Consent

Purpose of consent

Health-related answers in the questionnaire usually require consent under Art. 9 GDPR. The purpose is preparing and conducting optometric counselling and evaluating questionnaire responses within screening by the optometrist — not automated medical diagnosis and no AI-based evaluation in the current product configuration.

The customer should be informed that the evaluation does not replace an ophthalmological examination and that they should seek medical clarification if anything is flagged.

Scope of processing

The scope covers personal data collected in the questionnaire, insofar as they may constitute health data within the meaning of Art. 9(1) GDPR (e.g. symptoms, medical history, medication). These data are processed by the optometrist responsible for the consultation and by the technical service provider (platform), where necessary to operate the application.

Controllers and processing: In practice, the optometric practice is often the controller in the customer relationship; the platform may act as a processor or, depending on the setup, also as a controller. The exact allocation of roles must be set out contractually and in your practice’s privacy policy.

Versioning

Store the version and time of consent (e.g. together with questionnaire status) so it remains traceable which wording the customer agreed to. If notices or the questionnaire change materially, assess whether new information and possibly new consent are required.

Withdrawal

Data subjects may withdraw consent at any time with future effect (Art. 7(3) GDPR). Withdrawal does not affect the lawfulness of processing based on consent before withdrawal. Technical and organisational steps (e.g. withdrawal in the app, written withdrawal) should be described in your privacy policy.

Minors: Check capacity to consent and obtain legal guardian consent where required by law.

Related documents

• Legal information & privacy — overview
• Privacy policy
• Data subject rights