Privacy statement

We are registered as a data controller with the Information Commissioner’s Office, Registration Number Z5718812. Our Data Protection Officer is our Head of Secretariat, contactable via IG@optical.org

We are committed to maintaining robust Information Governance policies and processes to ensure compliance with relevant legislation. 

Any information you supply will be stored and processed by us in accordance with the UK General Data Protection Regulation (UK GDPR) Data Protection Act 2018. Any reports published using this information will not contain any personally identifiable information – unless requested by you. However, we may provide anonymised responses to third parties for quality assurance, or approved research projects on request.

We do however publish our hearing determinations on our website which may contain personal identifiable information. Transcripts of hearings can be requested from the GOC in writing however personal identifiable information will be removed before they are disclosed.

Why we use personal data

We are a statutory regulator, and our role is to protect the public through conducting our four statutory functions.

Our primary personal data processing purpose is in the exercise of official authority or as part of our public task.

We also use personal data to:

  • comply with legal obligations, for example we share some personal data with tax authorities;
  • fulfil our contractual obligations, for example we use personal data to pay our employees;
  • communicate with people who have asked us to provide them with information about regulation and our regulatory activities.

Contents

  1. Your personal information
  2. Equality, Diversity and Inclusion
  3. Disclosure
  4. Registrant Personal Information (Optometrists, Dispensing Opticians and Students)
  5. Employees and Members
  6. Cookie Notice
  7. How you can contact us

Your personal information

How we use your personal data

How we use your data will depend on your relationship with us. We collect your personal data if you register with us as an optometrist or dispensing optician, business or a student, request to join one of our mailing lists, take part in a consultation, apply to work with us, provide CET courses, raise concerns regarding our services, raise concerns regarding a registrant’s fitness to practise or legal practice, make a freedom of information or subject access requests, or contact us via social media, telephone, post or via email.

When you contact us, we will use the information provided, and may seek further information, to process and respond to your complaint or request including obtaining further information to allow us to do so; maintaining contact with you to manage our relationship, compiling statistics, and you may receive email communication inviting you to complete a customer satisfaction survey. We will use that information to quality assure and audit our processes to ensure we are meeting our statutory obligations and within the legitimate interests of improving our service.

GOC mailing lists

Our website gives users the opportunity to subscribe to a variety of mailing lists. Users are able to subscribe to receive GOC newsletters or alerts about topics such as hearings, consultations or events. We will process subscriber information gathered from either our website or from GOC events, specifically email addresses, for the sole purpose of sending these newsletters and alerts. Users are able to unsubscribe by emailing communications@optical.org. We will never provide your personal data to third parties for their marketing purposes. We will never provide your personal data to third parties for their marketing purposes.

Consultations

We may use our website to carry out consultation exercises or electronic surveys. If you send comments to us via our website we will collect your comments and contact details for the purposes of the consultation/survey concerned.

Third Party Service Providers

We have contracts with other organisations (or third parties) to carry out certain activities or services on our behalf, including but not limited to legal support, translation, research and monitoring, print house, transcribing and bulk mail delivery.

Before we share your personal data with them we will ensure that:

  • they are only provided with the information they need to carry out the service,
  • they agree not to use the information received from us for any other purpose than those specified by us; and
  • they have the proper systems in place to protect personal data.

Information regarding successful and unsuccessful tenders will be held in line with our retention schedule.

Equality, Diversity and Inclusion

We are committed to treating everyone fairly and meeting our legal responsibilities under the Equality Act 2010 and related legislation (such as the Human Rights Act 1998). One of the ways we do this is by asking people to provide information about their ethnicity, disability, gender, gender identity, sexual orientation, religion and beliefs, carer responsibilities, pregnancy and maternity, marital status and age.

If you choose to provide us with this information (sometimes referred to as Special Category Information), we will keep it confidential and hold it securely in line with UK GDPR and DPA 2018 and other relevant legislation. We will use the information you give us to analyse and report on statistical trends in optical education and practice in the UK. We will anonymise any data we publish so you cannot be identified.

