Privacy Notice

How we look after your information

This Privacy Notice explains the types of personal data we may collect about you when you interact with us, how we use it, how we protect your privacy and the limited conditions under which we may disclose it to others.

We respect the trust you place in us when you choose to interact with us and therefore only collect data that is necessary for us to deliver the best possible service and ensure you are reminded about appointments or anything else relevant to your ongoing care.

The name Gordon Turner Optometrists refers to the optometric practice of Ross Turner at 71 Station Way, Cheam SM3 8SG and includes all full-time and part-time staff and locums employed therein authorised to collect, use or disclose personal information.

Gordon Turner Optometrists is registered with the Information Commissioner’s Office on their Data Protection Register, Registration Number Z5452355. The practice’s Data Controller is Ross Turner.

We want to ensure that we look after our customers both in healthcare and with the products and services we provide. We primarily use your personal information to provide the products and services that you as our client requests, to maintain and administer client accounts and for internal record keeping. In addition to your ongoing eye care, we will remind you when appointments are due and suggest relevant products or services that we believe would be of interest.

Below is a list of some or all of the ways we may use your personal data and the reasons we rely on to do so:

  • To offer and provide optometric services
    Our reasons: To help us assess your eye care needs and to advise you of your options and to provide the eye care you choose to have.
    We do this as part of our legitimate interests and for the purposes of health care.
  • To communicate this information to other regulated health care practitioners or individuals authorised to work in our practice
    Our reasons: For your continuing health care purposes and to carry out our business effectively in looking after our patients’ care.
    We do this as part of our legitimate interests and for the purposes of health care.
  • To obtain a baseline of information providing ongoing health services
    Our reasons: So we can identify changes that are occurring over time, for the protection of your health care and for your ongoing eye care.
    We do this as part of our legitimate interests and for the purposes of health care.
  • To offer and provide you with eyewear, contact lenses and related products and services
    Our reasons: Looking after our patients’ eye care needs and for the performance of entering into a contract for the purchase of goods or services.
    We do this as part of our legitimate interests, for the purposes of health care and for fulfilling contracts.
  • To provide you with a record of your eye health and eyewear purchases including contact lenses and to provide ongoing services
    Our reasons: Delivering patients’ eye health care and the associated services.
    We do this as part of our legitimate interests, for the purposes of health care and for fulfilling contracts.
  • To fulfil your order of contact lenses for home delivery via our manufacturers
    Our reasons: To process your order as requested.
    We do this for the performance of fulfilling a contract for the purchase of goods.
  • With your consent, keep you informed by electronic means (email, text and telephone) and by post of products and services that may be of interest to you
    Our reason: To inform you of products and services which might meet your direct clinical eye care needs, to inform you of new products or development of a new service or to inform you of promotions, competitions, special offers etc.  To contact you to ask for feedback on services we have provided and to offer the opportunity to trial new products.
    You have the right to withdraw your consent.
  • To advise you by telephone, text, email or by post that your eye care needs should be reviewed
    Our reasons: To write to you about your direct care e.g. sending appointment reminders, writing about your sight test, contact lens aftercare/follow-up, other appointments and other services which might meet your needs.  Informing you of when your next appointment is due and reminding you to book a test if you have not had one recently.  To follow up on your recent purchase of spectacles and/or contact lenses to check if they are meeting your expectations.  To notify you of changes to our services or product recalls.
    We do this as part of our legitimate interests and for the purposes of health care.
  • To respond to queries and complaints
    Our reasons: The information you supply allows us to respond to your query or complaint and we may keep a record to demonstrate that we have responded in the right manner.
    We do this as part of our contractual obligations, our legitimate interests and our legal duty.
  • To make and manage customer payments, to process credit/debit card payments, to administer direct debits and to collect and recover money owed to us through a collection agency or solicitor
    Our reasons: To invoice customers for optometric services or products or to make and manage those payments or to collect and recover money owed to us for unpaid accounts.  To deal with any queries or refunds of payment.
    We do this as part of our legitimate interests.
  • To invoice your private medical insurance company
    Our reasons: To collect payment for optometric services or products provided by us.
    We do this as part of our legitimate interests and for fulfilling contracts.
  • To maintain our own accounts and records
    Our reasons: To comply with regulations that apply to us and to run our business in an efficient and effective way.
    We do this as part of our legitimate interests and to comply with our legal obligations.
  • To receive payment from the NHS or their contractors
    Our reasons: To receive payment for optometric services or products provided by us under the NHS e.g. NHS sight test.
    We do this as part of our legitimate interests and to comply with our legal duty.
  • To run our business efficiently and in a proper way
    Our reasons: To manage our financial accounts, NHS contract requirements, audits, to maintain IT services and security.  To manage our business effectively and to comply with applicable laws and regulations e.g. to maintain our own accounts and records for tax purposes and those necessary for compliance with a legal obligation e.g. contract with General Ophthalmic Services/NHS.
    We do this as part of our legitimate interests, fulfilling contracts and to comply with our legal duty.

The information below may be collected by us in the daily course of our business interactions with you including patient appointments via our website and email and our Contact Management Portal.  Primarily the information provided is given voluntarily by you or your representative such as health care professionals or individuals you have authorised to provide information on your behalf as part of your ongoing care.

