Privacy & Cookies Policy

This privacy policy sets out how we use and protect any information that you give when you use this website. We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. We may change this policy from time to time by updating this page.

Who we are?

Coe and Coe are a private, independent Optometrists and Opticians operating from Langrick & Coe, 6 Church Street, Oakham, LE15 6AA and Graham Coe, 11 Burton Street, Melton Mowbray, LE13 1AE.

We are registered with the Information Commissioners Office as a Data Controller, registration number Z1232628 and Z1232585.

Graham Coe Limited Reg no:04717700, Registered in England & Wales.

Your Privacy

This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.

Collection of your Personal Data

Where you provide personal data to us, we will become responsible for it as the data controller.

We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.

We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.

We may also collect it from other sources if it is legal to do so. This includes from the NHS or other healthcare providers, institutions or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others.

Main Categories and Type of Personal Data Collected and processed.

Processing Activity	Personal Data Required/Held	Retention Time	Reason to hold Data
Optical service and products	Name, date of birth, telephone numbers, address and email Current and past health and medication information, family history, your examination results, and lifestyle information. Data received other healthcare professionals as part of your ongoing care	10 years after last contact or until age 25, whichever is later	Contract – in order to provide the service or products you have requested Where health data is processed, we do so for the provision of healthcare.
Hearing care service and products	Name, date of birth, telephone numbers, address and email Current and past health and medication information, family history, your examination results, and lifestyle information. Data received other healthcare professionals as part of your ongoing care	10 years after last contact or until age 25, whichever is later	Contract – in order to provide the service or products you have requested Where health data is processed, we do so for the provision of healthcare.
Reminders	Name, email address, address, telephone numbers	10 years after last contact or until age 25, whichever is later or until asked to stop by you	Contract – In order to provide the ongoing service appointment reminders are sent
Marketing	Name, email address, address, telephone number	Until asked to stop by you or until consent withdrawn by you	Legitimate interests – we will provide information which we believe is of genuine interest to you. Consent – you have given consent to receive information about products or services that are of interest to you
Credit/Debit card payments	Cardholder name, card number, security number	Duration of the transaction	Contract – you have agreed to provide these details to pay for the service or products ordered
CCTV footage	Images	30 days	Legitimate interests – Prevention and detection of crime. Protection of our colleagues and visitors. Investigation of accidents, incidents, criminal activities and breaches of our policies.
Collection of online identifiers for analytical purposes (Cookies)	Cookie information IP address Device ID Session ID Interaction history Website feedback	See Cookie Policy	Consent – Ensuring visitors get the best experience.

We treat all personal data as sensitive but acknowledge that we also process special category data including health data and children’s data.

Sharing of Personal Data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.

If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.

A full list of processors is available from our Data Protection Officer.

Where necessary we may disclose your information to health care professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

Securing and Processing of your Personal Data

To provide and manage our services your electronic data is stored and processed by Optix Software Ltd within their UK facilities, certified to ISO27001, which has appropriate security processes in place.

Your data is also stored within our own IT systems, which are secured to prevent access or intrusion by anyone who is not authorised to have access to your data. Our practices are operated to ensure that all records and equipment holding your personal data are physically protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we will inform you if the loss or unauthorised access of your data has potential to cause you harm. We may report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

Your rights in relation to personal data

Under UK data protection law, you have following rights which you can exercise by emailing our Data Protection Officer on LangrickandCoeDPO@clinicaldpo.com

Right	Explanation
Right to be Informed	This means that we have to be transparent in how we collect and use your personal data
Right of Access	You have the right to access your personal data.
Right to Rectification	If the information we hold about you is inaccurate or incomplete you can request that we correct this
Right to Erasure	You can request that we delete or remove personal data in certain circumstances
Right to Restrict Processing	You have the right to request that we cease processing your data if you consider it inaccurate or incomplete and/or you object to the reason we’re processing your data We will review the validity of your request and respond to you with our decision
Right to Data Portability	Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party
Right to Object	You have the right to object to our processing in certain circumstances and an absolute right to object to direct marketing.
Rights relating to Automated Decision-Making including Profiling	We do not use automated decision-making or profiling Where automated decision-making is applied, organisations must give you information about the processing introduce simple ways for you to request human intervention or challenge a decision carry out regular checks to make sure that our systems are working as intended

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.

https://ico.org.uk/make-a-complaint/

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

Data Protection Officer: Clinical DPO
Phone Number 0203 411 2848
Email: LangrickandCoeDPO@clinicaldpo.com

National Data Opt Out Statement

Coe and Coe is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/introducing-patient-data (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until July 2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

Cookies

Website security
An Introduction to cookies
Your consent for cookie deployment by our website.
Cookies used by our website
Actual cookies deployed
How to disable cookies

Security

Website Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
External Links
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

An introduction to cookies

A cookie is a small data file that is automatically placed onto your computer's hard drive. Cookie files are created by our website and placed onto your device in order to analyse and influence your preferences or behavior. Analytical cookies are designed to track your journey and experience on our website - so that we may tailor your experience and gather data. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. The majority of modern web browsers will automatically allow cookies to be placed onto your device. However you can usually modify your browser's settings in order to prevent any cookies from being placed onto your device. Setting your browser to block cookies may prevent you from taking full advantage of our website.

