Privacy Policy

Aristone Optical (KADOPTICAL LTD) 356 North End Road, Fulham, London SW6 1LY Version 1.0 | May 2026

1. About This Policy

This Privacy Policy explains how Aristone Optical (trading name of KADOPTICAL LTD) collects, uses, stores, and protects your personal information when you visit our practice, use our website at www.aristoneopticians.com, or receive any of our services.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Please read this policy carefully. If you have any questions, please contact us using the details set out in Section 13.

2. Who We Are: Data Controller Details

The data controller responsible for your personal information is:

Business Name: Aristone Optical (KADOPTICAL LTD) Address: 356 North End Road, Fulham, London SW6 1LY Telephone: 020 7385 9772 Website: www.aristoneopticians.com Data Protection Contact: Ritesh Dhorajiwala, Owner

3. What Personal Data We Collect

3.1 Patient Data

When you attend Aristone Optical for an eye examination, contact lens fitting, or any other optical service, we collect the following information:

Full name, date of birth, and contact details (address, telephone number, email address)
NHS number (where applicable)
General and ocular health history, and family medical and ocular history
Details of any medicines, spectacles, or contact lenses prescribed to you
Records of examinations, test results, and clinical checks we carry out
Information about your ongoing care received from other health professionals
Payment information for goods and services provided

3.2 Website & Contact Form Data

When you use our website or submit an enquiry or appointment request through our online contact form, we may collect:

Your name, email address, and telephone number
The content of any message you send us
Technical data such as your IP address, browser type, and pages visited (via cookies — see Section 11)

3.3 Special Category Data

Health and medical information is classified as "special category data" under UK GDPR and receives the highest level of protection. We handle all clinical records accordingly.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

Providing and managing your eye care, clinical examinations, and optical services
Sending appointment reminders and follow-up communications regarding your eye health
Processing NHS referrals and liaising with ophthalmologists, GPs, and other healthcare providers
Issuing prescriptions and arranging supply of spectacles, contact lenses, and optical appliances
Managing payments and invoicing for goods and services
Sending you marketing communications about relevant products and services (where you have consented or we have a legitimate interest — see Section 5)
Complying with our legal and regulatory obligations as an optical practice
Improving and operating our website and online services

5. Our Legal Basis for Processing Your Data

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:

NHS & Private Eye Care: Provision of Health or Social Care (Article 9(2)(h) UK GDPR) Processing health records, prescriptions, and clinical information is necessary for the provision of healthcare. This is our primary lawful basis for processing special category (health) data.

NHS Services: Public Task (Article 6(1)(e) UK GDPR) When providing NHS-funded services under the General Optical Services contract, our legal basis is the performance of a public task.

Appointment Reminders & Service Communications: Legitimate Interests (Article 6(1)(f) UK GDPR) We have a legitimate interest in contacting you about appointments and services directly relevant to your eye care. We balance this against your rights and will always provide a way to opt out.

Marketing: Consent (Article 6(1)(a) UK GDPR) Where we send marketing communications about products and promotions, we do so on the basis of your consent or legitimate interest. You may withdraw your consent or object at any time — see Section 9.

Regulatory Compliance: Legal Obligation (Article 6(1)(c) UK GDPR) We process certain data to comply with our legal obligations, for example HMRC requirements and General Optical Council (GOC) regulatory standards.

6. How We Share Your Personal Data

We treat all patient information in strict confidence. We will only share your personal data in the following circumstances:

Healthcare professionals at our practice and those under their clinical supervision
Your GP, ophthalmologists, and other healthcare providers involved in your care (for example, Western Eye Hospital or Moorfields Eye Hospital) - only where clinically necessary
Other optical practices - only where you have specifically requested us to pass your data (for example, transferring your prescription)
Suppliers of optical appliances, spectacles, or contact lenses, in connection with fulfilling your prescription
Our practice management software provider, used to maintain patient records and manage appointments
Financial institutions and payment processors, to process payments for our services
Law enforcement or regulatory authorities (for example, the police, GOC, or ICO), where we are legally required to do so
Our professional insurers, in connection with any insurance claim

7. How Long We Keep Your Data

We retain your personal data for no longer than is necessary for the purposes for which it was collected. Our standard retention periods are:

