Privacy policy.

1. Introduction

This Privacy Policy explains how Frances Liddle Independent Opticians collects, uses and protects your personal information. We comply with UK GDPR and the Data Protection Act 2018 and are committed to safeguarding your privacy.

2. Who We Are

Frances Liddle Independent Opticians

We are the data controller responsible for your personal information.

3. The Information We Collect

Patient & Customer Information

  • Name, address, phone number, email address

  • Date of birth

  • Clinical information including prescriptions, eye health records, retinal/OCT images, and clinical notes

  • NHS number (where relevant)

  • Appointment history and purchase information

Technical & Website Data

  • IP address, browser type, device information

  • Website usage data

  • Cookies and analytics data (if used)

Marketing Data

  • Your marketing communication preferences

  • Newsletter engagement (if applicable)

4. How We Collect Your Data

We collect information when:

  • You attend an appointment

  • You complete forms in practice or online

  • You contact us by phone, email or through our website

  • You subscribe to our newsletter

  • You use our website (cookies, analytics)

5. How We Use Your Information

We use your personal data to:

  • Provide optometric services and eye examinations

  • Maintain accurate clinical records

  • Process orders for glasses, contact lenses and other products

  • Send appointment reminders and health-related updates

  • Manage NHS referrals and communicate with GPs or hospitals

  • Improve our website and services

  • Send marketing communications (only with your consent)

6. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract: to provide your eye care and related services

  • Legal Obligation: NHS requirements and record-keeping regulations

  • Consent: for marketing emails and newsletters

  • Legitimate Interest: practice administration, reminders and service improvements

7. Sharing Your Information

We do not sell your data.
We may share information with trusted third parties such as:

  • NHS services, GPs and hospitals for referrals

  • Optical laboratories that make your lenses and spectacles

  • Contact lens suppliers (including for direct home delivery)

  • Xeyex (our practice management system)

  • IT providers, website hosting and email systems

  • Payment processors

  • Email marketing platforms (if you opt in)

All third parties must comply with UK GDPR and protect your data.

8. Cookies

Our website may use cookies to improve performance, functionality and analytics. You can manage cookie preferences through your browser settings.

9. Data Retention

We retain personal and clinical data for the periods required by UK law:

  • Clinical records: minimum 10 years

  • Children’s records: until age 25 (or 26 if last seen at 17)

  • Contact/booking enquiries: up to 12 months

  • Analytics data: typically 26 months

10. Your Rights

Under UK GDPR you have the right to:

  • Access your personal data

  • Request correction of inaccurate information

  • Request deletion (where appropriate)

  • Restrict or object to processing

  • Request transfer of your data

  • Withdraw consent for marketing at any time

To exercise any of these rights, contact us at: [Insert Email]

11. Data Security

We take appropriate technical and organisational measures to protect your personal and clinical information from loss, misuse or unauthorised access.

12. External Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those websites.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us.