wish to pass your sensitive personal data onto a third party, we will only do so once we have obtained your explicit consent unless we are legally required to do otherwise.
We have issued all our third-party processors with a Data Processor checklist asking them GDPR specific questions
If we transfer personal data to a third party or outside the EU we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
Data subject rights:
Sheppard Opticians facilitate you, our clients, rights in line with our data protection policy and the subject access request procedure. This is available on request.
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to another organisation.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Sheppard Opticians refuses your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Additional information we are providing you with to ensure we are transparent and fair with our processing
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Sheppard Opticians will process personal data in accordance with our retention schedule. This retention schedule has been governed by our internal governance.
In the event that you wish to make a complaint about how your personal data is being processed by Sheppard Opticians or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Sheppard Opticians data protection representatives Data Protection Officer / GDPR Owner
If we are collecting your data for a contract (e.g. Life policy or motor insurance policy) and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data.
If we have received your personal data from another source, we will endeavour to share with you:
- one month of obtaining the personal data, in accordance with the specific circumstances of the processing;
- at the first instance of communicating in circumstances where the personal data is used to communicate with the data subject;
- when personal data is first disclosed in circumstances where the personal data is disclosed to another recipient.
Your privacy is important to us. If you have any queries, questions or comments regarding this Statement, please do not hesitate to contact us.