The information will be used strictly in line with our Approach to EDI Monitoring Statement and in compliance with all applicable data legislation.

If you apply to work for us, we will only use the information you supply to us to process your application and to monitor recruitment and workforce statistics.

Collecting EDI data for Consultation Responses

Our Appropriate Policy Document: Collecting EDI data for Consultation Responses outlines how we process and safeguard EDI data when individuals respond to our consultations on the GOC consultation hub

Disclosure

We will not use or transfer your private personal data to third parties for marketing purposes.

We reserve the right to disclose personal information when required by law; to conduct our statutory functions or allow another regulatory body to conduct theirs, if we reasonably believe that it is necessary to protect, establish or exercise legal rights or defend against legal claims; in situations involving potential threats to physical safety or rights, property or safety of the GOC, our registrants or others; if it is in the public interest to do so and always in accordance with the UK GDPR and DPA 2018 and other relevant legislation.

For more information about when your data may be disclosed, please see our Disclosure policy.

Registrant Personal Information (Optometrists, Dispensing Opticians and Students):

During registration, retention and restoration processes to join the register

If you provide your details when enquiring about registration with us we will use that information (in order for us to fulfil our public task):

  • to process your enquiry or application; and
  • to compile statistics.

Public and Private Registrant information

Any member of the public can search our public register on our website. Upon successful joining to the register, some information is published. Other information is held privately to enable us to carry out our statutory functions and will not be disclosed without legitimate justification to do so, in line with the GDPR and DPA 2018.

We process the following registrant/applicant information when considering applications:

Upon successful application to join, renew or restore to the register, this information is published on our public register

This information will never be disclosed to a third party without justification to do so, in line with GDPR and the Data Protection Act

Full name Date of birth
Title Former names or aliases
Gender Home address
GOC number Email address
Practice address(es) Telephone number
Home town Insurance Status and details declarations – criminal and disciplinary proceedings
Optical qualifications Declarations – physical or mental health
Registration status Copy of ID document (passport, EU identity card or UK driving license)
Date of most recent registration Equality, Diversity and Inclusion monitoring data
Registered specialities Income declaration documentation (low income fee)
Outcome of FTP investigations

We will retain details of your application on our files (electronic and hardcopy).

Once registered

If you are registered with us we will use the personal information provided by you, via the relevant registration, renewal or restoration application forms and any other related forms, for the following purposes:

  • administer and maintain your registration;
  • update and maintain the public registers;
  • process fitness to practise complaints;
  • compile statistics, undertake research, quality assure or audit our processes
  • fulfil our statutory duties; and
  • keep you updated with information about the GOC, including guidance, news and opportunities to be involved with our work.

We will retain details of your application on our files and may disclose this information to optical regulators in the EEA and elsewhere, upon request.

Once registered some of the personal data (name and contact details) you provide as well as your GOC number will be added to the MyGOC and MyCET systems. Both of these systems are managed by the GOC.

Updating your data

You are responsible for ensuring the accuracy of your personal data and you must inform us immediately of any changes, either through MyGOC or via our Registration Team.

Disclosure of registrant/applicant information

In order for us to conduct our statutory functions, we may be required to disclose information about you to third parties or publish some information on our website. We will only do this in accordance with the UK GDPR and DPA 2018. For more information about when your data may be disclosed, especially during our Fitness to Practise proceedings, please see our Disclosure policy.

GOC tools

My CET/MyGOC are platforms for GOC registrants and CET providers, and personal information is linked to our internal systems.

Employees and members

Recruitment

During recruitment processes we collect:

  • full name;
  • address;
  • date of birth;
  • telephone number;
  • email address;
  • CV, application form/covering letter;
  • references;
  • declarations;
  • equality, diversity and inclusion monitoring; and
  • proof of right to work documentation (such as passport); and
  • any other relevant information required to process an application.

