Who we are?
Pleiades Optics Limited is a private independent Opticians and Audiologists, trading as John Daly Opticians, with a registered address at 77 Oliver Plunkett Street, Cork, Ireland.
Your Privacy
This Notice provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality, and adherence to the AOI Code of Conduct on Privacy, the GDPR, and Data Protection Act.
Collection of your Personal Data
Where you provide personal data to us, we will become responsible for it as the data controller.
We will only collect data that is necessary for us to deliver the best possible service and ensure that you are reminded about appointments or information relevant to your ongoing care.
We collect your personal information directly from you, for example, when you visit our practice, get in touch with us by telephone or email, use our booking system or when you visit our website.
We may also collect it from other sources if it is legal to do so. This includes from the HSE or other healthcare providers, institutions, or people you have authorised to provide information on your behalf (for example, parents or guardians), third-party service providers, government, tax or law-enforcement agencies, and others.
Main Categories and Type of Personal Data Collected and processed.
| Processing Activity | Personal Data Required/Held | Retention Time | Reason to hold Data |
| Optical service and products | Name, date of birth, telephone numbers, address, and email. Current and past health and medication information, family history, your examination results, and lifestyle information. Data received from other healthcare professionals as part of your ongoing care |
10 years after last contact or until age 25, whichever is later | Contract – in order to provide the service or products you have requested.
Where health data is processed, we do so for the provision of healthcare |
| Hearing care service and products | Name, date of birth, telephone numbers, address and email Current and past health and medication information, family history, your examination results, and lifestyle information. Data received other healthcare professionals as part of your ongoing care |
10 years after last contact or until age 25, whichever is later | Contract – in order to provide the service or products you have requested.
Where health data is processed, we do so for the provision of healthcare. |
| Reminders | Name, email address, address, telephone numbers | 10 years after last contact or until age 25, whichever is later or until asked to stop by you | Contract – In order to provide the ongoing service appointment reminders are sent |
| Marketing | Name, email address, address, telephone number | Until asked to stop by you or until consent withdrawn by you | Legitimate interests – we will provide information which we believe is of genuine interest to you.
Consent – you have given consent to receive information about products or services that are of interest to you |
| Credit/Debit card payments | Cardholder name, card number, security number | Duration of the transaction | Contract – you have agreed to provide these details to pay for the service or products ordered |
| CCTV footage | Images | 30 days | Legitimate interests – Prevention and detection of crime. Protection of our colleagues and visitors. Investigation of accidents, incidents, criminal activities, and breaches of our policies. |
We treat all personal data as sensitive but acknowledge that we also process special category data including health data.
Sharing of Personal Data
During the delivery of our service to you, we will share your data with other companies in our group, who are critical for the provision of our service to you. We will also share your data with companies who are critical for the provision of our services to you and will be viewed as data processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.
Our operations are based in Ireland, and your personal information is generally processed within Ireland, the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the EU, UK and EEA.
If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.
A full list of processors is available from our Data Protection Officer.
Where necessary we may disclose your information to health care professionals including the HSE.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
We may also pass information to external agencies and organisations, including law enforcement, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers, and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
Securing and Processing of your Personal Data
In line with the AOI Code of Conduct for handling personal data and the GDPR we are committed to protecting the privacy of your personal data.
To provide and manage our services your electronic data is stored and processed by Optix Software Ltd within their UK facilities, certified to ISO27001, which has appropriate security processes in place.
Your data is also stored within our own IT systems, which are secured to prevent access or intrusion by anyone who is not authorised to have access to your data. Our practice(s) are operated to ensure that all records and equipment holding your personal data are physically protected.
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorized, we will inform you if the loss or unauthorised access of your data has potential to cause you harm. We will notify the Data Protection Commission of any data breaches where we are unable to demonstrate that the personal data breach is unlikely to result in a risk to the individual(s).
Your rights in relation to personal data
Under GDPR, you have following rights which you can exercise by emailing our Data Protection Officer on JohnDalyDPO@clinicaldpo.com
| Right | Explanation |
| Right to be Informed | This means that we have to be transparent in how we collect and use your personal data |
| Right of Access | You have the right to access your personal data. |
| Right to Rectification | If the information we hold about you is inaccurate or incomplete, you can request that we correct this |
| Right to Erasure | You can request that we delete or remove personal data in certain circumstances |
| Right to Restrict Processing | You have the right to request that we cease processing your data if:
We will review the validity of your request and respond to you with our decision |
| Right to Data Portability | Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party |
| Right to Object | You have the right to object to our processing in certain circumstances. For example, you can object to:
|
| Rights relating to Automated Decision-Making including Profiling | We do not use automated decision-making or profiling. Where automated decision-making is applied, organisations must:
|
If you are unhappy with anything we have done with your data, you have the right to complain to the Data Protection Commission.
To make a complaint to the Data Protection Commission use the link below.
https://forms.dataprotection.ie/contact
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28, Ireland
How to contact us?
For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:
Data Protection Officer: Clinical DPO
Phone Number: 0203 411 2848
Email: JohnDalyDPO@clinicaldpo.com