Our Privacy and Cookies Policy

What personal data we collect, and why we collect it

Zacks Eye Clinic understands that your privacy is important to you and is committed to protecting the privacy of your personally-identifiable information. The scope of our commitment and how we use and protect any information that you give us will comply with the EU General Data Protection Regulation (GDPR) and is described in this document.

This policy describes the personal data that Zack Eye Clinic Ltd hold, how we use it and how we protect it. The personal data we collect includes names, addresses, e-mail addresses, phone numbers and IP addresses of visitors to our practice and our website. The data is held for the provision of health care eg as patient records, for legitimate interests eg direct marketing to existing customers and for the performance of a contract with the data subject eg employee records.

  • The practice is registered with the Information Commissioner, Registration No. ZA016491
  • The practice is registered with Companies house: Company number: 06039870
  • The business address is: 30c Warren Street, London W1T 5NF
  • The registered office address: 2nd Floor, 201 Haverstock Hill, Belsize Park, London, NW3 4QG
  • Our optometrists and dispensing opticians are all registered with the General Optical Council and will follow the guidance from the College of Optometrists and the Optical Confederation.

Patient Records and Clinical Scans

We hold various information about our patients including name, address, and clinical details such as the state of health of your eyes, your spectacle and/or contact lens prescription, and copies of any letters we have written about you or received from other professionals, such as your doctor.

Clinical records, including spectacle prescriptions, and dispensing information are stored electronically in our practice management software and recall dates and reminders are processed by our software. Clinical scans, photographic records and visual fields records are held on separate data-bases within the practice.

If you have a sight test you will be given a copy of your spectacle prescription. If you are referred to a doctor, we will offer you a copy of the referral letter. If you are fitted with contact lenses you will be given a copy of your contact lens specification when the fitting process has been completed.

If you would like a copy of your clinical record or a report on any other data we hold, there may be an administrative charge for providing it. If you wish to see your records, please submit a written request FAO: Jonathan Cohen and we will respond as quickly as possible, within one month.  If you require independent advice, you can contact the Information Commissioners Office at www.ico.gov.uk.

We adhere to the guidelines of the College of Optometrists, the Optical Confederation and Information Commissioners Office and will not pass any of your personal information to a third party without your consent unless there is a clear public interest duty to do so.  You will need to provide us with your consent if you wish us to pass your information to another optometrist.

If you are an NHS patient, we are obliged to provide the portion of your record that relates to NHS services to authorised persons within the NHS (who are in turn are subject to a duty of confidentiality) if they request this. This is usually to confirm that we have provided the NHS services that we have been paid for, and to improve the quality of care. It is also possible that the NHS may contact you to ask if you have received services (such as a sight test or spectacles) as part of this monitoring.

Within the practice we may use the information to analyse trends, or to audit our performance. This enables us to monitor and improve the quality of care that we offer you. Wherever possible (i.e. if we do not need to know who an individual patient is) we will only analyse trends from anonymised information. If you have any queries about this, please contact us and we will be happy to help.

How we protect clinical information

  • All practice staff have a confidentiality clause within their contracts.
  • All personal information contained on practice records, whether paper or electronic, is considered confidential.
  • We will not discuss your personal information with anyone other than you or, if you are under 16 and not Gillick competent, your parent or guardian without your permission.
  • Care is taken that records are not seen by other people in the practice
  • All staff are aware of the importance of ensuring and maintaining the confidentiality of patients’ personal data and that such data must be processed and stored in a secure manner.
  • Electronic data is protected by suitable back-up procedures and software is updated regularly.
  • When computers are replaced, old hard drives are securely erased or physically destroyed.
  • Clinical records are retained for periods as agreed by the optical bodies (at least 10 years).
  • Confidential paper information requiring destruction is shredded.
  • If the need arises to transfer information we have procedures that include consent and secure transfer.
  • Any suspected breaches of security or loss of information are reported immediately and are dealt with appropriately.
  • Paper records are kept secure and away from access by the public.

How we use and process the information we hold

To discharge our legal and contractual duties:

  • We make sure that staff who help in the provision of ophthalmic services and dispensing are appropriately trained and supervised for the tasks that they undertake.
  • We may also use the information we hold to remind you when check-ups are due and we may send you eye care and eyewear information. If you do not want us to do this please let us know.

How we transfer personal data

  • We transfer personal information (data) securely.
  • Will not ask your permission for our IT support contractors (who in turn are subject to a duty of confidentiality) to support, service, maintain, update, or recover any aspect of our hardware or software systems that contain your data. If a copy of your data is made by our support contractors for any reason, it will be restored to our system and deleted elsewhere.
  • We will normally ask your permission if we want to transfer personal information about you to someone else.
  • We may not ask your permission if we transfer the information to another healthcare professional who is responsible for your care and who needs that information to help to care for you.
  • We may not ask your permission if we need to use a third party employed by us (who in turn are subject to a duty of confidentiality) to provide a service such as printing recall letters or mailshots. In this case the third party would only see your name and address data, which would subsequently be deleted.
  • We may also not ask your permission if we are ordered by law to transfer the information. This may be if a court asks us for the information.

Payment Data and Direct Debits

Invoices, credit card payments, direct debit details and other financial data are held securely and separately to patient records for at least 6 years as recommended by HMRC and are restricted to the relevant staff on a need to see basis.