Type of Data & Retention Period

Patient clinical records (adults) 10 years after last contact, as recommended by the College of Optometrists
Patient records (under 18 at time of collection) 10 years, or until the patient's 25th birthday — whichever is later
NHS records As mandated by NHS requirements
Website enquiry / contact form data 12 months, or until your enquiry is resolved
Marketing consent records Until you withdraw consent, plus a reasonable period thereafter
Financial / payment records 6 years, in line with HMRC requirements

In exceptional cases where we are required to retain data for a longer period (for example, in connection with a legal claim), we will inform you of our reasons on request.

Clinical records will not usually be deleted before our standard retention period even if you exercise your right to erasure — see Section 8 for more detail.

8. Your Rights Under UK GDPR

You have the following rights in relation to the personal data we hold about you:

The right to be informed about how we use your personal data: this Privacy Policy fulfils that obligation.
The right of access: you may request a copy of the personal data we hold about you (known as a Subject Access Request). We will respond within one calendar month, free of charge in most cases.
The right to rectification: you have the right to have inaccurate or incomplete data corrected.
The right to erasure ("right to be forgotten"): you may request that we delete your personal data where there is no compelling reason for us to continue processing it. Please note this right does not apply to clinical health records that we are legally or professionally obliged to retain.
The right to restrict processing: you may ask us to restrict how we use your data in certain circumstances.
The right to data portability: you have the right to receive your personal data in a structured, commonly used format, where processing is based on consent or contract.
The right to object: you have the right to object to processing based on legitimate interests, and to object to direct marketing at any time.
Rights related to automated decision-making: we do not carry out automated decision-making or profiling in relation to your personal data.

To exercise any of the above rights, please contact Ritesh Dhorajiwala using the details in Section 13. We will respond within one calendar month as required by UK GDPR.

9. Marketing Communications

We may contact you by email or SMS to let you know about eye care services, promotions, and relevant products that may be of interest to you. We do this on the basis of your consent or our legitimate interests as an optical practice.

You can opt out of marketing communications at any time by:

Clicking the unsubscribe link in any marketing email
Replying STOP to any marketing SMS
Contacting us directly using the details in Section 13

Opting out of marketing will not affect the clinical and appointment reminder communications we need to send you as part of your ongoing eye care.

10. How We Protect Your Data

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These include:

Secure electronic patient record systems with access controls restricted to authorised clinical staff
Physical security at our practice premises
Secure storage of any paper records
Regular staff training on data protection and confidentiality obligations
Use of software providers that meet industry security standards

In the event of a personal data breach that poses a risk to your rights and freedoms, we are legally required to notify the ICO within 72 hours and, where appropriate, to notify you directly.

11. Cookies & Website Tracking

Our website at www.aristoneopticians.com uses cookies — small text files placed on your device — to help us understand how visitors use the site and to improve your experience.

Cookies we may use include:

Strictly necessary cookies - required for the website to function (for example, remembering your session or form data)
Analytics cookies - to understand how visitors interact with our website (for example, pages visited and time spent). These are only set with your consent.

You can control and manage cookies through your browser settings at any time. Disabling cookies may affect the functionality of some parts of our website.

12. Links to Third-Party Websites

Our website may contain links to third-party websites (for example, NHS services, eyewear brand websites, or Google Maps). This Privacy Policy applies only to Aristone Optical. We are not responsible for the privacy practices of any third-party websites and encourage you to read their own privacy policies separately.

13. Contact Us & Making a Complaint

13.1 Your Data Protection Contact

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal data, please contact:

Ritesh Dhorajiwala, Owner Aristone Optical, 356 North End Road, Fulham, London SW6 1LY Telephone: 020 7385 9772 Web: www.aristoneopticians.com/contact

13.2 Right to Complain to the ICO

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data. We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO, and ask that you reach out to us in the first instance.

ICO Website: www.ico.org.uk ICO Helpline: 0303 123 1113 ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our services, legal requirements, or data processing practices. When we make material changes, we will update the version number and date at the top of this document and, where appropriate, notify you directly.

The current version of this policy is always available on our website at www.aristoneopticians.com.