Legal . Privacy

Privacy policy

Last updated May 2026
This policy explains what personal information we collect when you visit our website or come to the practice, why we collect it, what we do with it, and what rights you have. Written in plain English, as far as that is possible with a legal document.
01 . About us

Who we are

Bains Optical Healthcare Limited is an independent opticians registered in England and Wales. We are the data controller responsible for the personal information described in this policy.

  • Registered company name: Bains Optical Healthcare Limited
  • Companies House number: 09471541
  • Incorporated: 4 March 2015
  • Registered office and trading address: 160-162 Hednesford Road, Heath Hayes, Cannock, Staffordshire, WS12 3DZ
  • NHS organisation code: TP8YL

If you have questions about how we handle your information, please see section 12 for our contact details.

02 . What we collect

Information we collect

We collect different kinds of information depending on how you interact with us.

If you book or attend an appointment

  • Your name, date of birth, address, phone number, and email address
  • Your NHS number, if you receive NHS-funded services
  • Your GP's name and surgery
  • Your medical history relevant to eye care, including current medications
  • Clinical records from your examinations, including prescriptions and any retinal images we take
  • Records of frames, lenses, and contact lenses you have purchased
  • Payment details for private services, processed securely through our payment provider

If you use our website

  • Standard technical information such as your IP address, browser type, and the pages you visit
  • Cookies and similar technologies, described in our Cookie Policy
  • If you contact us through a form on the site, the information you provide in that form

Special category data

Your clinical records and health information are classified as special category data under UK GDPR. We handle this information with additional care, in line with our professional obligations to the General Optical Council (GOC) and the NHS optical contract.

03 . Why we collect

Why we collect your information

We collect and use information for these specific reasons, and only these reasons.

To provide eye care

We need your contact and clinical information to perform examinations, dispense glasses or contact lenses, manage your ongoing eye health, and refer you onwards if needed. The lawful basis is contract for private services and public task for NHS services. For special category health data, the additional condition is provision of health or social care under UK GDPR.

To meet our regulatory obligations

The General Optical Council and the NHS require us to keep clinical records for specific periods and to share specific information in specific circumstances. The lawful basis is legal obligation.

To manage our business

We use information for appointment reminders, communicating about your orders, processing payments, and answering your queries. The lawful basis is legitimate interests in running the practice efficiently.

To send marketing, if you opt in

We will only contact you with marketing information (such as newsletters or special offers) if you have specifically agreed to receive it. The lawful basis is consent, and you can withdraw it at any time.

04 . Who we share with

Who we share your information with

We do not sell your personal information. We share it only when necessary to provide the service, meet our legal obligations, or run the practice.

NHS & healthcare bodies

  • The NHS Business Services Authority, for processing claims for NHS-funded examinations and optical vouchers
  • Your GP, when we need to communicate findings or coordinate your care
  • Hospital eye services, when we refer you for further investigation or treatment

Regulators & professional bodies

  • The General Optical Council (GOC), the professional regulator for opticians and optometrists
  • The Information Commissioner's Office (ICO), where required by data protection law

Suppliers and service providers

To run the practice and the website, we use a small number of trusted third-party providers. Each is bound by contract to handle your information securely and only for the purpose we have engaged them for.

  • Optical laboratories, who manufacture lenses to your prescription
  • Contact lens manufacturers and distributors, who supply lenses to your specification
  • Our online booking system, hosted at bainsoptical.eyeappointments.co.uk and operated by a third-party booking provider
  • Our card payment processor, for handling card transactions for private services
  • Our website hosting provider, Cloudways, which provides the infrastructure this website runs on
  • Any analytics or communication tools we use to run the website and contact patients, listed in our Cookie Policy where they apply

If required by law

We may disclose information when required by a court order, law enforcement request, or other legal obligation.

05 . Retention

How long we keep your information

We keep information only as long as needed for the purpose it was collected, our regulatory obligations, or potential legal proceedings.

  • Clinical records for adults: A minimum of 10 years from the date of the last appointment, in line with General Optical Council guidance.
  • Clinical records for children: Until the child's 25th birthday, or 26th if they were 17 at the time of treatment.
  • Booking and contact records: Up to 7 years, in line with HMRC requirements for business records.
  • Marketing consent records: Until you withdraw consent, plus a short period to evidence the withdrawal.
  • Website analytics data: Up to 14 months by default for any analytics tool we use; often shorter.

When retention periods end, records are securely destroyed or anonymised.

06 . Your rights

Your rights

Under UK data protection law, you have the following rights regarding your personal information.

  • Right to be informed. To know what information we hold and what we do with it. This policy provides much of that.
  • Right of access. To request a copy of the personal information we hold about you, normally provided within one month.
  • Right to rectification. To have any inaccurate information corrected.
  • Right to erasure. To have information deleted, where we do not have a legal obligation to keep it.
  • Right to restrict processing. To ask us to pause certain uses of your information.
  • Right to data portability. To receive your information in a structured, machine-readable format.
  • Right to object. To object to certain types of processing, including marketing.
  • Right to withdraw consent. Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, contact us using the details in section 12. We will respond within one calendar month. There is normally no charge.

07 . Security

Security of your information

We take the security of your information seriously. We use industry-standard measures appropriate to the sensitivity of the data:

  • Clinical records are stored in secure practice-management systems with controlled access
  • Paper records are kept in locked storage and shredded securely when no longer needed
  • Our website uses HTTPS encryption for all data in transit
  • Staff are trained in confidentiality, data protection, and information security
  • Access to your records is restricted to staff who need it to provide your care

No system is perfectly secure. If a data breach happens, we will notify the ICO within 72 hours where required, and notify you directly if your rights or freedoms are at high risk.

08 . Cookies

Cookies and tracking

Our website uses cookies and similar technologies. Some are essential for the site to work; others help us understand how the site is used. Full details are in our separate Cookie Policy.

09 . Children

Children's information

We provide eye care services to children. When we examine a child under 16, we collect information from the child and from the parent or guardian who accompanies them. The parent or guardian provides consent on the child's behalf.

We treat children's information with particular care and apply additional safeguards. Children's clinical records are retained longer than adult records, as described in section 5.

10 . Changes

Changes to this policy

We may update this policy from time to time. When we do, we will update the "last updated" date at the top of the page. For material changes that affect your rights, we will take reasonable steps to bring the changes to your attention.

11 . Complaints

Complaints

If you believe we have not handled your personal information properly, please contact us first using the details in section 12. We will investigate and respond.

You also have the right to complain directly to the Information Commissioner's Office (ICO), the UK regulator for data protection:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12 . Contact

How to contact us

For any question about this policy, or to exercise any of your data protection rights, please get in touch.

Data queries at Bains Optical

By post
Data Protection
Bains Optical Healthcare Ltd
160-162 Hednesford Road
Heath Hayes, Cannock
WS12 3DZ
By email
Info@bainsoptical.co.uk
By phone
01543 279415

This policy was prepared with care, in plain English. If anything is unclear, please ask.