Privacy Policy

Insight Vision Therapy is the trading name of Farzina Hashmani, operating as a sole trader. Farzina Hashmani trading as Insight Vision Therapy is the data controller responsible for the personal data we collect through our website and in the course of providing our services.

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

This privacy policy explains how Insight Vision Therapy collects, uses, stores, and shares your personal data when you:

• - Visit our website
• - Use our contact or enquiry form
• - Contact us by email or phone
• - Book or enquire about Behavioural Optometry or Vision therapy
• - Receive Behavioural Optometry or Vision Therapy services from us

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, and other applicable privacy laws.

Data you provide directly:

When you use our website to contact us, enquire about our services, or request an assessment, we may collect:

• - Your full name
• - Your email address
• - Your mobile/telephone number
• - The patient's name (where different from the person making the enquiry)
• - The patient's age or date of birth (where relevant)
• - Parent or guardian details (where the enquiry relates to a child)
• - Any additional information you choose to include in your enquiry message.

Please do not include excessive sensitive information in the enquiry form. However, if you choose to provide health, vision, educational, developmental, or symptom-related information, we will treat this as a special category health data and protect it accordingly.

Data collected during the course of your care:

If you become a patient, we may also collect and process:

• - Your date of birth and other personal identifiers
• - Your general and ocular health history
• - Your family medical and ocular history
• - Relevant signs, symptoms, visual difficulties, learning concerns, or behavioural observations
• - Details of medicines, spectacles, or contact lenses prescribed for you
• - Details of eye examinations, behavioural optometry assessments, healthcare assessments, and treatments provided
• - Details of vision therapy programmes prescribed and undertaken
• - Assessment findings, clinical notes, progress notes, and correspondence
• - Information from your GP, ophthalmologist, optometrist, school, educational psychologist, occupational therapist, or other healthcare or educational professionals involved in your care, where relevant and appropriate

Data collected automatically:

When you visit our website, we may automatically collect certain technical information, including:

• - Your IP address and approximate location
• - Device and browser type
• - Pages visited and time spent on the website
• - Referral source, meaning how you found our website
• - Cookie or tracking preferences

This data may be collected via cookies and similar technologies. Please see Section 7, Cookies, for more information.

We may collect and process personal data relating to children where a parent or guardian contacts us, books an assessment, or where we provide behavioural optometry or vision therapy services to a child.

Where appropriate, we will communicate with the child's parent or guardian about appointments, assessment findings, therapy programmes, progress, and care.

We will only collect information that is relevant and necessary for the child's assessment, treatment, or care.

Children have rights over their personal data. Depending on the child's age and understanding, we may involve them in decisions about their information where appropriate.

Website enquiries and assessment requests

We use the name, email address, mobile number, and enquiry details you provide to:

• - Respond to your enquiry
• - Provide information about our services
• - Arrange or discuss an assessment
• - Confirm, remind you of, or reschedule appointments
• - Communicate with you about the services you have requested

Legal basis: Article 6(1)(b) UK GDPR: performance of a contract, or steps taken before entering into a contract. Where you are an existing patient, we may also rely on Article 6(1)(f) UK GDPR: our legitimate interests in managing our patient relationships and responding to your requests. Where your enquiry includes health-related information, we also rely on Article 9(2)(h) UK GDPR: processing necessary for the provision of health or social care, including assessing whether our services may be appropriate for you.

Providing behavioural optometry and vision therapy services

We process health and clinical data for the purpose of providing safe and effective behavioural optometry and vision therapy services.

This includes:

• - Assessment
• - Clinical decision-making
• - Treatment planning
• - Vision therapy planning and review
• - Record keeping
• - Communication with patients, parents, or guardians
• - Liaison with other healthcare or educational professionals involved in your care, where appropriate

Legal basis: Article 6(1)(b) UK GDPR: performance of a contract, or steps taken before entering into a contract. Article 6(1)(c) UK GDPR: compliance with legal obligations, where applicable. Article 6(1)(f) UK GDPR: our legitimate interests in providing, managing, and improving our professional services. For health data, which is special category data, we rely on Article 9(2)(h) UK GDPR: processing necessary for the provision of health or social care. This processing is carried out by, or under the responsibility of, a healthcare professional or suitably trained professional subject to confidentiality obligations.

