Data Protection

1. Our Data Protection Commitment

I Care Services Providers Ltd is committed to protecting your personal data and respecting your privacy. As a healthcare provider, we understand the sensitive nature of the information we handle and take our data protection responsibilities seriously.

We are registered with the Information Commissioner's Office (ICO) and comply with all relevant data protection legislation including:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• NHS Data Security and Protection Toolkit requirements
• Professional regulatory standards

2. Data Controller Information

3. Types of Personal Data We Process

3.1 Patient Health Data

• Personal identifiers (name, address, date of birth)
• Contact information
• NHS number and healthcare identifiers
• Medical history and eye health records
• Prescription and treatment information
• Clinical photographs and test results
• Insurance and payment details

3.2 Website and Communication Data

• Contact form submissions
• Email communications
• Website usage analytics
• Cookie data

4. Data Protection Principles

We process all personal data in accordance with the following principles:

• Lawfulness, fairness and transparency: We have a lawful basis for processing and are transparent about how we use data
• Purpose limitation: We only use data for specified, explicit and legitimate purposes
• Data minimisation: We only collect data that is necessary for our purposes
• Accuracy: We keep data accurate and up to date
• Storage limitation: We don't keep data longer than necessary
• Integrity and confidentiality: We protect data with appropriate security measures
• Accountability: We can demonstrate our compliance with data protection law

5. Security Measures

We implement robust technical and organizational measures to protect your data:

5.1 Technical Measures

• End-to-end encryption for data transmission
• Encrypted storage systems
• Regular security updates and patches
• Multi-factor authentication
• Secure backup systems
• Regular penetration testing

5.2 Organizational Measures

• Staff data protection training
• Access controls and user permissions
• Data protection impact assessments
• Incident response procedures
• Regular compliance audits
• Confidentiality agreements

6. Data Sharing and Transfers

6.1 When We Share Data

We may share your personal data with:

• Healthcare professionals: GPs, specialists, and other healthcare providers involved in your care
• NHS services: For continuity of care and service integration
• Professional bodies: For regulatory compliance and professional standards
• Trusted service providers: Who help us deliver our services under strict data processing agreements
• Legal authorities: Where required by law or to protect vital interests

6.2 International Transfers

We do not routinely transfer personal data outside the UK. If international transfers are necessary, we ensure:

• Adequate protection through approved mechanisms
• Appropriate safeguards are in place
• You are informed of the transfer

7. Your Data Protection Rights

You have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data (subject to legal requirements)
• Right to restrict processing: Limit how we process your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to certain types of processing
• Rights related to automated decision making: Protection from automated decisions

8. Exercising Your Rights

To exercise any of your data protection rights:

1. Contact us using the details provided above
2. Provide sufficient information to verify your identity
3. Specify which right you wish to exercise
4. We will respond within one month of receiving your request

9. Data Breach Procedures

In the unlikely event of a data breach:

• We will assess the risk to your rights and freedoms
• High-risk breaches will be reported to the ICO within 72 hours
• You will be notified directly if there is a high risk to your rights
• We will take immediate steps to contain and remedy the breach
• We will review and improve our security measures

10. Data Retention

We retain personal data only as long as necessary:

• Medical records: 8 years after last treatment (25 years for children)
• Appointment data: 2 years
• Financial records: 7 years
• Marketing consents: Until withdrawn
• CCTV footage: 30 days (if applicable)

11. Children's Data

We take extra care when processing children's personal data:

• Parental consent is obtained for children under 13
• We consider the child's capacity to understand the processing
• Records are retained until the child reaches age 25
• Special safeguards apply to protect children's interests

12. Complaints

If you have concerns about our data processing:

• Contact our Data Protection Officer using the details above
• Follow our Complaints Procedure
• Contact the Information Commissioner's Office:

13. Updates to This Notice

We may update this data protection notice from time to time. We will:

• Update the "Last Updated" date
• Notify you of significant changes
• Ensure the most current version is available on our website

14. Further Information

For more detailed information about how we use your data, please see our Privacy Policy.