GDPR Patient Information Leaflet
The work we carry out at Coates & Grute Optometrists Ltd involves processing personal data in compliance with the General Data Protection Regulation (GDPR). If we ask you for personal information we will:
- Collect it for specified, explicit and legitimate purposes only
- Only collect information that is adequate, relevant and limited
- Record only accurate and up to date information
- Keep information for no longer than is necessary
- Store your information securely
Sharing your data and health information
Coates & Grute Optometrists Ltd do not share your data with third party vendors. We will only share your data in very specific circumstances.
- For your direct care. For example, sharing your details with another health care professional in order to manage your care
- Where a patient has expressly consented. For example, you request a referral to a consultant
- Where there is a statutory gateway or legal requirement
- Where there is an overriding public interest justification
Accessing your own data and health information
You have the right to access the information that Coates & Grute Optometrists Ltd hold about you. Such access is given following an application made in writing or via email, and is known as a Subject Access Request (SAR). There is no cost to patients making an SAR unless the request is ‘manifestly unfounded or excessive.’ In this case we will charge a reasonable fee for multiple or complex requests or refuse the request. We are obliged to respond within one month of receipt of the request.
You also have the right to
- Request rectification of the data held
- Request erasure of the data held
- Restrict processing of your data in some circumstances.
Should you require further information please ask one of the Directors for copies of our GDPR Policies and Procedures documents.