Skip to main content

GDPR Patient Information Leaflet


The work we carry out at Coates & Grute Optometrists Ltd involves processing personal data in compliance with the General Data Protection Regulation (GDPR). If we ask you for personal information we will: 

  • Collect it for specified, explicit and legitimate purposes only
  • Only collect information that is adequate, relevant and limited 
  • Record only accurate and up to date information
  • Keep information for no longer than is necessary 
  • Store your information securely

Sharing your data and health information

Coates & Grute Optometrists Ltd do not share your data with third party vendors. We will only share your data in very specific circumstances.

These are

  • For your direct care. For example, sharing your details with another health care professional in order to manage your care
  • Where a patient has expressly consented. For example, you request a referral to a consultant
  • Where there is a statutory gateway or legal requirement 
  • Where there is an overriding public interest justification

Accessing your own data and health information

You have the right to access the information that Coates & Grute Optometrists Ltd hold about you. Such access is given following an application made in writing or via email, and is known as a Subject Access Request (SAR). There is no cost to patients making an SAR unless the request is ‘manifestly unfounded or excessive.’ In this case we will charge a reasonable fee for multiple or complex requests or refuse the request.  We are obliged to respond within one month of receipt of the request.

You also have the right to

  • Request rectification of the data held
  • Request erasure of the data held
  • Restrict processing of your data in some circumstances.


Should you require further information please ask one of the Directors for copies of our GDPR Policies and Procedures documents.