Security and Privacy

Account Security

The security of your transactions, information and money is our top priority. We use Paypal Fraud Protection services which leverages the Secure Sockets Layer (SSL) protocol. SSL has an encryption key length of 128 bits which is the highest length commercially available. Paypal automatically encrypts your confidential information in transit from your computer to the Paypal servers which are heavily guarded both physically and electronically. These servers sit behind a monitored electronic firewall and are not connected directly to the internet, so your private information is only available to authorized computers.

At Eyekit we do not store your credit card details. To ensure that no one else can get access to your personal information stored on our site (such as your prescription details), it is important that you do not disclose your user name and password to anyone else. We will not pass on any of the information you submit to us to any third party marketing organisations. Please view our Privacy Policy below.

We prefer to ship to the card holders address to ensure that all orders come directly to you, the customer. However, if you chose to ship to another address we might decide to call you to ensure your card is not being fraudulently used by someone else.

If you have any questions regarding our security practices please contact us and we will be happy to answer them.

Secure mode (HTTPS)

Secure mode (HTTPS) encrypts all web pages sent to your browser. It is easy to see this happening as the start of the web page's address changes from HTTP: to HTTPS: in the browser's address box. Secure mode (HTTPS) is engaged before you are required to supply or are asked for any confidential information.

Eyekit Privacy Policy 

This privacy policy describes the personal data collected or generated (processed) when you use Eyekit’s website. It also explains how your personal data is used, shared and protected, what choices you have relating to your personal data and how you can contact us.

Why we collect and process your personal data

We collect and process patients’ and non patient (data from customers who do not require prescription services) personal data for the purposes of healthcare and marketing. 

Our legal bases for processing personal data for healthcare purposes, including appointment reminders, include public task or legitimate interests. 

  • When we provide services under the NHS General Optical Services contract (such as a sight test funded by the NHS), our legal basis for processing personal data in respect of that service is public task
  • Otherwise our legal basis is legitimate interests

Our condition for processing special category data is the provision of health or social care.

We process our patients' personal data for marketing purposes with their consent or to meet a legitimate interest. This means we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.

The data we may collect and process

The personal data that we may collect and process includes:

Patient Data:

  • Your name, contact details and personal identifiers (such as date of birth and NHS number)
  • Your general and ocular health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about
  • Details of medicines, spectacles and contact lenses prescribed for you
  • Details of examinations and other healthcare checks and treatments we provide
  • Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives

Non Patient Data:

By ordering through the Website we will require certain information from you. 

  • Your email address is essential in order for us to be able to supply you with important information such as order confirmations and changes to the service.
  • We also require your telephone number if we need to discuss any aspect of your order. 
  • Login and account information, including screen name, password and unique user ID. Note, we do not have access to any password created for login.
  • Other essential information will include your payment details, billing and delivery address.
  • Any images, photo’s or video’s you send for featuring on the website.

How we hold and share your personal data

We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems using a variety of technical and organisational security measures, including encryption and authentication tools, to maintain the safety of your personal data.  

Patient data:

Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.

We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.

In the course of processing your personal data we may share it with:

  • The healthcare professionals working at this practice and those under their supervision
  • Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them 
  • Your GP, ophthalmologists and other healthcare providers and commissioners, and suppliers of optical appliances or similar products, in connection with your ongoing healthcare treatment 
  • Software providers for our patient record and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you

Non Patient Data:

  • Third party service providers processing personal data on Eyekit’s behalf, for example to process credit cards and payments, shipping and deliveries, host, manage and service our data, distribute emails, as well as administering certain services and features. When using third party service providers we enter into agreements that require them to implement appropriate technical and organisational measures to protect your personal data.
  • Your personal information will be retained for as long as is necessary to carry out the purposes set out in this privacy policy (unless a longer retention period is required by applicable law). In general, this means that we will keep your personal data for as long as you keep your Eyekit account. For personal data related to product purchases, we retain this longer to comply with legal obligations (such as tax and sales laws and for warranty purposes).

Your rights

You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:

  • The right to be informed about how we use personal data – this privacy notice gives that information
  • The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests
  • The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
  • The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)
  • The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligationIf you ask us to delete such data we will discuss this with you
  • If you do not wish to receive information relating to new features or promotional offers, you may opt out of this by following the unsubscribe instructions in any email received. You can also amend your details at any time by signing in to the Customer Login screen or by notifying us via email or telephone.

Contacting us about your personal data

Please speak to us if you have any questions or concerns about the way in which we process personal data. You can contact Stephen on 01937 835766 or via email at stephen@eyekit.co

Cookies

In order to place an order on the website you will need to have cookies enabled. A cookie is a tiny element of data that is stored on your computer's hard drive by your web browser when you access a website. We use several cookies for the order process which store information about your login, selected product, prescription and optician details.

If you have any questions or comments about privacy, please email us.