Privacy Policy (UK) – EyeSurgeryClinic.co.uk

This privacy policy explains how EyeSurgeryClinic.co.uk uses and protects your personal information when you visit our website, request an appointment, or contact our private eye surgery team in the United Kingdom.

  • What we collect, why we collect it, and the lawful basis
  • How we handle health-related information and appointment enquiries
  • Your rights under UK GDPR and how to exercise them
  • How to contact us with privacy questions or requests
Make a privacy request Schedule an appointment

If you need this policy in an accessible format, please use the form below and we’ll help.

Who we are (Data Controller)

This website is operated by EyeSurgeryClinic.co.uk ("we", "us", "our"). For the purposes of UK data protection law, we act as the data controller for personal information collected via our website, including appointment enquiries for private eye surgery such as cataract surgery and oculoplastics procedures.

This privacy policy applies to information collected when you:

  • Visit EyeSurgeryClinic.co.uk and browse pages
  • Complete an online form to request an appointment or call back
  • Contact us by phone, email, or other channels linked from the site

Important: If you are already a patient, additional privacy information may be provided at the clinic (for example, about clinical records). This page focuses primarily on data processed through this website and initial enquiries.

Quick contact for privacy

To ask a privacy question or request your data, use the privacy request form. If your query relates to an appointment, use the appointment enquiry form.

  • We aim to respond within 30 days to rights requests
  • We may ask for ID to verify your identity
  • For urgent medical concerns, contact your clinician or NHS 111/999 as appropriate

What personal data we collect

We collect only the information we need to run our website, respond to enquiries, and help you arrange care. The categories below are examples; what we collect depends on how you interact with us.

Identity & contact details

  • Name (first name and surname)
  • Email address
  • Telephone number
  • Postcode (to support logistics and service planning)

Enquiry information

  • Your message and preferred callback times
  • Procedure interest (e.g., cataract surgery, oculoplastics)
  • Any information you choose to share about symptoms or history

Technical & usage data

  • IP address and device/browser details
  • Pages viewed and referral sources
  • Cookie and analytics identifiers (where enabled)

Health data: Information about your eyesight, symptoms, diagnoses, medications, or treatment is treated as special category data under UK GDPR. Please only share what is necessary for us to triage your enquiry and arrange the right next step.

How we use your information

We use personal data to provide safe, responsive service and to run our clinic operations effectively. Typical purposes include:

Responding to enquiries

  • Confirming your request and contacting you back
  • Answering questions about cataract surgery, oculoplastics, and related procedures
  • Arranging consultations and discussing availability

Operating and improving the website

  • Maintaining security and preventing fraud
  • Understanding which pages are useful (analytics where enabled)
  • Fixing issues and improving usability and accessibility

Marketing communications

We do not send unsolicited marketing. If we ever send clinic updates, reminders, or information about services, we will do so in line with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. You can opt out at any time.

Please do not use this website for emergencies. If you have sudden vision loss, severe eye pain, or other urgent symptoms, seek immediate medical help.

Our lawful bases (UK GDPR)

UK GDPR requires us to have a lawful basis for processing personal data. Depending on the context, we rely on one or more of the following:

Activity Personal data lawful basis Special category (health) condition
Responding to your appointment enquiry Legitimate interests / steps prior to entering a contract Provision of health or social care (as applicable) and/or explicit consent where required
Managing bookings and communications Contract / legitimate interests Health care management purposes (as applicable)
Website security, fraud prevention, logging Legitimate interests / legal obligations (where applicable) Not usually required
Analytics and performance measurement (where enabled) Consent and/or legitimate interests depending on the tool and configuration Not applicable

Where we rely on consent, you can withdraw it at any time. Withdrawing consent does not affect processing already carried out.

Who we share data with

We do not sell your personal information. We may share it with trusted third parties only where necessary to operate the website, manage enquiries, and deliver services. These parties act as our data processors or as independent controllers depending on the situation.

Typical recipients

  • Website hosting and infrastructure providers
  • Email/communication and customer support systems
  • Analytics providers (if enabled, subject to cookie settings)
  • IT security and maintenance partners

When sharing may be required

  • To comply with a legal obligation or court order
  • To protect patient safety, rights, or property
  • To investigate or prevent security incidents
  • In connection with a business transfer (with appropriate safeguards)

Where we use processors, we put contracts in place to ensure they handle data securely and only on our instructions.

Cookies and similar technologies

Cookies are small text files stored on your device. We may use cookies to make the site work reliably, to protect security, and to understand how visitors use the site (where enabled). In the UK, non-essential cookies typically require your consent.

Cookie type Purpose Typical legal basis
Strictly necessary Core site functions, security, load balancing Legitimate interests / necessary for service
Analytics Measure usage to improve content and journeys Consent (in most cases)
Preference/functionality Remember settings (where available) Consent or legitimate interests depending on impact

You can usually manage cookies through your browser settings. If we operate a cookie banner on this site, you can change preferences there as well.

How we keep your data secure

We take appropriate technical and organisational measures to protect personal information, including health-related information you share in an enquiry. Security controls may include access controls, encryption in transit, monitoring, and staff confidentiality obligations.

  1. Minimisation: we only request information relevant to your enquiry.
  2. Access control: access is limited to authorised team members and suppliers.
  3. Secure transmission: we use HTTPS where supported to protect data in transit.
  4. Supplier assurance: processors must meet security and confidentiality standards.
  5. Incident response: we investigate potential breaches and notify the ICO and affected individuals where required by law.

