Skip to content

Eye Clinic Privacy Notice 

School of Optometry & Vision Science

During all patient consultations within the Eye Clinic personal and medical details need to be obtained to ensure a full and accurate record can be made. These details are then collated and stored for the purpose of teaching, research and to retain accurate information for any required follow up visits.  The information is also used for the purpose of referring a patient for further investigation or for information for their GP.

Under what legal basis does the processing of my personal data take place?

Data protection law (which is made up of the UK GDPR and the Data Protection Act 2018) provides for a number of different legal bases under which processing of personal data may take place.  In this case, the following bases apply:

Necessary for the performance of a task carried out in the public interest

To comply with the Professional Standards of the General Optical Council we must keep full and accurate patient records.

For patients visiting the clinic for visual electrodiagnostic testing, the service must comply with the Care Quality Commission (CQC) requirements for patient record keeping and data protection.


Your personal data is used for the purposes of teaching and research and we will ask you to provide your consent to the storage and use of your data for these purposes.

Although the primary purpose of the Eye Clinic is to provide a real-life working environment for our student’s experience, you are entitled to opt out of us using your personal data for teaching and research purposes. If you provide consent but subsequently decide you wish to withdraw it, you may do so by emailing with ‘Withdrawal of consent” as the subject line.

What categories of personal data are used?

  • Name and contact details;
  • Occupation;
  • Lifestyle information;
  • Medical information; and
  • Other information relating to your eyes of lenses we prescribe for you.

Where do we get your personal data from?

Personal and medical information is provided to the practitioner by you, the patient, throughout the consultation process.

Who else do we pass this information on to?

  • Healthcare, social and welfare organisations;
  • Educators and examining bodies;
  • Referral to outside medical practitioners.

Do we transfer the information overseas?


How long do we keep this information for?

  • For patients over 18 years of age records are kept for 10 years following their last visit.
  • For patients 18 years and under records are kept for 10 years since their last visit, or until their 25th birthday whichever comes later.

In the event of us being informed of the death of either category of patient, records will be kept for 10 years after the date of the last appointment.

What are your rights as a data subject?

As a person whose personal data we are processing, you have certain rights in respect of that personal data; you have the right:

  • To access your personal data that we process;
  • To rectify inaccuracies in personal data that we hold about you if it is inaccurate or incomplete;
  • To request the deletion or removal of your personal data where there is no compelling reason for its continued processing;
  • To restrict the processing of your personal data in certain ways;
  • To obtain your personal data for reuse;
  • To object certain processing of your personal data;
  • To complain to the Information Commissioner’s Office about the way in which we process your personal data.

Where can I get more information?

For more information please contact Matt Stephenson, the University’s Data Protection Officer,, University of Bradford, Richmond Road Bradford BD7 1DP.

Document control information

Written by: Cheryl Hill & Matt Stephenson
Reviewed by DPO: 25 May 2023
Approved by: MS
Date approved 26 May 2023
Next review date 1 June 2025
Version number Version 2.0