Privacy Policy
Your Privacy
At Osmond Drake Opticians trading as Osmond Drake Optical Ltd we are committed to the highest privacy standards. We act as the controller for the personal data we process about our customers, users of our website and other individuals who interact with us in the course of our business (you). However you choose to interact with us, we will only collect data that is necessary for us to deliver the best possible service. You can reach us by email at:info@osmonddrake.co.uk or by post: 107 Glebe Street, Penarth, CF64 1ED.
This policy is intended to provide detailed information on when, how and why we process your personal data in accordance with our obligations as a controller of your personal data under the General Data Protection Regulation (GDPR).
Categories of your Personal Data
In addition to your basic personal data and contact details (e.g., name, date of birth, telephone numbers and your addresses) we may collect other relevant details including current and past health and medication information, your examination results, payment details and other data such as information shared by you in order for us to provide your ongoing care.
We may also receive and process associated information received from third parties including other individuals, healthcare professionals and organisations as part of your ongoing care.These sources may include public authorities, hospitals, general practitioners, or specialists providing information relevant to your ongoing care as well as third party individuals such as your parents or legal guardians.
How we use this information and lawful bases and processing conditions we rely on to process your Personal Data
The personal data we collect about you is used to ensure we provide you with the best and most appropriate products and services, including for the purposes of performing eye examinations, tailoring product recommendations, or handling your queries.
In addition to your ongoing eye care, we will process your personal data to remind you when appointments are due and suggest relevant products or services that we believe would be of interest.
We use your contact information to respond to queries from you, and where appropriate your bank details to collect Direct Debit payments as agreed.
We may occasionally contact you to ask for your feedback on the services we have provided and to offer the opportunity to trial new products.
When we process your personal data, we typically rely on the following lawful bases: (i) consent, where required by law, for example where we process your health data to provide you with our services; (ii) performance of our contract with you, for example when we process your bank details to collect Direct Debit payments; (iii) protecting your or another individual’s vital interests; (iv) compliance with our legal obligations, for example under tax and health and safety laws; and/or (v) our or third parties’ legitimate interests.
Where we rely on our or third parties’ legitimate interests, such interests include the following: (i) maintaining high standards of care and protect customers’ well-being; (ii) keeping you (or your legal guardians) informed and ensuring you (or they) receive timely and accurate information about your personal conditions; (iii) recommending product options or additional services to meet your individual needs; (iv) ensuring continuity of care and reducing the chance of missed or delayed treatment; (v) fostering professional relationships, maintaining high-quality patient services, assessment and enhancement of the overall quality and delivery of our eye care services; (vi) ensuring accurate record-keeping and facilitate our operational needs; (vii) ensuring security, preventing fraud or crime, including protecting assets and personnel and disclosing personal data to law enforcement or other authorities where necessary; (viii) processing and maintaining business records for compliance, including storing information to satisfy tax and other legal obligations; (ix) defending or pursuing legal claims, including sharing or processing data as required to protect our or our affiliates’ legal rights in court, before regulatory authorities or in settlement discussions; (x) facilitating business transfers, including transferring your personal data to new owners or partners in the event of mergers, acquisitions, or similar transactions; (xi) preserving overall operational security, including to safeguard our and third parties’ (such as our vendors) systems and processes.
In particular because we are an optician dealing with data concerning health as specifiedunder Article 9 of the GDPR, we rely on one or more of the following legal conditions under Article 9 of the GDPR to process such data or any other special category data. These include:(i) your explicit consent, where necessary; (ii) compliance with our legal obligations arising from social security or public health laws; (iii) protecting vital interests of you or another individual; (iv) establishing, exercising, or defending legal claims; and (v) where applicable, providing health care or medical diagnosis based on laws or valid contracts with health professionals. Where permitted or required by law, we may also rely on reasons of substantial public interest or public health measures, for example to ensure high safety standards in health care.
Our policy on storage, processing, and retention of your personal data
To provide and maintain our services, your data is/may be stored and processed by reputable patient management system software provider(s) who supply software solutions to us for the purposes of managing your patient records and card. If we collect any Direct Debits from you these payments will be processed by a Direct Debit service provider. Any third-party service provider company is only permitted to process your data for the specified purposes and, where appropriate, in accordance with our instructions.
