Privacy Policy

Last Updated: 11.04.2024

Cathedral Health, a company part of the Cathedral Eye Clinic group) (“us”, “we”, or “our”) operates (the “Site”). This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the Site.


  • Personal Information: Any information that directly, indirectly, or in connection with other information, including a personal identification number, makes an individual identifiable or identifiable. Examples of Personal Information include but are not limited to name, email address, phone number, healthcare number, IP address, and cookies.
  • Log Data: Information that your browser sends whenever you visit our Site, which may include your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
  • Cookies: Small files stored on your computer or device by your web browser. They contain data (such as website preferences or login credentials) to enable websites to recognize your device.
  • CRM (Customer Relationship Management): CRM refers to the management of customer interactions and data to improve customer service, marketing, and sales efforts. It involves collecting and organising customer information for better communication and personalised experiences.
  • Cache: Cache is a temporary storage mechanism used to store frequently accessed data or website elements, such as images and scripts, to improve website performance and speed up page loading times. Caching reduces the need for repeated data requests, enhancing user experience and minimising server load.
  • Advertising Pixels: Advertising pixels are website code snippets that track user interactions for advertising purposes. They help advertisers measure ad effectiveness, personalise content, and retarget users. Data collected may include IP addresses, browser details, and site interactions. 
  • Marketing Communications: Promotional materials, newsletters, or other communications sent to you regarding our products, services, or events.
  • GDPR: The General Data Protection Regulation, a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
  • Data Subject: An individual who can be identified, directly or indirectly, by reference to Personal Information.


Information Collection and Use:

We use your Personal Information for providing and improving the Site, as well as for marketing communications. By using the Site, you agree to the collection and use of information in accordance with this policy.

Log Data:

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.


  • Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
  • Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.


  • Purpose: We employ caching mechanisms on our WordPress website to enhance performance and reduce server load, ensuring a smoother browsing experience for users.
  • Data Collection: Caching may temporarily store non-personally identifiable information such as IP addresses, browser types, and device types. This data is used solely for optimising website performance and is not linked to identifiable individuals.
  • Use of Cookies: Cookies may be utilised for caching purposes, aiding in technical processes without containing personally identifiable information.
  • Data Retention: Cached data is stored temporarily and automatically expires after a specified period or manual clearance, with no retention beyond necessary timeframes.
  • Purpose: We utilise CRM (Customer Relationship Management) systems such as WordPress and Salesforce to manage customer interactions, streamline communications, and enhance service delivery.
  • Data Collection: Personal information voluntarily provided by users, such as names, email addresses, and appointment details, may be stored securely within CRM systems.
  • Use of Personal Information: Information stored in CRM systems is used solely for communication, appointment scheduling, and service provision, with no sharing with third parties without explicit consent or legal requirement.
  • Data Retention: Personal data is retained only as long as necessary for the outlined purposes or as required by legal obligations, with appropriate security measures in place to protect against unauthorised access or disclosure.

Use of Personal Information for Marketing:

By submitting a form on our website, you consent to the storage of your Personal Information, including your phone number and email address, for marketing purposes. We may use this information to send you promotional emails, newsletters, or contact you regarding our products and services. If you would prefer us not to use your personal data for marketing purposes, please contact us by email at [], and we will remove you from our distribution. You will be asked for identification verification before any information is discussed with you.

Retention of Data:

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. You may request details of personal information that we hold about you. An official fee will be payable. If you wish to make a request, please write to us by email to Joyce at You will be asked for identification verification before any information is discussed with you.

Data Removal:

If you wish to have your data removed from our databases or no longer wish to receive marketing communications from us, please contact us at []. You will be asked for identification verification before any information is discussed with you. Under the General Data Protection Regulation (GDPR), you have the right to request access to, rectification of, or erasure of your personal data held by us. You also have the right to restrict or object to processing of your personal data. You can exercise these rights by contacting us using the contact details provided.

Analytics, including Google Analytics:

We may use third-party Service Providers, such as Google Analytics, to monitor and analyse the use of our Site. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: Google Privacy & Terms

Advertising (Including Meta Advertising):

We utilise advertising features, such as the Facebook pixel, to deliver advertisements on various platforms, including but not limited to the Meta (formerly Facebook) platform. These advertising tools may collect information about your browsing behaviour on our website to provide you with personalised advertisements. The data collected through these advertising tools is used in accordance with the respective platform’s data policies. For instance, information collected by the Facebook pixel is governed by Facebook’s Data Policy. To learn more about the advertising practices of the platform, please refer to their respective data policies. You can find Facebook’s Data Policy at: Facebook Data Policy link.

Third-Party Websites Disclosure:

Our website may contain links to other websites. Should you click on these links, we do not have any control over the privacy policies of the websites at which you will arrive. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement applicable to the website in question.

In the unlikely event that Personal Information is compromised as a result of a breach of security, we will promptly notify those persons whose Personal Information has been compromised, in accordance with the notification procedures set forth in this Privacy Policy, or as otherwise required by applicable law.

In the unlikely event of a data breach compromising the security of Personal Information, we have established the following notification procedure:

1. Detection and Assessment:

  • Upon detection or suspicion of a data breach, the designated personnel responsible for data protection will promptly assess the situation to determine the scope and severity of the breach.

2. Notification Decision:

  • Based on the assessment, we will determine whether the breach is likely to result in a risk to the rights and freedoms of individuals. If so, we will proceed with notification in accordance with applicable laws and regulations.

3. Notification Timeline:

  • Notifications will be made without undue delay and within the timeline specified by relevant data protection laws or regulations. The timeline may vary depending on the jurisdiction and the severity of the breach.

4. Notification Recipients:

  • Affected individuals: Individuals whose Personal Information has been compromised will be notified directly, using the contact information available in our records.
  • Data protection authorities: If required by law, we will notify the relevant data protection authorities of the breach.
  • Other stakeholders: Depending on the nature of the breach, other stakeholders such as partners, vendors, or regulators may also be notified as necessary.

5. Contents of Notification:

    • The notification will include relevant details about the breach, including:
    • Description of the breach and its potential impact.
    • Steps taken or recommended for affected individuals to mitigate risks.
    • Contact information for further inquiries or assistance.
  • Notifications will be clear, concise, and easy to understand.

6. Method of Notification:

  • Notifications may be sent via email, postal mail, telephone, or any other appropriate means of communication depending on the circumstances and the contact information available for affected individuals.

7. Documentation and Record-Keeping:

  • All communications related to the data breach, including notifications sent and received, will be documented and retained for record-keeping purposes.

8. Continuous Improvement:

  • Following any data breach incident, we will conduct a thorough review and analysis to identify areas for improvement in our data protection measures and response procedures. Adjustments will be made as necessary to enhance our ability to prevent and respond to future breaches.

9. Coordination with Authorities and Experts:

  • We will cooperate fully with relevant authorities and engage appropriate experts or professionals as needed to address the breach and mitigate its impact.

10. Communication and Transparency:

  • We are committed to maintaining open communication and transparency throughout the data breach response process, both internally and externally, to foster trust and confidence in our handling of the situation.

Changes to This Privacy Policy

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Contact Us:

If you have any questions about this Privacy Policy or wish to exercise your rights under GDPR legislation, please contact us at