During our recruitment processes, other information may be collated (e.g. interview notes, interview scores). This information will be added to a recruitment file for each candidate. Recruitment files will be held in line with our retention schedule. 

Personal information about unsuccessful candidates will be held in line with our retention schedule. We retain de-personalised (anonymised) statistical information about applicants to help inform our recruitment activities.

Current employees and members

Once a person has taken up a position with us, we will compile a file relating to their appointment. The information contained in this will be kept secure, with restricted access and will only be used for purposes directly relevant to that person's employment/appointment, including business continuity and staff welfare. This may include providing names and contact details to external third parties, such as training providers, IT providers or HR services.

For some member appointments, we are required to provide some of your personal information to a number of third parties including, but not limited to the Privy Council , Professional Standards Authority and the Charity Commission.

As per our Management of Interests policy, we also publish some employee and member interests. We may also share this information with third party providers for the purpose of administration and management of the role an/ or the business of the GOC. For further information, please consult our policy or contact the Secretariat team.

We are also required to publish Gifts and Hospitality and the remuneration of the Senior Management Team and Council.

Former employees and members

Once appointment has ended, we will retain the individual’s file in accordance with the requirements of our retention schedule and then destroy it.

What we use your personal information for and our reason for processing your personal information

Information processing activity Information we process about you Information we share about you Lawful Basis for sharing
Registration

 

 

We hold information about opticians, dispensing opticians, student optometrists, student dispensing opticians and Body Corporates who are registered with us (our registrants).

We also hold information about individuals who apply for registration, and individuals whom are no longer registered with us.

For registration purposes we hold information about our registrants’ nationality, qualifications, employment history, and other relevant evidence in support of their application for registration.

We hold data about our registrants’ health and criminal convictions if they have provided this information as part of their application.

We hold contact information about our registrants and depending on how they pay their Annual Retention Fee we also hold bank account or credit card information.

We are required to publish some of this information on the public register.

We share non-public registration information with relevant third parties when it is necessary to assist them with their functions or legitimate interests

Third parties may include UK health departments, employers, designated bodies, responsible officers, suitable persons and other bodies where appropriate. This information may include but is not limited to date of birth, photograph, passport details, registered email address, registered address and whether a registrant is being investigated under our fitness to practise procedures.

Statutory Obligation (Art 6, C, of the UK GDPR)

Under the Opticians Act, the GOC has a statutory duty to maintain a register of individuals who are qualified and fit to practise, train or carry on business as optometrists and dispensing opticians.

 

Public Task (Under Art 6, E, of the UK GDPR)

We are required to process information to carry out our task as a regulatory body in the public interest.

Consent from registrants

Applications for overseas registration

We are required to share information with overseas regulators when we Certificates of Current Professional Status (CCPS) on behalf of registrants who are applying for registration with an overseas optical regulatory body. In this instance we will require applicants to sign a declaration providing consent to share their personal data. Applicants who provide consent also have the right to withdraw their consent at any time.

We require consent from registrants to obtain health records.

We also require consent from our complainants.

Consent (Under Art 6, A, of the UK GDPR)

In instances where we seek consent we will require a consent form to be completed. Consent may be withdrawn at any time in writing to the GOC

Fitness to Practise

 

 

 

We are required under the Opticians Act to investigate Fitness to Practise (FTP) concerns.

If you raise a concern about a Optician or Dispensing Optician with us, we will use the information you provide to investigate those concerns.

We hold information about fitness to practise concerns, investigations of concerns, records of hearings, and records of the outcome of our investigations, including sanctions and warnings.

We hold information about patients, including medical records, where it has been provided as part of a complaint or is necessary for our investigation.

We hold information about registrants’ health and criminal convictions where it is relevant to the concern that we’re considering.

We have the power to require the disclosure of medical records and criminal records if necessary.

During an investigation we may disclose details of the investigation to other organisations or individuals where it is necessary for us to carry out our statutory functions.