We retain your information for as long as reasonably necessary to provide our products and services and to maintain records to satisfy tax and other legal requirements. When determining the appropriate retention period, we consider: (i) the period for which you remain a customer or use our services (e.g., when your last appointment or product purchase occurred); (ii) any contractual or legal obligations that require us to retain data (e.g., healthcare or tax requirements), including until the expiration of any applicable statute of limitations for potential legal claims; and (iii) whether there is an ongoing legal claim or dispute related to the services we provided or our operations.
How and when we may share your Personal Data
Where necessary we may disclose your personal data to healthcare professionals, legal guardians and healthcare organisations including the HSE, hospitals, and other clinical services where relevant to your care. We may also pass personal data to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. We may also share your personal data with:
- Third parties who help administer our services. To provide and maintain our services, your data is stored and processed by Ocuco who supply software solutions to us for the purposes of managing your patient records. If you choose to pay by Direct Debit, your payment information will be securely processed by our authorised Direct Debit service provider. We may also share your personal data with external consultants, IT support, and related service providers. These entities typically process data in line with our instructions;
- Insurers: for example, where necessary for coverage or settlement discussions;
- Legal advisers: for example if a legal claim arises or in defence of legal rights or to obtain legal advice;
- Affiliates: for example for centralizing administrative functions, such as IT and customer management, within our corporate group structure;
- Courts and regulators: where required by law or in response to lawful requests;
- Potential or actual acquirers: If our business, in whole or part, is sold or transferred, your personal data may be part of the transferred assets.
We always seek to take appropriate measures to ensure that any recipient of your personal data is subject to appropriate confidentiality and security obligations.
Your rights with respect to the Personal Data we hold
You may have – in accordance with data protection laws applicable in the European Union and Ireland – the following rights when it comes to our processing of your personal data:
- You are entitled to access copies of certain personal data that we hold on you;
- If any personal data we hold is inaccurate or incomplete, you have a right to have thisdata corrected on request.
- You may have the right to request that we erase your personal data; for example, where the processing is no longer necessary for the purposes for which the personal data was collected.
- In some circumstances, you may also have the right to request us to restrict or limit our processing of your personal data (for example, if you believe it to be inaccurate);
- You may object to the processing of your personal data based on legitimate interests; but we may be entitled to continue processing your personal data based on our compelling legitimate interests or where the processing is necessary for the establishment, exercise or defence of legal claims.
- You also have the right to object where we are processing your personal data for direct marketing purposes or for direct marketing;
- In some circumstances (for example if processing is based on your consent or contractual necessity and carried out by automated means), you may also ask your data be provided to a third party;
- Where you have given consent, you can withdraw it at any time; but this does not affect the validity of processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we may continue to use your personal data as permitted or required by law.
You are also free to lodge a complaint with the Information Commissioner’s Office, should you feel that we process your personal data in a way that is against the applicable data protection and privacy laws, including the GDPR. You may contact the Information Commissioner’s Office by following the instructions provided in this link: https://ico.org.uk/global/contact-us/
Updating your communication preferences
You may ask that we do not send you communications using any of the contact details we hold on our records; this may include your email, SMS, telephone and postal information. You may also request we restrict our communications to clinically necessary messages.
International Data Transfers
Your personal data is processed primarily in United Kingdom.
As explained above, we may transfer your personal data to certain reputable third-party providers and/or our parent company in order to facilitate our services. These third-party providers or our parent company are registered and operate in the United Kingdom, which is recognised by the European Commission as a jurisdiction that provides an adequate level of protection for personal data.
If we transfer your data to any jurisdiction that is not recognised by the European Commission as an “adequate” jurisdiction, we will ensure that we either have your data protected by “appropriate safeguards” in compliance with the GDPR or we rely on one of the derogations set out under Article 49 of the GDPR.
The “appropriate safeguards” we may put in place include, where required, the Standard Contractual Clauses issued by the European Commission. Where relevant, you may ask for a copy of such Standard Contractual Clauses by contacting us.
Privacy Policy updates
We reserve our right to make any changes and updates to this privacy policy without giving you notice as and when we need to. Our most up to date privacy policy is always available on our website.
Last updated: 27/02/2026
Contacting us
Please see the contact details provided at the start of this policy.