support@cesmedical.co.uk
01634 963222
Locations

Privacy & Policy

CES Medical - Comprehensive Eye Care
Last Updated: 30 December 2025
Effective Date: 30 December 2025

1. Introduction

CES Medical ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in any way.

This policy applies to all personal data processing activities carried out by CES Medical, including our websites, clinics, and all related services. We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Details

  • Company Name: CES Medical Ltd
  • Registered Address: Maidstone Innovation Centre, Gidds Pond Way, Weavering, Maidstone, England, ME14 5FY
  • Contact Email: support@cesmedical.co.uk
  • Phone: 01634 963222
  • ICO Registration Reference: ZB998269

Data Protection Officer (DPO)

Our Data Protection Officer is responsible for overseeing data protection compliance and is available to answer any questions about how we handle your personal data.

You can contact our DPO at any time regarding data protection matters or to exercise your rights under GDPR.

2. Information We Collect

2.1 Personal Information You Provide

Patient Information:

  • Full name, date of birth, and contact details
  • NHS number and medical insurance information
  • Medical history and current health conditions
  • Medication details and allergies
  • Emergency contact information
  • Payment and billing information

Appointment and Service Information:

  • Appointment dates, times, and locations
  • Treatment preferences and requirements
  • Communication preferences
  • Feedback and survey responses

Website and Digital Information:

  • Contact form submissions
  • Newsletter subscriptions
  • Online appointment requests
  • Account registration details

2.2 Information We Collect Automatically

Website Usage Data:

  • IP address and browser information
  • Pages visited and time spent on site
  • Referring websites and search terms
  • Device type and operating system
  • Cookies and similar tracking technologies

Clinical Data:

  • Examination results and test outcomes
  • Diagnostic images and scans
  • Treatment records and surgical notes
  • Progress monitoring and follow-up data
  • Prescription and medication records

2.3 Information from Third Parties

Healthcare Providers:

  • Referral information from GPs and optometrists
  • Medical records from other healthcare providers
  • Insurance authorization and coverage details
  • NHS patient data and referral systems

Professional Networks:

  • Information from medical colleagues and consultants
  • Laboratory and diagnostic service results
  • Specialist consultation reports

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Consent

  • Marketing communications (with your explicit consent)
  • Non-essential cookies and tracking
  • Photography for marketing purposes (with consent)
  • Research participation (with explicit consent)

3.2 Contract Performance

  • Providing medical services and treatments
  • Processing appointments and bookings
  • Billing and payment processing
  • Insurance claim processing

3.3 Legal Obligation

  • NHS reporting requirements
  • Professional regulatory compliance
  • Health and safety obligations
  • Financial record keeping requirements

3.4 Vital Interests

  • Emergency medical treatment
  • Safeguarding vulnerable patients
  • Public health emergencies

3.5 Legitimate Interests

  • Improving our services and patient care
  • Internal administration and record keeping
  • Fraud prevention and security
  • Business development and planning

For processing special category health data, we rely on the additional legal basis that it is necessary for the purposes of preventative or occupational medicine, for medical diagnosis, and for the provision of health or social care or treatment.

4. How We Use Your Information

4.1 Primary Healthcare Purposes

Direct Patient Care:

  • Providing medical consultations and treatments
  • Monitoring your health and treatment progress
  • Coordinating care with other healthcare providers
  • Emergency medical treatment when necessary

Administrative Purposes:

  • Scheduling and managing appointments
  • Processing payments and insurance claims
  • Maintaining accurate medical records
  • Communicating about your care and treatment

4.2 Secondary Purposes

Service Improvement:

  • Analyzing treatment outcomes and effectiveness
  • Quality assurance and clinical audit
  • Staff training and development
  • Service planning and development

Communication:

  • Sending appointment reminders and confirmations
  • Providing test results and treatment updates
  • Sharing important health and safety information
  • Marketing communications (with your consent)

Legal and Regulatory:

  • Complying with professional standards
  • Meeting NHS contractual obligations
  • Responding to legal requests and investigations
  • Maintaining required records and documentation

5. Information Sharing and Disclosure

5.1 Healthcare Partners

NHS and Healthcare Providers:

  • Your GP and referring healthcare providers
  • NHS systems for continuity of care
  • Specialist consultants and healthcare professionals
  • Emergency services when medically necessary