Appointment reminders and service communications

We may use your contact details to send you appointment confirmations, appointment reminders, follow-up information, or important service-related messages.

Legal basis: Article 6(1)(b) UK GDPR: performance of a contract, or steps taken before entering into a contract. Article 6(1)(f) UK GDPR: our legitimate interests in managing appointments and communicating effectively with patients.

Marketing communications

We will only send you marketing communications where:

• - You have consented to receive them; or
• - The law allows us to contact you about our own similar services under the “soft opt-in” rules.

Where we rely on the soft opt-in, this will only apply where you gave us your contact details during a purchase or enquiry about our services, the marketing relates to similar services, and you were given a clear opportunity to opt out when your details were collected and in every marketing message.

You can withdraw your consent or opt out of marketing at any time by contacting us using the details in Section 1 or by using the unsubscribe option in our messages.

Legal basis: Article 6(1)(a) UK GDPR: consent. Article 6(1)(f) UK GDPR: legitimate interests, where the soft opt-in applies.

Website analytics

We may use analytics tools to understand how our website is used, which helps us improve its performance, content, and user experience.

We use analytics information in an aggregated form where possible. However, analytics tools may process online identifiers such as IP addresses, device information, or cookie identifiers.

Legal basis: Article 6(1)(a) UK GDPR: consent, obtained via our cookie consent banner where required.

In order to operate our website and practice, we may use trusted third-party service providers who may process personal data on our behalf.

These may include:

• - Website hosting providers
• - Website maintenance or development providers
• - Email providers
• - Contact form providers
• - Clinical record systems, where applicable
• - Booking or calendar software providers, where applicable
• - Payment processors, where applicable
• - Analytics providers, such as Google Analytics, where enabled
• - Communication platforms used to send appointment confirmations or service messages

All third-party providers are required to process your data only on our instructions and in accordance with applicable data protection law.

Where required, we enter into appropriate Data Processing Agreements with these providers.

Where any of these providers transfer data outside the UK, we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses, an adequacy decision, or another lawful transfer mechanism.

You may contact us if you wish to know more about the specific service providers we use.

Our website uses cookies and similar technologies. Cookies are small text files stored on your device to help websites function properly and improve user experience.

We store your personal data securely in our electronic systems, with access limited to authorised personnel only.

We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, misuse, alteration, or destruction.

Retention periods

We retain your personal data only for as long as necessary for the purposes for which it was collected, including legal, professional, regulatory, accounting, or reporting requirements.

Our usual retention periods are:

In exceptional circumstances, we may retain data for longer where required by law, professional obligations, regulatory requirements, or to establish, exercise, or defend legal claims.

We process your personal data in strict confidence. We do not sell your personal data.

We may share your personal data only where necessary and appropriate, including:

• - With healthcare professionals within our practice and those working under our supervision
• - With your GP, ophthalmologist, optometrist, school, educational psychologist, occupational therapist, or other healthcare or educational professionals involved in your care, where relevant and appropriate
• - With parents or guardians, where the patient is a child and it is appropriate to do so
• - With another optical or healthcare practice, but only where appropriate or where you specifically request this
• - With our service providers, such as website hosting providers, email providers, contact form providers, clinical record systems, booking software, payment processors, and analytics providers
• - With professional advisers, such as accountants, insurers, legal advisers, or regulatory advisers, where necessary
• - Where we are legally required to do so, such as in response to a court order, safeguarding concern, regulatory requirement, or legal obligation

We share only the minimum information necessary for each purpose.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

All decisions about your assessment, care, treatment, or vision therapy programme are made by a qualified human practitioner.

Under the UK GDPR and the Data Protection Act 2018, you have rights in respect of your personal data. These include:

We treat patient information confidentially and only share information where there is a lawful and appropriate reason to do so.

In limited circumstances, we may need to share information without your consent, for example where there is a safeguarding concern, a serious risk of harm, a legal obligation, or a regulatory requirement.

Where this happens, we will only share the information that is necessary and appropriate in the circumstances.

If you are unhappy with how we have handled your personal data, please contact us in the first instance and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office, the UK's independent data protection regulator.

We may update this privacy policy from time to time to reflect changes in our services, website, systems, or applicable law.

When we do, we will update the “Last updated” date at the top of this page.

Any updated version will apply from the date it is published on our website. Where required by law, we will notify you of significant changes or seek your consent.