Privacy Policy

1. Introduction

I Care Service Providers Ltd ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services or visit our website.

We are registered as a data controller with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

• Name and contact details (address, phone number, email)
• Date of birth and age
• NHS number (where applicable)
• Medical history and eye health information
• Prescription details
• Insurance information
• Payment information

2.2 Technical Information

• IP address and browser information
• Website usage data and cookies
• Device information

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing Healthcare Services: To deliver eye care services, maintain medical records, and ensure continuity of care
• Appointment Management: To schedule, confirm, and manage appointments
• Communication: To contact you about your care, appointments, and service updates
• Legal Compliance: To meet regulatory requirements and professional standards
• Service Improvement: To improve our services and patient experience
• Marketing: With your consent, to send information about our services and health tips

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: Where you have given clear consent
• Contract: To fulfill our contract to provide healthcare services
• Legal Obligation: To comply with healthcare regulations and professional duties
• Vital Interests: To protect your health and wellbeing
• Legitimate Interests: For service improvement and administrative purposes

5. Data Sharing

We may share your information with:

• Healthcare Professionals: GPs, specialists, and other healthcare providers involved in your care
• NHS Services: Where required for NHS care pathways
• Regulatory Bodies: Professional bodies and regulators as required
• Service Providers: Trusted third parties who help us deliver our services
• Legal Requirements: Where required by law or court order

We never sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encrypted data storage and transmission
• Access controls and staff training
• Regular security assessments
• Secure disposal of data when no longer needed

7. Data Retention

We retain your personal data in accordance with:

• Medical Records: 8 years after last treatment (or until age 25 for children)
• Appointment Records: 2 years
• Marketing Data: Until you withdraw consent
• Website Data: As specified in our Cookie Policy

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal requirements)
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

9. Cookies and Website Data

Our website uses cookies to improve your experience. Please see our Cookie Policy for detailed information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes and update the "Last Updated" date.

11. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:

12. Complaints

If you have concerns about how we handle your personal data, you can:

• Contact us using the details above
• Follow our Complaints Procedure
• Contact the Information Commissioner's Office (ICO) at ico.org.uk