Insurance and Payment:

  • Private medical insurance companies
  • Payment processing services
  • Credit reference agencies (for payment plans)

5.2 Service Providers

Technology and Support Services:

  • IT support and cloud storage providers
  • Website hosting and maintenance services
  • Appointment booking and management systems
  • Communication and marketing platforms

Professional Services:

  • Legal advisors and accountants
  • Auditors and regulatory consultants
  • Medical equipment and laboratory services

5.3 Legal Requirements

Regulatory Bodies:

  • Care Quality Commission (CQC)
  • General Medical Council (GMC)
  • General Optical Council (GOC)
  • Information Commissioner's Office (ICO)

Legal Authorities:

  • Courts and tribunals
  • Police and law enforcement
  • Government agencies and departments
  • Professional indemnity insurers

6. Data Security and Protection

6.1 Technical Safeguards

Encryption and Security:

  • All data transmitted using SSL/TLS encryption
  • Secure storage with industry-standard encryption
  • Regular security updates and patches
  • Multi-factor authentication for staff access

Access Controls:

  • Role-based access to patient information
  • Regular access reviews and updates
  • Secure user authentication systems
  • Audit trails for all data access

6.2 Physical Security

Premises Security:

  • Secure access controls to all facilities
  • CCTV monitoring and alarm systems
  • Locked storage for physical records
  • Clean desk and clear screen policies

Equipment Security:

  • Encrypted devices and secure disposal
  • Regular backup and recovery procedures
  • Secure destruction of confidential waste
  • Mobile device management policies

6.3 Staff Training and Policies

Data Protection Training:

  • Regular staff training on data protection
  • Confidentiality agreements for all staff
  • Clear policies and procedures
  • Incident reporting and response procedures

7. Data Retention

7.1 Medical Records

Adult Patients:

  • Medical records retained for 8 years after last treatment
  • Mental health records retained for 20 years
  • Maternity records retained for 25 years

Pediatric Patients:

  • Records retained until 25th birthday or 8 years after death
  • Longer retention for certain conditions as required

7.2 Other Information

Administrative Records:

  • Appointment records: 2 years
  • Financial records: 7 years
  • Insurance records: 6 years
  • Website data: 2 years (unless longer retention required)

Marketing and Communications:

  • Marketing consent records: Until consent withdrawn + 1 year
  • Website analytics: 26 months
  • CCTV footage: 30 days (unless incident reported)

7.3 Secure Disposal

All personal data is securely destroyed at the end of the retention period using certified data destruction services, secure shredding for physical documents, cryptographic erasure for digital data, and certificates of destruction are provided.

8. Your Rights Under GDPR

You have the following rights under data protection law:

8.1 Right of Access

You have the right to request copies of your personal data, information about how we use your data, details of who we share your data with, and we will respond within one month of your request.

8.2 Right to Rectification

You have the right to correct inaccurate personal data, complete incomplete personal data, update outdated information, and we will notify third parties of corrections where appropriate.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of personal data, subject to legal and professional obligations. Medical records may need to be retained for legal reasons, and we will explain if erasure is not possible.

8.4 Right to Restrict Processing

You have the right to limit how we use your personal data, request temporary restriction while disputes are resolved, storage only with your consent, and we will notify third parties of any restrictions.

8.5 Right to Data Portability

You have the right to receive your data in a structured format, transfer data to another healthcare provider (where applicable), and this applies to data provided with consent or for contract performance.

8.6 Right to Object

You have the right to object to processing based on legitimate interests, object to direct marketing at any time, and object to processing for research purposes. We will stop processing unless compelling legitimate grounds exist.

8.7 Rights Related to Automated Decision Making

You have the right not to be subject to automated decision making, the right to human intervention in automated processes, and the right to challenge automated decisions. Currently, we do not use automated decision making for medical decisions.

9. Data Subject Access Requests (SARs)

9.1 How to Submit a SAR

You have the right to request access to your personal data held by CES Medical. This is known as a Data Subject Access Request (SAR). To submit a SAR, please contact us with the following information:

  • Your full name and date of birth
  • Your contact details (email and/or phone number)
  • A clear description of the personal data you are requesting
  • Any specific dates or time periods relevant to your request
  • Your relationship to CES Medical (patient, website visitor, etc.)