Your role: avoid sharing highly sensitive details in free-text fields unless necessary. If you believe your information has been compromised, contact us via the privacy request form.

How long we keep your data

We keep personal information only for as long as necessary for the purpose it was collected, including for legal, regulatory, and clinical governance needs (where applicable). Retention periods can vary based on whether you become a patient and the nature of our relationship.

Typical approach

  • Enquiry data: kept long enough to manage your request and follow-up, then securely deleted or anonymised unless we have a legitimate reason to retain it.
  • Patient records: if you proceed to consultation/treatment, clinical records may be retained in line with UK healthcare record retention guidance and legal obligations.
  • Technical logs: retained for security and operational reasons, typically for limited periods.

Your rights under UK GDPR

You have rights over your personal data. These rights are not absolute and may depend on why we process your information. We will always respond in line with UK law.

Access & portability

  • Request a copy of your data
  • Request certain data in a portable format

Correction & deletion

  • Ask us to correct inaccurate information
  • Request deletion where applicable

Objection & restriction

  • Object to processing based on legitimate interests
  • Request restriction in certain circumstances

How to exercise your rights: use the privacy request form. We may ask for information to verify your identity before we disclose or amend any data.

If you are unhappy with how we handle your data, you can also complain to the UK Information Commissioner’s Office (ICO). Visit ico.org.uk.

International transfers

Some suppliers (for example, hosting, communications, or analytics providers) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy regulations or approved contractual protections.

What this means for you

  • We assess supplier risk and security controls
  • We limit access to what is necessary for the service
  • We put contractual measures in place where required

Schedule an appointment (private eye surgery)

If you’d like to arrange a consultation for cataract surgery, oculoplastics, or another procedure, you can send an enquiry here. If your message includes health information, we will treat it with additional care as special category data.

Before you submit

  • Only include details you’re comfortable sharing online
  • For urgent symptoms, seek urgent care rather than waiting for a callback
  • We may contact you to clarify your enquiry before booking

By submitting, you confirm you have read this privacy policy and you are happy for us to contact you about your enquiry.

Privacy request instead

Why this privacy policy matters

When you’re considering private eye surgery, privacy is part of safe care. We design our processes to reduce risk, improve transparency, and support informed choices.

Clear and UK-compliant

We explain our approach in plain UK English and align processing with UK GDPR and PECR requirements.

Respect for sensitive data

Health information is treated with enhanced care, limited access, and appropriate safeguards.

Practical control

You can request access, correction, deletion, or raise concerns using a simple form—no need to chase multiple departments.

How to make a privacy request (step-by-step)

If you want to access your data, correct information, or ask a question about how we handle enquiries, follow the steps below. This helps us respond accurately and securely.

  1. Tell us what you need (e.g., access request, correction, deletion, objection).
  2. Provide contact details so we can confirm identity and respond.
  3. Share relevant context (approximate dates of contact, the email/phone used).
  4. We verify identity where needed, especially for sensitive or health-related data.
  5. We respond usually within one month (may be extended for complex requests, with explanation).

Tip: If you previously contacted us about cataract surgery or oculoplastics, include the approximate month and the contact method you used. This reduces delays.

Privacy request form (UK GDPR)

Use this form to ask a question about this privacy policy, request a copy of your data, or exercise your UK GDPR rights. If your request relates to booking a consultation, you may prefer the appointment enquiry section.

Do not include passport/driving licence images in this message. If ID is required, we will explain a secure way to provide it.

Review your rights

Privacy policy FAQs

Is my enquiry about cataract surgery treated as confidential?

Yes. We treat all enquiries as confidential. If you share information about your eyesight or medical history, it may be classed as special category data and handled with additional safeguards.

Do you share my details with insurers or other clinics?

We do not share your information with third parties for their own marketing. We may share data with service providers who help us operate the website or manage communications, and only where necessary and protected by contracts.

How quickly will you respond to a UK GDPR request?

We aim to respond within one month of receiving your request. If it is complex, we may extend the timeframe (up to a further two months) and will explain why.

Can I ask you to delete my data?

You can request deletion in certain circumstances. However, we may need to retain some information to meet legal obligations or for clinical governance where applicable. We will explain any limitations clearly.

Is this privacy policy the same as cookie consent?

They are related but different. This policy explains how we process personal data. Cookie consent deals with storing and accessing information on your device for non-essential cookies, typically requiring consent in the UK.

Trust and accountability

We know privacy is a key part of trust—especially when you’re sharing information related to eye health. These are the standards we work to uphold.

UK GDPR aligned

Rights-led processes, minimisation, and transparent purposes.

Secure handling

Controlled access, secure suppliers, and incident procedures.

Clear routes to help

Simple forms for appointment enquiries and privacy requests.

Patient feedback (privacy-related)

“I appreciated how clearly everything was explained before my consultation. I knew exactly how my details would be used.”

— Private consultation patient

“The clinic responded quickly to my data request and made the process straightforward.”

— Website enquiry user

Need help with your information or an appointment?

Use the right route below. We’ll respond as quickly as possible and handle your information in line with UK data protection requirements.

Request an appointment Submit a privacy request

This page is intended for UK users. It may be updated periodically to reflect changes in law, guidance, or our processes.

Useful links

Back to Legal



Updated on 13 Mar 2026