Cookies and privacy policy

Privacy Policy

How we collect and use your information and health records

At Moorfields Eye Hospital NHS Foundation Trust (‘Moorfields’, ‘us’ or ‘we’), we are committed to protecting your privacy. Please read this Privacy Notice to find out how we use your information and what your rights are. This notice applies to personal data provided to us, both by individuals themselves or by third parties. We process your personal information lawfully, fairly and transparently, and only where we have a lawful basis to do so.


What we do

Moorfields Eye Hospital NHS Foundation Trust is the leading provider of eye health services in the UK and a world-class centre of excellence for ophthalmic research and education. We have a reputation, developed over two centuries, for providing the highest quality of ophthalmic care. Our 2,300 staff are committed to sustaining and building on our pioneering legacy and ensuring we remain at the cutting edge of developments in ophthalmology.


How we use your information

It would not be appropriate to rely on consent as a legal basis for processing your information in order to provide you with direct care. This is because it is necessary for us to use your personal information in order to provide you with safe and effective care, as a public healthcare provider. We are also obliged by law to record details of the care and treatment we provide to you. We cannot do this without your personal information, therefore it would not be appropriate to rely on your consent. For this reason, instead of consent, we rely on specific provisions under the law, such as ‘in the exercise of official authority vested in the controller’, under a ‘legal obligation,’ or as ‘a task carried out in the public interest.’

This means we use your personal information to provide you with your direct care without seeking your consent. However, you do have the right to object to our use of your information. We will consider your objection but if we comply with your wishes we will explain how this could have an impact on our ability to provide you with care. It also means that you do not have the right to be forgotten as we are legally obliged to keep your information, and do so under the Records Management Code of Practice for Health and Social Care 2021.


Using your record for your care

Your personal health record, which includes your name, address and date of birth, will be used to:

  • Make sure that decisions about your care and treatment are always based on accurate, up-to-date information.
  • Sharing information with other NHS organisations or social care providers where there is a lawful requirement to do so, for example your GP, other NHS hospitals and local Authorities.
  • Investigate any concerns or complaints raised by you or your family measure the outcomes of your treatment and ensure the service/care provided to you is excellent. However we will use minimal amount of personal information for this purpose.
  • Incidents.
  • Public bodies such as NHS Digital, Commissioners, Public Health England but only where there is a legal requirement to share personal information.


Using it for other purposes:

Most of your information we process will be for direct healthcare purposes; however, there are other important reasons that we may need to process your personal information. For example:

  • As a public healthcare provider to conduct health and social care research under the UK Policy Framework for Health and Social Care Research (please note that any published data is anonymised).
  • As a world-class centre of excellence in ophthalmic education, we may use your information including images, but any information used is anonymised otherwise we would seek your consent.
  • Unless we are under a legal obligation, where information is to be used beyond direct care purposes we would make you aware of the processing and seek your consent to use your information.
  • We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is another lawful basis for processing.
  • We will only use enough of your personal information that is relevant and necessary for us to carry out various tasks within the delivery of your care or for other lawful reasons.

We will keep your information accurate and up to date when using it and, if it is found to be wrong, we will make it right, where appropriate, as soon as we can. However, where it is part of your health record, we are obliged to keep records of any changes, and so the incorrect information may not be erased, but instead would be crossed out with the correct information entered with a note.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. You can find details of how long we keep information for in the Records Management Code of Practice for Health and Social Care 2021.


Protecting your privacy

Your health records are confidential. Your privacy is protected under the:

  • Common law duty of confidentiality
  • General Data Protection Regulations 2016
  • Data Protection Act 2018
  • Human Rights Act 1998

Everyone who works for the NHS has a legal duty to maintain the highest level of confidentiality.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We have secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


How you can help us to keep your health record up to date

  • Let us know when you change address or name
  • Keep a note of your unique NHS number
  • Tell us if any information in your record is incorrect
  • Tell us if you change your mind about how we share the information in your record
  • Don’t let anyone – insurers, mortgage lenders, employers, solicitors – look at your records unless you are sure it is necessary for your purposes


Accessing your health record

To see a copy of your health record, or for further information about our records system, please contact our health records manager, the details can be found below.

If at any point you believe the information we process on you is factually incorrect you can request to see this information and even have it corrected or deleted. However, rather than delete information in your health record, we are usually obliged to cross it out and add the correct information with a note on to the record.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate and respond to your concerns.


How long we keep your information for

We are required under UK legislation to keep your information for the full retention periods as specified by the NHS Records Management Code of Practice for Health and Social Care.

More information on records retention can be found online.


