top of page

McCabe Opticians - Privacy Policy


Our responsibility

To help us perform our duties as healthcare providers we collect data some of which is personal data (as defined by data protection legislation) such as your name, address and date of birth as well as clinical information gathered during your visits to the practice. 

We are committed to protecting your privacy and taking care of all your data. As data controllers we are responsible for how this information is used and for explaining that to you. 

Data processing

We use computerised systems to securely store and process the information we hold about you. The systems we use may include:

  • patient management software which uniquely identifies you. This allows our clinical staff to efficiently review your eye healthcare history to inform their examinations, and administrative staff to e.g. send relevant communication about your care.

  • devices which we use to take images of your eyes during examinations.

 

Data sharing

We need to share your personal information when we make referrals (e.g. the hospital eye department) or specialist services. This is achieved through a secure network connected to the NHS which ensures the information is transferred safely. The legal basis for this is General Data Protection Regulation (GDPR) article 9(2)(h) “the provision of health or social care or treatment or the management of health or social care systems”.

We may also share information to support research on important health topics with the potential to provide significant public benefit. Such data sharing will never involve the release of personally identifiable data for use by researchers, and we will only agree to share data for this purpose if the projects have appropriate ethical and legal approval, have scientific merit, are well designed and carried out by trusted research organisations. The legal bases for this are GDPR article 9(2)(j) “scientific or historical research purposes or statistical purposes” and 6(1)(e) “the performance of a task carried out in the public interest”.

In some situations, we may be obligated to share information with external agencies like the police or insurance companies. The legal bases for these are GDPR articles 6(1)(e) “the performance of a task carried out in the public interest” and 6(1)(c) “compliance with a legal obligation”.

Data retention

We need to retain your health-related information to ensure continuous clinical care. We will keep this for 10 years after you last attended or until your 25th birthday, if this is later. For information on your right to access or remove your data, please see the guidance below.

More information

If you have any questions about the data we collect or how we use it, please ask us or contact our data protection officer [ask for Lynn or Nicola]. The Scottish Government has published a charter on patient rights and responsibilities, which gives more detail about what you are entitled to when you receive NHS care in Scotland. https://www.gov.scot/publications/charter-patient-rights-responsibilities-2/

​

​

bottom of page