GDPR Patient Information Leaflet

 

The work we carry out at Coates & Grute Optometrists Ltd involves processing personal data in compliance with the General Data Protection Regulation (GDPR). If we ask you for personal information we will: 

• Collect it for specified, explicit and legitimate purposes only
• Only collect information that is adequate, relevant and limited 
• Record only accurate and up to date information
• Keep information for no longer than is necessary 
• Store your information securely

Sharing your data and health information

Coates & Grute Optometrists Ltd do not share your data with third party vendors. We will only share your data in very specific circumstances.

These are

• For your direct care. For example, sharing your details with another health care professional in order to manage your care
• Where a patient has expressly consented. For example, you request a referral to a consultant
• Where there is a statutory gateway or legal requirement 
• Where there is an overriding public interest justification

Accessing your own data and health information

You have the right to access the information that Coates & Grute Optometrists Ltd hold about you. Such access is given following an application made in writing or via email, and is known as a Subject Access Request (SAR). There is no cost to patients making an SAR unless the request is ‘manifestly unfounded or excessive.’ In this case we will charge a reasonable fee for multiple or complex requests or refuse the request.  We are obliged to respond within one month of receipt of the request.

You also have the right to

• Request rectification of the data held
• Request erasure of the data held
• Restrict processing of your data in some circumstances.

 

Should you require further information please ask one of the Directors for copies of our GDPR Policies and Procedures documents.