Last updated: 23/2/26

This Privacy Policy explains how personal information is handled when you visit this website or contact us using the details provided. This policy applies only to interactions with this website. The processing of clinical and healthcare information is governed separately by our Patient Privacy Notice, which applies once you contact us regarding care or become a patient.

This website is operated by John Sharp Eye Surgery Ltd, a private ophthalmology clinic based in the United Kingdom. We are the data controller for the purposes of data protection law.

ICO Registration Number: ZB312367

We aim to keep website data collection to a minimum.

This website does not use marketing cookies, advertising pixels, or analytics tools.

Our hosting provider may use strictly necessary cookies to ensure the security and basic functionality of the website. These cookies are essential and exempt from consent requirements under UK law.

Our web server automatically logs limited technical information, such as IP address, browser type, and access timestamps. This information is used for security monitoring and system maintenance only. It is processed in aggregate form and is not used to identify individuals.

If you choose to contact us by email or telephone, we may process:

• Your name and contact details
• Information you voluntarily include in your enquiry

Security note: Email is not a fully secure method of communication. We recommend that you avoid sending detailed or highly sensitive medical information by email until a secure communication channel has been established. If health-related information is received, it will be handled in accordance with our Patient Privacy Notice.

We process personal data for the purpose of responding to enquiries and managing communications.

The lawful basis for this processing is Legitimate Interests under UK GDPR. We do not use website-related personal data for marketing purposes without your explicit consent.

Our website is hosted by a third-party provider. As a global hosting provider, this may involve the processing of limited technical data on servers located outside the United Kingdom, including the United States.

Where international transfers occur, appropriate legal safeguards are in place, including Standard Contractual Clauses, to ensure that personal data is protected to UK GDPR standards.

We take reasonable technical and organisational measures to protect personal data processed via this website. However, no method of internet transmission is completely secure, and information is transmitted at your own risk.

Under UK GDPR, you have rights in relation to your personal data, including the right to:

• Request access to your data
• Request correction of inaccurate data
• Object to or restrict certain types of processing

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites and encourage you to review their privacy policies.

If you have concerns about how your data is handled, you may contact us directly using the details above or complain to the Information Commissioner’s Office (ICO):

https://ico.org.uk

0303 123 1113

Last updated: 23/2/2026

This Patient Privacy Notice explains how John Sharp Eye Surgery Ltd collects, uses, and protects personal and health information relating to patients and prospective patients.

We provide services to adult patients only and do not treat individuals under the age of 18.

John Sharp Eye Surgery Ltd is a private ophthalmology clinic based in the United Kingdom.

For the purposes of data protection law, we are the data controller.

We may process the following categories of information:

• Name, date of birth, address
• Email address and telephone number
• GP and referrer details
• Private medical insurance details (where applicable)

• Medical history and symptoms
• Examination findings and diagnoses
• Imaging and test results
• Treatment plans and clinical correspondence

This information may be obtained directly from you, from referrers, or through communications by email or telephone.

We use your personal and health information to:

• Provide ophthalmic assessment, diagnosis, and treatment
• Communicate with you regarding appointments and care
• Maintain accurate and safe clinical records
• Liaise with other healthcare professionals involved in your care
• Meet legal, regulatory, and professional obligations

Under UK GDPR and the Data Protection Act 2018, we process personal and health information on the following lawful bases:

• Article 6(1)(b) – processing necessary for the provision of healthcare services
• Article 6(1)(c) – processing necessary to comply with legal obligations
• Article 9(2)(h) – processing necessary for medical diagnosis, the provision of healthcare, and healthcare management
• Data Protection Act 2018, Schedule 1, Part 1

We do not rely on consent as the primary legal basis for processing clinical data, as healthcare records must be maintained for patient safety and legal reasons.

If you choose to communicate with us by email or telephone, any health-related information you provide will be treated as confidential and handled in accordance with this notice.

Relevant information may be incorporated into your clinical record to ensure continuity and safety of care. While we take reasonable steps to protect communications, electronic communications carry inherent security risks.

We share only the minimum necessary information, and only where appropriate, with:

• Your GP or referring optometrist
• Other healthcare professionals involved in your care
• Third-party providers such as laboratories or imaging services
• Your private medical insurer, where applicable
• Regulatory or legal bodies where required by law

Medical records are retained in accordance with professional guidance and legal requirements. For adult patients, records are typically retained for a minimum of 8 years following the last episode of care, or longer where required.

We take appropriate technical and organisational measures to safeguard personal and health information, including:

• Restricted access to clinical systems
• Secure storage of records
• Confidentiality obligations for all staff and contractors

Under UK GDPR, you have the right to:

• Access your personal and medical records
• Request correction of inaccurate or incomplete information
• Request restriction of processing in certain circumstances
• Raise concerns about how your data is handled

Note on erasure: The right to erasure (the “right to be forgotten”) does not generally apply to clinical records, as we are required to retain these for patient safety, legal compliance, and professional indemnity purposes.

To make a data protection request or raise a concern, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

https://ico.org.uk

0303 123 1113