Company: Optisoft Ltd
Registered Address: 7 Alpha Court, Monks Cross Drive, Huntington, York, YO32 9WN
Company Number: 2582940
Email: info@optisoft.co.uk
Telephone: 0333 002 0495
1. Who We Are
Optisoft Ltd is a provider of practice management software and related services to optical practices.
For the purposes of UK data protection law:
- Optisoft acts as a data controller in relation to personal data relating to customers, prospective customers, suppliers and business contacts.
- Optisoft acts as a data processor when processing patient or clinical data on behalf of practices using Optisoft software.
This Privacy Notice relates only to personal data for which Optisoft acts as a data controller.
2. Personal Data We Collect
We may collect and process the following types of personal data:
- Name
- Job title
- Business or practice name
- Business contact details (address, email, telephone number)
- Billing and payment details
- Account records and correspondence
- Technical support information
- Website usage information where relevant
We do not intentionally collect special category personal data unless required for technical support purposes.
Optisoft does not determine the purposes or means of processing patient clinical data stored within practice systems. This remains the responsibility of the practice using our software.
3. Source of Personal Data
We obtain personal data in a number of ways, including:
- Information provided directly by you when contacting us, requesting information, or entering into a contract with us
- Information provided by your organisation or practice where you are identified as a relevant contact for system administration, billing or communication purposes
- Information collected through use of our website or services
- Information obtained through industry events, referrals, or business introductions
- Publicly available business information such as practice websites, professional directories, or Companies House records
Where we obtain contact details from publicly available sources or third-party referrals, we use that information only for legitimate business purposes and in accordance with this Privacy Notice.
4. How We Use Personal Data
We use personal data to:
- Provide and support our software and services
- Manage contracts and billing
- Deliver installation and training
- Respond to enquiries and provide customer support
- Maintain account records
- Improve and develop our products and services
- Communicate important service updates
- Provide relevant business communications and industry information
- Inform customers about compatible services or integrations
5. Lawful Bases for Processing
We rely on the following lawful bases under UK GDPR:
Contractual necessity
Where processing is required to provide services under a contract.
Legal obligation
Where processing is required to comply with legal or regulatory obligations.
Legitimate interests
Where processing is necessary for the operation, development and promotion of our business, provided this does not override your rights or freedoms.
Consent
Where consent is required by law (for example, certain marketing communications).
Where we rely on legitimate interests, we conduct internal assessments to ensure processing remains fair, proportionate and transparent.
You have the right to object to processing based on legitimate interests at any time.
6. Marketing Communications
We may contact you regarding:
- Updates to Optisoft services or systems
- New modules or features
- Industry developments relevant to optical practices
- Complementary services compatible with Optisoft systems
You may opt out of marketing communications at any time by:
- Using the unsubscribe link in emails
- Contacting us directly
- Informing us during any phone call
We will respect your communication preferences.
7. Sharing Personal Data with Commercial Partners
We may share limited business contact details (such as name, role and business contact information) with selected commercial partners where:
- The partner provides services compatible with Optisoft systems
- The service may benefit practices using our software
- Customers have been informed in advance
- Customers are provided with a clear opportunity to object before any data is shared
This may include sharing business contact details with EVO Payments (Global Payments) for the purpose of discussing card payment solutions compatible with Optisoft software.
Before sharing contact information with partners:
- We will notify affected customers
- We will provide a clear opt-out mechanism
- We will not share data where an objection is received
Only necessary business contact details will be shared and patient data will never be disclosed.
Optisoft does not sell personal data.
8. Partner Introductions and Legitimate Interests
Where Optisoft introduces customers to selected partners whose services integrate with our systems, we do so because we believe the service may be relevant to the operation of the customer’s practice.
We only share limited business contact details necessary to facilitate that introduction. Customers are always informed before any sharing occurs and are provided with a clear opportunity to object.
If a customer objects to their information being shared with a partner, their details will not be shared and the objection will be recorded to prevent future introductions.
9. Market Research and Sales Data
Optisoft may share commercial sales data with NielsenIQ for the purpose of market analysis and industry benchmarking.
This data may include:
- Business name
- Branch identifier
- Product category codes
- SKU
- EAN / UPC
- Brand
- Model number
- Product description
- Units sold
- Retail sales value
This information:
- Does not include patient data
- Does not include financial account data
- Is used for aggregated market analysis and reporting
- Is not intended to publicly identify individual practices
Where data could relate to sole traders, it is treated as personal data and processed under legitimate interests.
Practices may opt out of participation in market research data sharing at any time by contacting us.
10. Data Security
Optisoft maintains appropriate technical and organisational measures to protect personal data, including:
- Access controls and authentication
- Secure system configuration
- Encryption where appropriate
- Malware protection and patch management
- Secure hosting environments
- Backup and disaster recovery procedures
Optisoft maintains current Cyber Essentials certification.
11. Data Retention
We retain personal data only for as long as necessary for:
- Contractual purposes
- Legal and regulatory requirements
- Legitimate business operations
Data is securely deleted when no longer required.
12. International Transfers
Optisoft primarily stores and processes data within the United Kingdom.
Where third-party service providers process data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR.
13. Your Rights
Under UK GDPR you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request erasure where applicable
- Restrict processing
- Object to processing based on legitimate interests
- Request data portability where applicable
- Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO website: https://ico.org.uk
14. Contact Details
For any data protection queries or to exercise your rights please contact:
Data Protection Lead
Optisoft Ltd
Email: info@optisoft.co.uk
Telephone: 0333 002 0495
15. Updates to This Notice
We may update this Privacy Notice from time to time.
The latest version will always be available on our website.