We share information about recent sanctions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.

We require consent from complainants to share their complaint with the registrant, the OCCS and the PSA. We also require consent to obtain a complainant’s optical/medical records. In this instance complainants and registrants who provide consent also have the right to withdraw their consent at any time in writing to the GOC. 

Statutory Obligation (Art 6, C, of the UK GDPR)

Under the Opticians Act, the GOC has a statutory duty to to investigate and act where registrants’ fitness to practise, train or carry on business is impaired.

 

Public Task (Under Art 6, E, of the UK GDPR)

We are required to process information to carry out our task as a regulatory body in the public interest/

Employment or member appointment

 

Fulfil contractual requirements

We appoint or employ individuals to conduct the tasks required of the Council. We hold information about these individuals, as well as those who have applied but been unsuccessful in the recruitment or appointment processes, and those who have ceased employment or appointment.

For us to complete this function, we hold personal and special category information which includes health records, criminal convictions, financial information as well as equality monitoring and next of kin information where this has been provided.

We share employee and member personal or financial information with relevant third parties when it is necessary to fulfil our statutory functions, for example in vetting and assurance checks, financial arrangements such as pensions and season ticket loans, and other contractual activities like training administration or health and safety reporting, or within our legitimate interests.

Contractual Obligations (Under Art 6, B, of the UK GDPR)

We are required to fulfil our contractual obligations.
Research

 

We conduct and commission research on a range of topics to support our regulatory functions related to registration, fitness to practise, and optical education and training.

The personal data which we use to carry out our regulatory functions can also be used for research which supports those functions. This includes demographic information, employment and fitness to practise history, and details of complaints.

We share personal data with researchers if it is necessary to do so. We only share what is necessary for the research, using secure methods.

When we publish research or statistics we apply disclosure controls to make sure individuals can't be identified from the data.

Statutory Obligation (Art 6, C, of the UK GDPR)

Under the Opticians Act, the GOC has a statutory duty to set standards for optical education and training, performance and conduct.

 

Public Task (Under Art 6, E, of the UK GDPR)

We are required to process information to carry out our task as a regulatory body in the public interest.

Consultation

 

We run consultations on a range of topics relating to our regulatory functions. As part of the process, we record the names and contact information of respondents, as well as their answers.

We hold this information so that we can carry out research and analysis of the responses and keep in touch with respondents about the outcome of the consultation and notify them of any upcoming GOC consultations where they have provided us with consent to do so.

At the end of the consultation process, we will publish reports explaining our findings and conclusions.

We won’t include any personally identifiable information in these reports but may include illustrative quotes from consultation responses.

We may also provide responses to third parties for quality assurance or to approved research projects, which are anonymised before disclosure where possible.

Statutory Obligation (Art 6, C, of the UK GDPR)

Under the Opticians Act, the GOC has a statutory duty to set standards for optical education and training, performance and conduct.

Consent after consultations

Respondents contact information

We may contact respondents of consultations about upcoming consultations.

Consent (Under Art 6, A, of the UK GDPR)

In instances where we seek consent we will require a consent form to be completed. Consent may be withdrawn at any time in writing to the GOC.

Contractors, suppliers and other third party data processors

Fulfil contractual requirements

We use contractors, suppliers and other third-party data processors to enable us to complete our activities.

We may hold personal information regarding these individuals which will only be used for the purpose of fulfilling the contractual requirements and enabling business to continue.

Where we share personal information with third parties will ensure there are adequate contracts or agreements in place to protect the data that they use. We maintain our role as data controller.

Contractual Obligations (Under Art 6, B, of the UK GDPR)

We are required to fulfil our contractual obligations.

How you can contact us

If you have any questions about this privacy policy or about how we handle your personal data, please email or write to us at:

Information Governance Officer - Head of Secretariat
Email: IG@optical.org
Compliance Team
General Optical Council
10 Old Bailey
London
EC4M 7NG