Your rights

Under certain circumstances, you have rights under data protection legislation in relation to your personal information. These rights include:

  • Requesting access to your personal information – You are able to apply for a copy of personal information held about you free of charge. This process is called a subject access request
  • Requesting correction of your personal information – This would apply if factual information held such as name, address or health information was incorrect. In this instance we usually be obliged to cross it out and add the correct information with a note on to the record. We would consider any requests regarding any professional opinions that may be in your records; however, we are not legally obliged to change them, but may enter a note on your comments.,
  • Requesting erasure of your personal information – The right may apply if the information was no longer needed for your healthcare or it had been kept for longer than set out in the NHS Records Management Code of Practice, unless there is an overriding legal obligation for us to keep it.
  • Objecting to processing of your personal information – You can object to us processing your information if there was no overriding legal reason for us to do so.
  • Requesting restriction of processing your personal information – You can request to restrict processing of some of the information held about you in certain circumstances, such as instances where you believe it would cause you distress. Where this is the case we will discuss with you how the restriction this may have an impact your ongoing care .
  • Requesting transfer of your personal information – This right would generally not apply for health related information as this information would be shared as part of ongoing direct care with another provider
  • Right to withdraw consent – You can opt-out of activities where the basis of us using your information is consent such as marketing or research,

If you wish to exercise your rights in relation to the above please contact Moorfields Eye Hospital Data Protection Officer, the details can be found below.


How the NHS and care services use your information

Moorfields Eye Hospital NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected to help ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatment and preventing illness. All of these help to provide better health and care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way.

To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit If you do choose to opt out you can still consent to your data being used for specific purposes.

If you are happy with this use of information you do not need to do anything. You can change your choice at any time.


Last updated: 16th October 2018

Health Records Department

Health Records Department

Moorfields Eye Hospital NHS Foundation Trust

162 City Road



Call us Email the Health Records Department

Data Protection Officer

Data Protection Officer

Information Governance Department

Moorfields Eye Hospital NHS Foundation Trust

162 City Road



Call us Email the Data Protection Officer

Information Commissioner's Office

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Information Commissioner’s Office

Wycliffe House

Water Lane





ICO website:

Call the ICO helpline

About cookies

 Cookies are small digital text files that are used to store pieces of information. They are stored on your digital device, as a form of digital memory, when the website is loaded on your browser (Safari, Chrome, Firefox, Edge etc). These cookies remember bits of information about your use of the Moorfields Eye Hospital / Moorfields Private Care website. They then help us make the website function properly, make it more secure, provide a better user experience, and understand how the website performs and to analyse what works and where it needs improvement. Cookies are not viruses or computer programs. They are very small so do not take up much space.


Cookie function

  • Performance Cookies: Performance cookies monitor site performance and follow user actions, but they do not collect identifiable information – they collect data anonymously and use it to improve the website. Performance cookies can count page visits, examine how much time a user has spent on a website, as well as analyse loading speeds to improve performance.
  • Functional Cookies: Functional cookies are used to enhance the performance of a website as without them certain functions may not be available. Functional cookies are not vital for a website to run, but they allow one to remember user preferences and settings.
  • Targeting Cookies: Also known as advertising cookies are used to target ads to the interests of users, based upon previous web browsing activity.


Cookie duration

  • Session cookies are temporary and only last for the duration of the visit to the site. When the browser closes the cookie session ends.
  • Persistent cookies are stored on the visitor’s digital device until deleted, or until they reach their expiry date.


Types of cookies

  • First-party cookies are created by the host domain and are collected from visitors directly, enabling a better experience on the site. They are supported by all browsers and can be blocked or deleted by the user.
  • Second party cookies include first-party data that one company creates and transfers to another as part of a data-sharing partnership, typically for advertising. Moorfields Eye Hospital NHS Foundation Trust do not use second party cookies.
  • Third-party cookies can be set by another entity, a third-party server, via code loaded on the host website. A third-party cookie is accessible on any website that loads the third-party server’s code. They are supported by all browsers, but many are blocking the creation of third-party cookies by default. These cookies track the same information as first-party cookies, sometimes more, and are also called tracking cookies or targeting cookies.


You can opt-out of the additional cookies by choosing 'Reject additional cookies' using the cookie pop-up banner that appears the first time you visit the website.  If you have previously consented to additional cookies, and would like to change your mind, you can click on the 'C' cookie icon in the left-hand corner of the page and update your preferences.

Preferences for essential cookies can only be managed via your own browser; further information on how to manage cookies more generally is detailed below.

You can also learn more about cookies and how to manage them yourself at


What cookies do we place?

In addition to the cookies set by our website, a visit to this site will also set cookies from other services that we have decided to use in order to help improve our site.  These services are described below.


All Response Media Ltd.

We use All Response Media Ltd. for our analysis and optimisation and they utilise your non-personal data to plan and optimise media campaigns to most effectively deliver our marketing strategies and ensure the ads that you receive from us are relevant to you. They do this through Analysis and Targeting cookies.

  • Analysis cookies are used to profile user behaviour and optimise marketing campaigns e.g. we may track which creative and medium has more resonance with the target audience. This is designed to ensure relevant ads are served to you, to deliver a better experience with the brand.
  • Targeting cookies use the insight from the analysis to match the user with the relevant product and services. This includes re-targeting a user as part of a digital audience (a grouping of cookies with similar interests based on the insight - not an individual) after they visited our publisher’s websites. 