  • Name and title
  • Contact addresses such as home address, work address, billing address
  • Contact details such as telephone/mobile numbers and email address
  • Contact details of family member/representative/carer
  • Details of any prescription supplied to you by healthcare professionals or medical practitioners
  • Information you provide by filling in forms on our website or by email or in the practice
  • Information you provide by completing our Contact Management Portal
  • Information you provide on our online booking service
  • Correspondence from ophthalmologists, GPs, hospitals, the NHS and health care professionals which may include your name, address, contact details, date of birth, NHS number, hospital number and relevant medical information
  • Product selections such as frames, lenses, contact lenses
  • Spectacle and contact lens prescriptions
  • Financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers to enable us to fulfill your orders and set up direct debits
  • Private medical insurance claim numbers and authorisation numbers
  • Patient records in paper and electronic format
  • Current and past health and medication information including family health history
  • Lifestyle and social information
  • Education and employment details
  • Any other information voluntarily provided by you including information from completed questionnaires, surveys or from prize draws or competitions

If you contact us through our website and/or email you will be providing us with personal information about yourself such as your name, email address, contact details and contact lens prescription as well as any other information you volunteer such as medical information.  We will only use such information for the purpose for which it was provided.

We retain your personal information for as long as reasonably necessary to provide our products and services including our aftercare services and to maintain records to meet legal, tax and regulatory requirements.

For example, under the guidance of the Association of Optometrists we are advised it is best practice to keep our patient files and records for a minimum of 10 years after they were last seen or in the case of children and young people 10 years after they were last seen or until the patient’s 25th birthday if later.

Your personal data will be treated as strictly confidential.  It will only be shared with third parties where it is necessary for the management of our business, to fulfil a contractual or legal obligation we have (i.e. supply of eyewear), where you first give us your prior consent or where we are required by law to do so or to defend, bring or manage any actual or likely legal claim.  We restrict third party access to any personal information we hold as much as is reasonably possible and they are only permitted to process your data for specified purposes and in accordance with our instructions.

We use a number of consultants and agencies that may, in the course of their duties, have limited access to personal information we hold.  These include, but not limited to, health authorities including NHS and to third parties that they contract out to, GPs and ophthalmologists to whom we refer, third party insurers, third party service providers for the purpose of fulfilling your order such as contact lens companies, lens and frame manufacturing companies, manufacturers’ competition entry forms, opticians, our contractors to maintain our database software, website and IT security/maintenance, office security and maintenance, commercial providers to send out newsletters/reminders on our behalf, bookkeeping, accountants, temporary workers to cover absences, debit and credit card companies, direct debit scheme providers, collection agencies, lawyers, companies you ask us to share it with.  Should any claim be made, we may pass your personal information to our insurers and professional advisers.

Optometrists are regulated by the General Optical Council who have the right to inspect our records as part of their regulatory activities in the public interest.  We are also regulated by the NHS for the eye tests we carry out and they can, on our behalf, carry out audits and continuing quality improvement reviews of our practice including reviewing patient files and sending questionnaires to patients.

In the event that we sell this business wholly or partially to a third party, personal data held by us about our customers may be considered part of the transferred assets.  We may disclose personal information about customers to the prospective buyer as part of a ‘due diligence’ review of the practice records.

Your personal information may be transferred to, stored or processed to third parties in countries outside of the European Economic Area (EEA) where the level of protection for personal information may not be the same.  If we do this, we will take steps to ensure that your personal information is protected with the same safeguards and standards as stipulated in our third party processors’ contracts and in accordance with the requirements of the UK data protection legislation.

We are committed to treating your data with utmost care and therefore have put in place suitable physical, electronic and managerial procedures to help protect the security of your personal information from unauthorised access and use.

We cannot ensure or guarantee that the information you transmit over the internet or by email will be secure and transmission over the internet or by email is therefore at your own risk.  However, to minimise risk we use ‘https’ technology (shown by the padlock icon) so that communications between your browser and our website are encrypted.

Our website may contain links to other websites of interest.  This Privacy Notice only applies to this website so when you link to other websites you should read their own privacy notices.  We have no responsibility or liability for, or control over, those websites or their collection, use and disclosure of an individual’s personal information.

We cannot guarantee that loss, misuse or alteration of information will never occur but we do take all reasonable precautions to prevent this from happening.  Our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.

You are entitled to access the personal information that we hold on you.  Any such request should be made using our contact details below.  If any data we hold is inaccurate, this will be corrected promptly on request.  In certain circumstances you can request that we erase your data, restrict or object to the processing of your data which we will do where this would not prevent us meeting our legal and regulatory obligations.

National Data Opt-Out

Health and care organisations have to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care e.g. for research and planning. To find out more or to register your choice to opt out under the NHS, please visit

Gordon Turner Optometrists do not have any current data uses which require the application of national data opt-outs. Our organisation is currently compliant with the national data opt-out policy.

We may contact you in relation to the healthcare related products and services that we offer.  You may ask that we do not send you marketing communications using any of the contact details we hold on our records for you, this may include your email, SMS, telephone and postal information.

You may also request we restrict our communication to clinically necessary messages such as to send appointment reminders, writing to you about your sight test, contact lens aftercare/follow-up and notices to remind you of the expiration of your current prescription.

You can update your preferences at any time by emailing us at with your request and we will action your request.

Contacting us

We hope that we have been able to explain how we handle your personal data.  If, however, you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights or to make a complaint, you can reach us either by:

Telephone: 020 8642 0563
Post: Data Protection Officer, Gordon Turner Optometrists, 71 Station Way, Cheam, Surrey SM3 8SG.

If you are not satisfied with our response or believe we are not processing your personal data correctly you can complain to the Information Commissioner’s Office on 0303 123 1113 or to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Further processing

We may make changes and updates to this Privacy Notice.  Our most up-to-date privacy notice is always available on our website and you are welcome to check this page at any time.


Last updated: 8 January 2020