Optical

Who is the Controller of your personal information?

The Controller of your personal information  is Asda Stores Limited (with a registered address at Asda House, Great Wilson Street, Leeds, LS11 5AD) unless we tell you otherwise. Contact Us for details on how to contact our Data Protection Officer if you have any questions or concerns about our handling of your personal information, or if you wish to make a complaint.

This notice applies to the provision of NHS and Private Optical Services, including eye examinations, and the provision of optical goods and services both instore and online.

­

What personal information do we collect and how do we use it?

If you use Asda's optical services we may use your personal information for the following purposes: 

To provide you with optical services including eye examinations, provide you with optical products such as glasses or contact lenses.

Categories of personal information used

  • Personal Identifiers

  • Contact Information

  • Government Identifiers 

  • Transaction Information 

  • Health or Sensitive Personal Information 

Legal Basis for Processing 

  • We process your personal data relating to your services and orders in order to deliver a contractual service to you.

  • We process your Special Category personal data as its necessary for the purposes of providing medical diagnosis and the provision of health care or treatment.

To complete referrals to your GP or other NHS services

Categories of personal information used

  • Personal Identifiers

  • Contact Information

  • Government Identifiers 

  • Transaction Information 

  • Health or Sensitive Personal Information 

Legal Basis for Processing 

  • We process your personal information relating to your services and orders in order to deliver a contractual service to you.

  • We process your sensitive personal information as its necessary for the purposes of providing medical diagnosis and the provision of health care or treatment. 

To review the quality of the care provided to our patients for example by investigating complaints 

Categories of personal information used 

  • Personal Identifiers

  • Contact Information

  • Health or Sensitive Personal Information 

  • Government Identifiers 

  • Transaction Information 

Legal Basis for Processing 

  • We are obligated to comply with various legal obligations in relation to the provision of optical services such as the Opticians Act 1989.

  • We process your Special Category personal data as its necessary for the purposes of providing medical diagnosis and the provision of health care or treatment.

To review the optical services provided and evaluate our service provision

Categories of personal information used 

  • Personal Identifiers

  • Contact Information

  • Purchase history

Legal Basis for Processing 

  • To meet our legitimate interests to run our business effectively by understanding how you are using our services and how to better provide products and services which meet your expectations.

To send relevant direct marketing communications and measure the effectiveness of that marketing

Categories of personal information used 

  • Personal Identifiers

  • Contact Information

  • Purchase history

Legal Basis for Processing 

  • We rely on your consent to send these messages to you.

­

Where do we collect your personal information from?

We collect most personal information directly from you, for example when you register for our services in store or online, purchase optical products from us, participate in a clinical examination or get in touch with our Optical team. We collect some personal information through observation, for example how you have used our Optical Website.

In some cases our partners provide us with personal information. For example:

  • Asda uses Google Analytics tools to process information collected directly from you. Where Google have permission from their customers, they will combine limited information (such as website browsing data) associated with a customer’s Google Account with Asda’s information in the Analytics tool. Google do not use this combined information for its own purposes.

  • Some external organisations may provide us with information for specific purposes – for example the NHS may provide our Pharmacists or Optometrists with access to information about you to dispense medication or provide care to you

­

Who do we share your personal information with and who can access it?

We have controls to limit access to your personal information to:

  • Individual colleagues who need it to do their job, such as processing a prescription, dealing with enquiries and complaints, supporting our technology tools or managing our operations;

  • Select business partners and third parties, including Walmart Inc., who need it to provide services to Asda. These partners do not use information for their own purposes. These services include:

    • Delivering your orders or providing courier service. 

    • Hosting, maintaining or supporting our computer systems, websites, apps and technology platforms. 

    • Running marketing campaigns.

    • Providing operational support, such as maintaining our vehicles or providing colleagues to work with us.

    • Providing a specialised service to us, such as consultancy.  

Sensitive personal information and medical information will only be handled by an appropriately qualified medical professional.

If requested, and where it is required or permitted by law, we may provide personal information to:

  • Official bodies, such as government agencies, local authorities, regulators such as the General Optical Council (GOC) and the police, who are authorised to request personal data where it is necessary for their lawful purposes;

  • Other medical professionals including other optometrists, doctors or the NHS and third parties appointed by the NHS;

  • Asda’s advisers, including lawyers, insurers, accountants and auditors;

  • Other organisations such as law firms or insurance companies acting on behalf of individuals, who may request evidence containing personal data to support a claim in relation to an incident or accident involving their client at an Asda site.

  • Some of our insight and marketing activities require us to share limited information with other organisations in order to enable our campaigns to be effective. Read more about Insight & Marketing

  • The NHS and other healthcare providers. 

  • Civil Recovery & Debt Collection services (if required)

If you would like to understand more detail about which trusted third parties we may share your personal information with, please get in touch with us using the Contact Us page.

­

Where do we store and process your personal information?

Personal information may be processed from a variety of different locations. This can include locally in the UK or other global locations depending on the computer systems utilized or the third party supporting that activity. Walmart Inc provides many of our systems and services from the US and India, and other third parties can be operating in different geographical locations.