Direct Debits are processed by external providers via password protected secure servers. Organisations using the Direct Debit Scheme go through a careful vetting process before they’re authorised and are closely monitored by the banking industry. The efficiency and security of Direct Debit is monitored and protected by your own bank or building society. Your Bank details are stored securely on our supplier’s password protected server and your transactions are protected by the Direct Debit Guarantee. It protects you in the rare event that there is an error in the payment of your Direct Debit.

Employment Records and Data

Employee records and data are held and processed for the following reasons:

  • For performance of employment contracts
  • To comply with our legal obligations on processing tax payments and pensions.
  • To protect the vital interests of our employees or their dependants
  • For the legitimate interests of the business.

Employee records are kept for at least 5 years and payroll records for at least 3 years from the date of termination. Employee records are stored securely within the practice and by our accountants who run the payroll and in turn are subject to a duty of confidentiality.

Privacy & Cookies when using our Website

When using our website, Zacks Eye Clinic is committed to ensuring that your privacy is protected. Should we ask you to provide information by which you can be identified then you can be assured that it will only be used in accordance with this privacy statement. Zacks Eye Clinic may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. By submitting information, you agree to Zacks Eye Clinic’s use of such information as described herein.

What we collect (including personally identifiable information)

Zacks Eye Clinic collects personally-identifiable information (PII) on certain areas of the Site when users register, request information, apply for jobs, participate in user posting areas (such as bulletin boards, discussion forums, and surveys). The sort of information we may collect includes the following:

  • Name, job title
  • Contact information including email address and/or telephone number
  • Demographic information such as postcode, preferences and interests
  • Other information relevant to customer surveys and/or services provided
  • Technology information e.g. IP address and browsing patterns

What we do with the information we gather

  • Zacks Eye Clinic use your personally-identifiable information to track the usage of our website (using Google Analytics) and communicate information via email (using Mail-Chimp). We require this information to understand your needs, fulfil your requests and provide you with a better service as well as for the following reasons:
  • Internal record keeping.
  • To improve our products and services.
  • We may periodically send promotional emails about new products, services or other information which we think you may find interesting using the email address which you have provided. You can unsubscribe from our mailing list by clicking unsubscribe on the email or by writing to us.
  • We may use the information to consider job applications and requests for employment opportunities
  • We may use the information to develop the website according to your interests.


Zacks Eye Clinic are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures and standards of operational security to safeguard and secure the information we collect online.

Our website is held on a secure server. It is backed up and updated regularly.

We only use secure third party software: google analytics to track the usage of our website and mail chimp to send email information bulletins.

How we use cookies

A cookie is a small data file which asks permission to be stored on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or can let you know when you visit and then re-visit a particular site by remembering your details. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Users are able to refuse all cookies by turning them off in the web browser itself. More information on cookies can be found at www.allaboutcookies.org.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. These are known as session cookies.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Controlling your personal information, your preferences:

Clinical records are kept for at least 10 years as recommended by our professional bodies. If you do not want to continue to use our services, please let us know so that your record can be made inactive and hidden from view, but it will not be deleted.

If you want to continue to use our services but do not want to receive correspondence from us OR only want to receive recall correspondence, please let us know so that we can update your settings accordingly.

If you have not attended the practice but have chosen to subscribe to our email bulletins through our website and agreed to us using your personal information for direct marketing, your data will not be held on our practice database and you can chose to unsubscribe from our mail chimp e-mail server at any time by writing to us or clicking unsubscribe on the email, whereupon your data will be deleted.

Financial data such as credit card statements and invoices are stored securely and separately from clinical data and marketing data and held for at least 6 years in accordance with HMRC guidelines.

Staff records are kept for at least 5 years and payroll records for at least 3 years from the date of termination.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Queries or Concerns

You may request details of personal information which we hold about you. If you would like a copy of the information held please write to: Jonathan Cohen, Zacks Eye Clinic, 30c Warren Street, London W1T 5NF and we will respond as soon as possible within one month.

If you believe that any information we are holding on you is incorrect or incomplete, if you have any queries or concerns relating to your data, if you would like us to change the way in which we use your data, if you want part or all your data to be made inactive or (where possible) deleted, please contact us at the above address.

Your satisfaction is extremely important to us, we will respond to your request as soon as possible and correct any information found to be incorrect.

If we are unable to satisfy your concerns and you wish to lodge a complaint against us to the ICO, you can find information here: https://ico.org.uk/concerns/

Data Breech Policy

At zacks eye clinic we ensure our hardware is replaced regularly, our software and antivirus software is up to date and our computers are protected with strong passwords. Our staff are trained in data protection and understand the importance of protecting your privacy and personal data and can only access the data essential for their role. Our data is backed up regularly and we maintain IT support contracts with our suppliers.

A data breach is any breach in security leading to the destruction, loss alteration, unauthorised disclosure of, or access to personal data.

We will learn from near misses or any minor event where data protection is breached and improve our systems to reduce future risks.

We will report any serious data breach where it is likely to result in a risk to the rights and freedoms of individuals, which left unaddressed could cause a significant detrimental effect such as discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

In the event of a serious data breach the ICO will be notified within 72 hours. We will restore our data back-ups to rectify the damage as quickly as possible and we will contact affected individuals, with information on the level of risk, in the most appropriate manner taking specialist advice.