9.2 How to Contact Us for a SAR

By Email: karolina@cesmedical.co.uk
By Post: CES Medical Ltd, Maidstone Innovation Centre, Gidds Pond Way, Weavering, Maidstone, England, ME14 5FY
By Phone: 07795744533 or 01634 963222

9.3 Response Timeframe

We will respond to your SAR within one calendar month of receipt. If your request is complex or we receive multiple requests, we may extend this period by up to two additional months. We will inform you of any extension and the reasons for it.

9.4 Fees

We do not charge a fee for responding to a SAR unless your request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to respond.

9.5 What We Will Provide

In response to your SAR, we will provide you with copies of your personal data in a commonly used electronic format (where technically feasible), information about the purposes of processing, the categories of personal data, the recipients of your data, and the retention period for your data.

10. Cookies and Website Technologies

10.1 Types of Cookies We Use

Essential Cookies:

  • Session management and security
  • Website functionality and navigation
  • Form submission and error handling
  • These cookies are necessary for website operation

Analytics Cookies:

  • Google Analytics for website performance
  • User behavior and site improvement
  • Anonymized data collection
  • Opt-out available through browser settings

Marketing Cookies:

  • Social media integration
  • Advertising and remarketing
  • Third-party marketing platforms
  • Require explicit consent

10.2 Managing Cookies

Browser Controls:

  • Most browsers allow cookie management
  • You can block or delete cookies
  • Blocking cookies may affect website functionality
  • Instructions available in your browser's help section

Opting Out:

  • You can opt out of marketing cookies at any time
  • Use the cookie consent banner on our website
  • Contact us to update your preferences

For more detailed information about cookies, please see our Cookie Policy [LINK TO COOKIE POLICY].

11. Cross-Border Data Transfers

Some of our service providers may be located outside the United Kingdom. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the UK government
  • Adequacy decisions where applicable
  • Your explicit consent where required

We only transfer data to countries with adequate data protection or where we have implemented appropriate safeguards.

12. Complaints and Enforcement

12.1 Contacting Us

If you have any concerns about our use of your personal information, please contact us at:

  • Email: karolina@cesmedical.co.uk
  • Phone: 07795744533
  • Mail: CES Medical Ltd, Maidstone Innovation Centre, Gidds Pond Way, Weavering, Maidstone, England, ME14 5FY

We will acknowledge your complaint within 5 working days and aim to resolve the matter within 30 days.

12.2 Information Commissioner's Office (ICO)

You have the right to lodge a complaint with the Information Commissioner's Office if you believe we have violated your data protection rights.

The ICO's contact details:

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: https://www.ico.org.uk

13. Changes to This Privacy Policy

We keep our privacy policy under regular review. Any changes will be posted on this page with an updated "Last Updated" date. We recommend reviewing this policy periodically to stay informed about how we protect your personal data.

For any questions about this Privacy Policy, please contact our Data Protection Officer:

Mrs Karolina Ker
Email: karolina@cesmedical.co.uk
Telephone: 07795744533

Book an apppointment
Quick Links
Home
About Us
NHS Services
Private Services
Eye Conditions
Company
Certificates
ISCAS Subscription
Cyber Accreditation
Data Protection Registration
IHPN Membership
Data Security and
Protection Toolkit
Educational Material
Conditions and Treatment
News
Researches
IPL Laser Therapy Leaflet
Cataract Leaflet
SLT Leaflet
YAG Leaflet
Oculoplastic Procedures
Intravitreal Injection Leaflet
Treatments
Laser Procedures
Retina Surgery
Cornea Surgery &
Procedures
Corneal Treatments
Governance/Legal
Modern Slavery
Patient Access Policy
Recruitment and Selection Policy
Anti Bribery and Corruption Policy
Whistleblowing
Supplier Code of Conduct
Quality Statement
PSIRF (Patient Safety Incident Response)
Website Accessibility
NHS Patients Complaints
Private and Self-Pay Patients Complaints
Private Patients Terms and Conditions
Contact
support@cesmedical.co.uk
01634 963222
Hospitals
CES Medical - Chatham
CES Medical - Headcorn
CES Medical - Tunbridge Wells
CES Medical, copyright 2025. All Rights Reserved. | Privacy Policy | Cookies | by Alastra Labs