General Data Protection Regulations

The General Data Protection Regulations (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU. 

Right to be Informed

Please see our privacy notices for each Optalis service which set out how we collect, use your personal information and how long we keep it for.

Freedom of Information (FOI)

The Freedom of Information Act 2000 provides public access to information held by public authorities, including Optalis. Public authorities are obliged to publish information about their activities; and members of the public are entitled to request information from public authorities. Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.

The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. A subject access request under the Data Protection Act is needed to obtain this, and can do so by contacting our Data Subject Access Request Team via For FoI requests, please contact Please read the information below.

ICO Guide to Freedom of Information

Data Subject Access Requests

You are able to find out what information we hold about you, and to verify how it's being used. We are able to refuse requests when they are manifestly unfounded or excessive, in particular because they are repetitive. We can also charge a reasonable fee in these circumstances; otherwise, there is no fee involved. Please contact our Data Subject Access Request Team via

What if information about me is inaccurate?

If you are aware of any information that we hold about you is inaccurate or incomplete, please notify us of this and provide what needs rectifying and any evidence that supports the changes needed.

What if I want information to be deleted or restricted?

You have the right to have personal information erased in certain circumstances. You may know of this as the 'right to be forgotten' or 'right to erasure'. If information cannot be deleted, then we may restrict the processing of the information instead.

How long do you have to comply with my request?

We have 1 month from the date of receipt to issue a response, and either release the information to you, make the changes required, or inform you as to why we are unable to comply. In complex cases we can extend this by 2 months but we will inform you within the 1 month period. Until further guidance is published, we consider 1 month to equate to 30 days.

More information

To find out more about data protection see the Information Commissioner's Office website.

Contact us

If you have any queries about GDPR / Data Protection, please contact our Data Protection Team on