Privacy Policy

1. Who We Are

Tywi Eyecare is an optometry practice providing eye care services.
We are the Data Controller for the personal data we hold.

Contact details:
Tywi Eyecare
31A Blue Street, Carmarthen, SA31 3LE
Telephone: 01267 243440
Email: tywieyecare@gmail.com

ICO reg. no. ZB846144

2. Our Responsibilities

We are committed to protecting your personal information and handling it lawfully, fairly, and securely in line with UK data protection law.

If you have any questions about how we use your information or wish to exercise your rights, please contact the IG Lead (Rhian Kinnaird) using the details above.

3. What Information We Collect

We may collect and process the following types of personal data:

  • Patient details (name, address, date of birth, contact details)
  • Health and clinical information related to eye care
  • NHS or private care information
  • Appointment and correspondence records
  • Payment and billing information
  • Staff or contractor information (where applicable)
  • CCTV images (where in use)

4. Why We Use Your Information

We use personal data to:

  • Provide safe and effective eye care services
  • Maintain accurate patient records
  • Meet legal and regulatory requirements
  • Communicate with you about appointments and care
  • Manage complaints and incidents
  • Process payments and claims

5. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Legal obligation (e.g. health regulations)
  • Performance of a contract (providing eye care services)
  • Vital interests (where necessary)
  • Public task (where applicable to NHS services)
  • Consent (where required and appropriate)

Where consent is used, you have the right to withdraw it at any time.

6. Who We Share Information With

We only share personal data where necessary and lawful, including with:

  • NHS bodies
  • Other healthcare professionals involved in your care
  • Laboratories and service providers
  • Regulatory or statutory bodies where required by law

We do not sell personal data.

7. How Long We Keep Information

We keep personal data only for as long as necessary and in line with the Records Management Code of Practice for Health and Social Care (2022).

Once data is no longer required, it is securely destroyed.

8. How We Keep Your Information Secure

We use appropriate technical and organisational measures to protect personal data, including:

  • Restricted access to systems and records
  • Password protection and secure systems
  • Secure storage and confidential disposal

9. Your Rights

Under UK GDPR, you have the right to:

  • Be informed about how your data is used
  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of data (where applicable)
  • Restrict processing
  • Data portability
  • Object to processing
  • Rights relating to automated decision-making and profiling

Requests can be made verbally or in writing. We aim to respond within one month.

10. Complaints

If you are unhappy with how we have handled your information, please contact us first so we can try to resolve the issue, 01267 243440

You also have the right to complain to the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113

11. Changes to This Policy

This Privacy Policy is reviewed regularly and updated when required to reflect changes in law or practice.



en_GBEnglish
cyWelsh en_GBEnglish