What we collect
We collect and process personal data to allow us to provide our Services and meet our contractual and legal obligations. Our processes and storage methods are compliant with GDPR.
- All data processing is fair, lawful and transparent.
- Data is collected for specific, explicit, and legitimate purposes.
- The data collected is adequate, relevant and limited to what is necessary for the purposes of providing our services.
- Data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay.
- Data is not kept for longer than is necessary.
- Data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisational measures.
As part of our business we have contractual obligations to store personal information and communicate with you with regard to collection arrangements. In meeting these obligations, we act as the Data Controller.
We will hold all personal data provided to it in a secure fashion.
Electronic records are stored within secure management software on Company owned secure servers. Individual devices (computers, laptops, tablets and phones) are password protected. Similarly accounts within the Company’s various management systems are secure and are password protected.
Paper records are kept within secure locked cabinets in locked rooms in an anonymous, secure and alarmed building. Only members of staff and escorted guests are permitted access to the Company offices.
People who have their information stored by us are entitled to view, amend or delete personal information.
Under certain circumstances, particularly in light of financial obligations, the right to be forgotten does not apply. If a request for deletion is denied we will inform the individual of the reasons why the request has been denied in writing within the time limit specified in the GDPR.
To amend or delete personal information email: firstname.lastname@example.org
Or write to:
The Old Surgery
St Chads Avenue
For the attention of: The Data Manager.
The Company will not share personal information with other organisations (third parties) without the individual’s permission.
The exception to this is where the Company might have a legal obligation and contractual obligation to share information, such as the BACS organisation or when information is shared in pursuit of a legal claim. This may include but not be limited to legal advisors or debt collection agencies.
We do not operate an opt in database for communications. The Company relies upon (variously) Legal Obligation, Contractual Obligation and Legitimate Interest as its authority to communicate. Where Legitimate Interest is stated as the authority correspondents may ‘opt out’ from receiving further communications.
Information we collect is:
- Name and address, telephone and email details.
- Bank account information and/or other payment information.
- Contract information including payment instructions, payment amendments.
- Details of the organisation to which the member belongs.
Information is collected on behalf of Eyeplan either via paper forms or secure electronic systems.
The information is used to manage financial collections (Membership fees and goods payments. As part of the collection process some personal information is shared with the BACS organisation in order to effect the collection.
We will communicate with you by post, email and by telephone. The basis on which we will communicate with you is the contractual obligation that the Company has with its customers and you. There is a further legal obligation to make certain communications in order that the Company remains compliant with the various regulations that govern its business.
If you have a complaint about the way we handle your information then you may write to the Data Manager at this address:
The Old Surgery
St Chads Avenue
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
This privacy statement was last reviewed on 24/05/2018