Cookies deployed by our website:

Ensure that functionality operates as intended
Remember your choices and preferences during and between visits
Allow you to share pages via popular social media networks including Facebook and Twitter
Allow you to interact with our website by leaving comments or opinions
Post enquiries via online forms
Track your visit for statistical analysis, allowing us to improve the usability, speed and security of our website

Cookies are not deployed to:

Collect any personal identifiable information (without your express permission)
Collect any sensitive information (without your express permission)
Pass data to advertising networks
Pass personally identifiable data to third parties
Pay sales commissions

Your consent for cookie deployment by our website.

Upon your first visit to our website, you may have noticed our banner alerting you to the use of cookies by our website. In compliance with the 2011 EU Cookie Law, our website operates on an 'Implied Consent' basis. This means that we have assumed that you have 'opted-in' for our website to deploy cookies until you choose to deactivate them within your browser settings or via the instructions below. Below you can learn more about the specific cookies deployed by our website, and how they can be disabled. For more information on the EU Cookie Law in the UK, we recommend visiting the Information Commissioner's Office (ICO) website where you can find the latest information, guidelines and advice on the EU Cookie Law.

Cookies used by our website

Social Network Sharing
We encourage users to share our content and/or like our on profile on the popular Social Media websites Facebook, Twitter, YouTube, Google+ and LinkedIn. In order to make 'Social Sharing' accessible, our website utilises widgets either provided directly from the Social Networks and/or via amalgamative widgets from third parties such as AddThis. Cookies and privacy implications from the social networks vary and will be dependent on your nominated privacy settings with each Social Network. Social Sharing buttons will only deploy cookies if you are signed to that respective Social Network at the time of being on our website.
Analytical Tracking
Our website has Google Analytics installed which allows us to track and compile anonymous visitor statistics. The information collected ranges from simple traffic volume to the type of browser you are viewing our website with. This information is valuable to us not just for marketing analysis and quantification, but to improve the usability, security and load speed of our website content. Google Analytics is a popular, secure, flagship webmaster product from Google. The privacy and security of Google Analytics data is a high priority at Google. Google also offer a Google Analytics Opt-out Browser Add-on that will allow you to automatically Opt-out of all websites that track your activity via Google Analytics. No personal information is collected by Google Analytics.
Cookie Consent Check
Upon your first visit to our website, you will notice a subtle banner on the page alerting you to the fact that cookies are being placed onto your computer by our website. In order for our website to remember your choice of opting-in, we store a cookie which expires after the set amount of days below (see table).
Wordpress
Our website, either in full or in part, is built on the popular open-source CMS framework - WordPress. WordPress utilises cookies to allow visitors to register, login and comment on our website's content. If you do not wish to participate in commenting on our website, Wordpress will not deploy any cookies onto your device. Cookies will only be created by Wordpress if you actively register or comment via the clear forms on our website.
Enquiry Forms
Our website's visitors can choose to contact us via form(s) on our website. In order to prevent spam enquiries, we protect our forms with anti-spam challenges which ensure the visitor is an actual living person, rather than a computer bot or spider.

Actual cookies deployed

Below is a table of information which lists all cookies deployed and used on our website.

Cookie Category	Cookie Name	Cookie Description
Cookie Consent	complianceCookie	This cookie is set by our website once you have seen and acknowledged our Cookie banner. This cookie will expire and automatically delete itself after [30] days.
Google Analytics (Universal)	_ga, _gat	The single default cookie for Google Universal Analytics. This sole cookie used by Goole Analytics stores a unique client identifier (Client ID) which is set randomly. This cookie is set to expire after 24 months (2 years) and is refreshed each time you visit our website.
	_utmb	A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor enters a site.
	_utmc	A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor leaves the site.
	_utmv	Used for reporting in Google Analytics classifying the visitor.
	_utmz	A Google Analytics cookie which tracks where the visitor came from, what search engine was used, what link was clicked on, what keywords used, and where in the world the site was accessed from.
WordPress	wp-settings-{time}-[UID]	Serveral WP Settings cookies may be set if you log into the website. The number on the end is your individual user ID from the users database table. This is used to customise your view of admin interface, and possibly also the main site interface.
	wordpress_test_cookiewordpress_wordpress_logged_in	These WordPress session cookies are created if and when you log into WordPress either as an administrator or contributor to the website.
	devicePixelRatio	This cookie records your device's pixel ratio. If your screen resolution is a retina or Hi DPI screen, then the website may choose to serve you higher resolution graphics.

How to disable cookies

Most modern browsers allow you to control your cookie settings for all websites that you browse. You can disable cookie deployment completely by editing your browser settings, however in doing this you may be limiting the functionality that is displayed on our website. To learn how to disable cookies on your preferred browser we recommend reading this advice posted by Google.

If you are concerned about cookies tracking your movements on the Internet then you may be concerned about spyware. Spyware is the name given to a particular band of cookies that track personal information about you. There are many antispyware programs that you can use to prevent this from happening. Learn more about antispyware software - https://en.wikipedia.org/wiki/Spyware. You call also disable Google Analytics on all websites by downloading the Google Analytics Opt-out Browser Add-on.