We at Debney’s Opticians hold various pieces of information about you that you have given us including your name, address, telephone numbers, email address, D.O.B. and NHS number.  Our legal basis for processing this data is for legitimate interest and for the purposes of health care. The only instances we receive information you haven’t directly supplied to us is from other registered health care professionals such as doctors and consultants and those under their supervision.

We also keep clinical details such as the state of your eye health, your spectacle and/or contact lens specifications and copies of letters we have written and received from other professionals.

We consider all this information to be confidential and do not share with any other 3rd parties (other than those above) unless your express permission has been given or we have a legal obligation to. If you are an NHS patient, we are obliged to provide the portion of your record that relates to NHS services to authorised persons within the NHS (who are in turn subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that we have been paid for, and to improve quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as a sight test or spectacles) as part of this monitoring.

Your information is stored securely as digital format and on paper records. All staff are aware of the importance of ensuring and maintaining the confidentiality of personal data. All electronic data is password protected and we have a suitable back-up procedure. Any on-line back-up uses a service which encrypts the data securely. When computers are replaced old hard drives are securely erased or physically destroyed. Paper records are kept in lockable filing cabinets.

We follow the guidelines set by our governing body for length of retaining records:
- All records are retained for 10 years from the date of last seeing the patient.
- Records of children are retained until they are 25 AND it is 10 years since they were last seen.
- Records of the deceased are kept for 10 years.
- Paper records are destroyed by shredding.
- Digital records are deleted
- We do not record any telephone conversation.

Within the practice we may use your information to analyse trends or to audit our performance which enables us to monitor and improve the quality of care that we offer you. We do not use 3rd party marketing companies.

We store bank account information on those patients that pay by standing order for contact lenses and debit/credit card information for any card payment taken. We have a security protocol in place to ensure employees can only access the information essential for their role and receive appropriate training. The information is stored securely and is kept only for tax purposes and future claims/information.

Electronic transfer of patient information such as emails, are only sent to the patient or legal representative. We use a secure NHS network and email for all other information sent.


If you require independent advice or wish to make a complaint, please contact the Information Commissioners Office at