To ensure that personal information is handled in line with our high standards, including providing the same level of protection, we put in place transfer arrangements with companies that process personal data outside the European Economic Area for us. These agreements require that, wherever your personal data is held, it is protected to the same high standard as required by law in the UK.

­

Why are we allowed to collect and use your personal information?

When we use your personal information, we must have a legal basis to do so lawfully. We carefully review our activities to make sure we are allowed to process your personal information. The legal bases may include when:  

  1. You have specifically given us your permission. The law calls this consent. Where we need your consent to use your personal information for a particular purpose, we must be able to show that the consent is:

    • Specific and informed – we must let you know what you are consenting to.

    • Freely-given – you must have a genuine choice; for example, we couldn’t say “by registering for Asda Free Wi-Fi, you consent to us sending you marketing emails” because that would prevent you from using the Wi-Fi service if you chose not to consent to marketing emails.

    • Unambiguous – this means that you must have clearly indicated your wishes by confirming your agreement to a statement (e.g. by ticking a box) or taking some positive action to show that you intended to give your consent.

You are able to withdraw your consent at any time by getting in touch using the Contact Us page, or in many cases changing your account settings.

Remember if you want to stop direct marketing, you can also click ‘unsubscribe’ on the email you receive, text ‘STOP’ on SMS or you can write to us at a return freepost address in relation to postal marketing.

  1. We need to use your personal information to meet our contractual obligations to you (known as for the performance of a contract). For example:

    • We collect your credit or debit card details to take payment for something you are buying from us.

    • We collect your clothing size and other details to enable us to provide the clothes you have chosen to buy online.

    • We use your address and contact details to arrange delivery of your orders.

  2. We need to use your personal data to enable us to run our business. The law calls it legitimate interests. We can only do this where we have assessed that there is little or no risk to you or your rights, and we do this by performing a balancing test. 

  3. We need to use your personal information to comply with a law or legal obligation that applies to us. 

  4. When we collect sensitive (special category) information about you, we need to be extra careful about when it can be used and how we protect it. Special category personal information includes:

    • Race;

    • Ethnic origin;

    • Political beliefs;

    • Religious beliefs;

    • Trade union membership;

    • Genetics;

    • Biometrics (where used for ID purposes);

    • Health;

    • Sex life; or

    • Sexual orientation.

We most commonly process special category personal information as part of our Optical and Pharmacy services and Accident & Incident reports. Sometimes you may choose to provide it, if relevant, during a Customer Service enquiry.

We are allowed to do this when you have provided your consent for us to do so, or it is in your vital interests (e.g. seriously detrimental to your health if we do not use it) or we need to capture it for public health reasons or as part of legal proceedings.

  1. There are two other legal bases that we are allowed to use to collect your information. We only use these in very special circumstances as part of our Pharmacy services, or sometimes as part of our response to a serious accident or injury. These are:

    • Public Interest - where we can collect information ‘in the exercise of official authority’. This covers public functions and powers that are set out in law; or to perform a specific task in the public interest that is set out in law.

    • Vital Interests – Where we need to collect your information to protect your life or someone else’s life.

­

How long do we keep your personal information?

Where you have used our Optical services, your patient record will be retained for 10 years from the date of your last appointment. For patients under the age of 18, the patient record will be retained either for 12 years from the date of your last appointment, or until your 25th Birthday (whichever is later).

Where you have order contact lenses online, your customer and purchase information will be retained for 10 years from the date of your last contact we have with you.

Other customer information unrelated to your Optical Record is kept for three years from the last confirmed transaction date, or contact we have with you. At this point, we securely dispose of your personal data or anonymise it so that you are no longer identifiable.

We do need to keep some anonymous information for longer than this, such as customers’ shopping habits and buying patterns, so we can analyse it to identify trends in activity and buying habits. We remove all names, contact details and any other information that could identify individual customers, so it’s all just anonymous numbers and data.

­

How do we protect and secure your personal information?

We use security measures, including physical, administrative, and technical safeguards to protect the confidentiality of your personal data. These measures include encryption, security certificates, access controls, information security technologies, and specific policies and procedures. When designing or implementing new computer systems and processes we look at ways to identify and mitigate potential risks and then monitor and test our systems to help protect your personal information.

Where possible, we also remove identifying information from our data. For example, we analyse data about our customers’ shopping patterns and use this to help us improve our product lines, how we display them, how we lay out our stores and so on. However, we don’t always need to know who these customers are to do that so, we remove the pieces of information that could identify them, such as names, contact details, addresses.

­

How can I exercise my Privacy Rights?

Personal information is just that – it’s personal, and it’s yours. So we want to make sure that it’s easy for you to take control of it and exercise your legal rights. This Privacy Notice tells you all about how we collect and process your personal information, and why we are permitted to do so. If you want to know more about your Data Protection Rights, you can find out more (including how to raise a request for a copy of your personal information) here

Some information relating to NHS Optical Services at Asda is made available through our Freedom of Information publications. For more information contact our Superintendent Optometrist, by writing to ASDA Opticians, ASDA House, Great Wilson Street, Southbank, Leeds, LS11 5AD or calling Tel: 0113 2435435.