Privacy Policy

Last updated: March 2026

1. Who We Are

Edward Watts Opticians is an independent opticians practice located at 14 Chelmsford Road, Shenfield, Essex, CM15 8RQ. We are the data controller for the personal information we collect and process about you. You can contact us at:

• Phone: 01277 212978
• Email: ew@edwardwatts-opticians.co.uk
• Post: 14 Chelmsford Road, Shenfield, Essex, CM15 8RQ

2. What Data We Collect

We may collect and process the following personal data:

Patient Information

• Full name, date of birth, and contact details (address, telephone number, email address)
• NHS number and GP details
• Medical history relevant to your eye health, including medications and allergies
• Clinical records of eye examinations, prescriptions, and treatments
• Photographs and scans of your eyes (e.g. OCT images, fundus photographs)
• Spectacle and contact lens prescription details
• Payment and billing information

Website Visitors

• Information you provide through our contact form (name, email, phone number, message)
• Technical data such as your IP address, browser type, and pages visited (collected via essential cookies only)

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing eye care services: To carry out eye examinations, dispense spectacles and contact lenses, and provide ongoing clinical care
• NHS services: To submit claims and reports to NHS England and relevant clinical commissioning groups
• Appointment management: To book, confirm, and remind you of appointments
• Clinical referrals: To refer you to hospital eye services, your GP, or other healthcare providers when clinically necessary
• Legal obligations: To comply with our legal and regulatory obligations, including record-keeping requirements set by the General Optical Council
• Communication: To respond to your enquiries submitted via our contact form, phone, or email
• Practice administration: To manage billing, payments, and accounts

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the UK General Data Protection Regulation (UK GDPR):

• Contract: Processing necessary to provide you with eye care services you have requested
• Legal obligation: Processing necessary to comply with our regulatory and legal obligations (e.g. General Optical Council record-keeping requirements)
• Vital interests: Processing necessary to protect your health in an emergency
• Legitimate interests: Processing necessary for the ongoing management of our practice, provided this does not override your rights and freedoms
• Consent: Where you have given explicit consent, such as when you submit a contact form or agree to receive communications

For special category data (health data), we rely on the legal basis of healthcare provision under Article 9(2)(h) of the UK GDPR, in conjunction with Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018.

5. Cookies

Our website uses the following cookies:

• Essential cookies: A cookie consent preference is stored in your browser's local storage to remember your cookie choice. This is strictly necessary for the website to function.

Our contact form is protected by Cloudflare Turnstile, a privacy-focused spam prevention service. Turnstile may set a cf_clearance cookie to verify that you are a genuine visitor. This cookie is strictly necessary for the security of our website and does not track your browsing activity. For more information, see Cloudflare's Privacy Policy.

We do not use any third-party analytics, advertising, or tracking cookies. If we embed a Google Maps iframe on our contact page, Google may set its own cookies when you interact with the map. Please refer to Google's Privacy Policy for further information.

6. Who We Share Your Data With

We may share your personal data with the following third parties, only where necessary and appropriate:

• NHS England and relevant commissioning bodies for the provision of NHS-funded services
• Hospital eye services and your GP for clinical referrals
• Lens and frame suppliers to fulfil your prescription (only non-clinical data such as prescription details and frame specifications)
• Appointment booking system provider (OptiSoft) for managing appointments
• Professional regulatory bodies (General Optical Council) where required by law
• Web3Forms to process enquiries submitted through our website contact form (name, email, phone number, and message only)
• Cloudflare to provide website hosting, security, and spam protection (including Turnstile on our contact form)

We do not sell, rent, or trade your personal data with any third party for marketing purposes.

7. Data Retention

We retain your personal data in accordance with the following guidelines:

• Adult patient records: Retained for a minimum of 10 years from the date of the last entry, in line with General Optical Council guidance
• Child patient records: Retained until the patient's 25th birthday, or for 10 years from the last entry, whichever is longer
• Contact form enquiries: Retained for up to 12 months after the enquiry has been resolved
• Financial records: Retained for 7 years in line with HMRC requirements

After the applicable retention period, records are securely destroyed.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you
• Right to rectification: You can ask us to correct any inaccurate or incomplete data
• Right to erasure: You can request that we delete your personal data, subject to our legal and regulatory obligations
• Right to restrict processing: You can ask us to limit how we use your data in certain circumstances
• Right to data portability: You can request a copy of your data in a structured, commonly used format
• Right to object: You can object to our processing of your data where we rely on legitimate interests
• Right to withdraw consent: Where processing is based on your consent, you can withdraw it at any time

To exercise any of these rights, please contact us at ew@edwardwatts-opticians.co.uk or call 01277 212978. We will respond to your request within one month.

9. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include secure storage of physical records, password-protected electronic systems, and staff training on data protection.

10. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically to stay informed about how we protect your data.