We use the Tag4ARM to measure site visits and conversions and overlay this with offline advertising to measure the impact of the media. This tag might activate cookies from Carbon, Neilson and DoubleClick Bid Manager to build digital audiences related to offline advertising (dependent on agreed engagement). We use this data to produce results that measure and optimise the media effectiveness. Digital audiences might be used for re-targeting (dependent on agreed engagement).


Google Analytics

We use this service to track and monitor website usage. We have chosen to enable features of this service known as 'advertiser features'. These features benefit us by allowing us to see more information about how this website is used. By enabling these features we enable Google Analytics to collect data about site traffic via Google advertising cookies and anonymous identifiers.

If you would rather that your visits to this website are not recorded then please consider looking at Google Analytics' currently available opt-outs.



Certain videos on our site are embedded from YouTube. YouTube sets cookies when a user visits our pages with video embeds. 

Learn more about YouTube’s data usage


Meta (Facebook)

The specific cookies used by the Facebook pixel can vary over time as Facebook updates its technology and privacy policies. 



We may embed Soundcloud tracks to offer audio versions of pages including our news, blogs, Moorfields Magazine and events. Soundcloud and their  service providers may use cookies and other tracking technologies for storing information, including pixels (also known as a “web beacon” or “clear GIFs”), local storage, and device identifiers, to help provide, protect and improve the Platform.  

Read for more information about Soundcloud's cookie policy



We use this service to help us better understand how you are using our website and how we can make it better through a range of tools such as heatmaps, feedback polls and surveys.

You can read Hotjar's cookie information for further information.


Crazy Egg

We use this service to help us better understand how you are using our website and how we can make it better through a range of tools such as usage patterns, A/B performance testing and for assessing the website’s performance.

You can read Crazy Egg's cookie information for further information.


Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

How to manage your browser cookie settings

If you would like to prevent cookies from being set by this site, or any other, the following links will assist in that aim:

General information on how to manage your choices online and

Data Protection Act 2018 


Opt out of cookies

If you would like to opt out of cookies please follow the links below:


Opt of out of seeing personalised ads



Changes to this statement

We reserve the right to make changes to this statement without notice and at our sole discretion.

We recommend you check this page regularly to make sure you are familiar with these changes. 




Any information submitted through forms on the website is transferred to us by email, and will be dealt with by us in accordance with data protection legislation. Emails are not encrypted before being sent to us and, as the internet is not always totally secure, users are sending the information at their own risk.



Content on this website is subject to Moorfields Eye Hospital NHS Foundation Trust and Moorfields Private copyright.

protection unless otherwise stated. Where copyright applies, visitors can download material for private research, study or in-house use only. Visitors must not copy, distribute, or publish any material from this website. Any other use of copyright material requires the permission of the trust. If you wish to use this information for commercial purposes then, in accordance with the Regulations on the Re-use of Public Sector Information 2005, you must first ask our permission. Such re-use may or may not involve the granting of a licence and the application of a fee.

Where images of people appear on this site, those people have given their consent for the use of the images for this site. The use of those images for any other purpose would constitute a breach of confidentiality on the part of the person using them for that other purpose.

If you have any questions about copyright, please contact us.


Email disclaimer

The following information relates to email sent by Moorfields Private.

Please note as recipient of this email:

This email is intended solely for the addressee. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email it back to the sender and then immediately permanently delete it.

Unless otherwise expressly agreed by the sender of this email, this communication may contain privileged or confidential information which is exempt from disclosure under English law and this information may not be used or disclosed except for the purpose for which it has been sent.

Contracts may only be concluded on behalf of Moorfields Private by authorised signatories and not by email communication. No employee or agent of Moorfields Private is authorised to conclude any binding agreement on behalf of Moorfields Private with another party by email without the express written confirmation of an authorised signatory.

Any views expressed by the sender of this email are not necessarily those of Moorfields Private. Moorfields Private employees are expressly requested, among other things, not to make any defamatory, threatening or obscene statements and not to infringe any legal right (including any infringement of copyright) by email communication. Any such communication is contrary to Moorfields Eye Hospital NHS Foundations Trust Internet and email policy (see below) and outside the scope of the employment of the individual concerned. Moorfields Private and Moorfields Eye Hospital NHS Foundation Trust will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liabilities arising.

The information contained in this email and any reply may be subject to disclosure under the Freedom of Information Act 2000.

Warning: computer viruses can be transmitted by email and you should be aware that emails may be intercepted by third parties. Any attachments to this email will be received as separate, the subject line of which will be the file name. You are advised to check this email and any attachments for the presence of viruses as neither Moorfields Private nor the sender accept responsibility for any viruses transmitted by this email and/or any attachments.

Please note: Moorfields Private does not generally engage in systematic monitoring activities although it reserves the right to do so where there is reason to believe that misuse of its computing facilities is occurring.