Customer Privacy policy V4.7

• You, when you provide it directly to us either as a new or returning customer
• A guardian or appointed representative
• Trusted data & marketing companies
• Online enquiries via our website and Google ads
• The NHS where we are delivering a healthcare service on their behalf
• Where appropriate companies that are owned by OutsideClinic such as bloom hearing specialists™ Hearing. Following the acquisition of Bloom Hearing by OutsideClinic, we are now retiring the bloom hearing brand and transferring some data across to OutsideClinic, but don’t worry we have notified all customers individually. Customers have the option to opt out of communications at any time

• Contact details (such as name, address, phone, email)
• Health information (such as prescription, medication, capacity information, conditions)
• Contact information for representatives & guardians where appropriate
• Information to help us provide after care and any specialist treatment or products you may require
• Marketing preferences
• Measurements/specifications – so we can make sure your glasses or hearing aids are the perfect fit
• Call recordings

• To keep you informed about services, offers and products from OutsideClinic
• To keep you informed about services, offers and products from our trusted partners
• To provide you with healthcare services
• To refer you to the NHS
• Manage the information and keep it secure & up to date
• Process payments and invoices
• If we’ve agreed this with you we might put you in contact with specialist partners
• To record & review calls and wider correspondence for training and monitoring purposes
• To identify the most appropriate service offering for you. 

We use most personal information in accordance with ‘legitimate interests’ this includes considering benefits to the customer, OutsideClinic and our trusted partners…but don’t worry we balance your privacy rights to ensure that the benefits pass privacy tests before using personal information in this way!

Where it's appropriate to do so, we will ask for your consent to ensure we are clear on your choices.

We may also use information to fulfil a transaction or contract – for example if you purchase glasses, we’ll handle payment information and address details, to deliver you what we have promised!

We might need to pass certain information on to the NHS if we find that you need additional treatment or advice, we’ll mostly do this after talking this through with you, in rare & serious cases this might be done to protect you (where it is in your vital interests). 

We always need to follow the law so there may be some cases where we are legally required to share information with statutory partners & Ombudsman – these are official Organisations like the Police or the General Optical Counsel. We’ll tell you more about this in the ‘who we share information with’ section.

We might occasionally fulfil public tasks on behalf of the NHS to provide audiology & optical services; this will be in line with our legal obligations under the Opticians Act 1989, the NHS Hearing Loss Action Plan, the NHS Act 2006, the Equality Act 2010 and the Health & Social Care 2012. Of course we’ll process your information in accordance with Data Protection Laws and the Privacy and Electronic Communications Regulations (PECR).

Of course! Wherever we have used your information in line with legitimate interests and consent you will usually be able to opt by clicking this link: outsideclinic.co.uk/remove

There may be some cases where we have to hang on to some information – we explain this in the ‘information we keep’ section.

The NHS – inward and outward referrals and invoicing. We refer customers to the NHS for support and treatment where necessary.

Experian and Sagacity for marketing services and support.

Optelec for specialist medical products where discussed with the customer.

From time to time we use HubSpot services to send you marketing updates you can view more about processing details here https://legal.hubspot.com/privacy-policy

 Statutory partners for investigations and audits such as the GOC General Ophthalmic Counsel, the Police, the Information Commissioner and so on.

Trusted Subsidiary Companies where appropriate.

Trusted optical consultants.

IT consultants and system providers. 

Courts and Tribunals where necessary.

We promote details of our trusted partners offers, services and products. We give the customer the choice whether they want to contact the partner directly, and share their own personal information.

International Transfers.

We are committed to ensuring that any international transfer comply with UK Data Protection Legislation. In most cases, it will be necessary for OutsideClinic to implement the appropriate contractual safeguards prior to transferring such data.

From time to time we use HubSpot services who process limited information within the United States of America to send you marketing updates you can view more about processing details here https://legal.hubspot.com/privacy-policy.

We also use Google Analytics who process limited cookies information within the United States of America. Google has developed a browser add-on to allow users to opt-out of Google Analytics across all websites which use it. This is also available in the Chrome web store. Click here to read Google's overview of privacy and safeguarding data.

• ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully
• ask us to correct the personal data that we hold about you
• ask us to delete your personal data. This one’s a little tricky! If, for some reason, we still hold your data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold!
• object to us processing your personal data. This applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data.
• ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
• ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible
• withdraw consent for processing – we’ve mentioned this above in the ‘can you opt out?’ section
• Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically. Here at the Outside Clinic, we don’t make automatic decisions, we carefully reach decisions about you and your information

We keep your personal data for as long as we have to and always do this in line with data protection laws. We don’t want to keep your data any longer than we need to!

We store information securely, we mainly keep this digitally on our protected devices, we may also keep paper records for a certain period of time but don’t worry we’ll keep these secure as well.

For more information please refer to our customer retention schedule. 

Outside Clinic occasionally provide NHS healthcare services, where appropriate we comply the National Data Opt Out Scheme.

We are one of many organisations working within health and social care to improve health and wellbeing for patients as well as the public. Information collected from you when you use our services may be stored and shared with services or partner organisations for purposes other than your individual care, for instance to help with:

• Improving the quality and standards of care provided
• Monitoring safety

This may only take place when there is a clear legal basis to use this information. Confidential information about your health and care will only be used in limited circumstances where it is not possible to use anonymised data.

You have a choice about whether you want your confidential information to be used in this way. If you are happy for your information to be used in this way you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

For more information or to register your choice to opt out please visit https://www.nhs.uk/your-nhs-da.... You can choose to opt in at any time.

Please be aware that the National Data Opt Out does not apply to information used for marketing purposes, your data would only be used in this way with your specific agreement or where there is a clear legitimate interest.

All Health and Social Care organisations should have systems and process in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our organisation is compliant with the national opt out policy.

We care so much about privacy that we have got a helping hand from some data protection experts, Midland Data Protection act as our registered Data Protection Officer. Their contact details are below:

You can email: info@midlanddataprotection.co.uk

Or call: 0333 577 0646

Outside Clinic Contact details can be found at https://www.outsideclinic.co.u...

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

• By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email icocasework@ico.org.uk