GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It came into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Better Birth & Baby is committed to protecting the rights and freedoms of individuals with respect to the processing of clients’ personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Better Birth & Baby is a business owned and managed by Debbie Willis. We provide hypnobirthing group courses and workshops and one-to-one hypnobirthing services for pregnancy and birth.
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (ie to provide therapy) and that it is data that you would reasonably expect me to hold and use.
For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message.
For those who book and attend at least one session, the data I hold includes:
- Basic information such as name, email address, phone number
- Information that you give me as part of the work we do together
- Records of what learning we have covered in our sessions
- Emails, texts and/or messages that are sent between us
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is (précised from the Act) “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, and is used to enable me to provide therapy for you. It may also be used for statistical purposes within my business.
Better Birth & Baby may use an accountant, who will have access only to names attached for payments and the purposes of payments.
2) The right of access
Debbie Willis, Better Birth & Baby, Mullion Barn, Hessett, Bury st Edmunds, Suffolk, IP30 9BQ is the named data controller for Better Birth & Baby.
At any point an individual can make a request relating to their data and Better Birth & Baby will need to provide a response (within 1 month).
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However Better Birth & Baby has a legal duty to keep individual details for a reasonable time*, Better Birth & Baby obtain these records for 7 years after using Better Birth & Baby services. This data is archived electronically and in paper form securely onsite and shredded after the legal retention period.
4) The right to restrict processing
Clients can object to Better Birth & Baby processing their data. This means that records can be stored but must not be used in any way, for statistical reports or for research.
5) The right to data portability
Better Birth & baby may require data to be transferred from one IT system to another; only to enable us to keep a record of names and telephone numbers of workshop attendees and in this case we will use secure file transfer systems.
6) The right to object
Individuals can object to their data being used for certain activities like marketing or research. Better Birth & Baby will only use your details with your permission as part of a secure mailing list to email you details of future Better Birth & Baby courses that may be of interest to you prior to your due date. These details will never be used for any other form of marketing nor be given to another organisation for marketing their own products and services.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. Better Birth & Baby does not use personal data for such purposes.
Storage and use of personal information
All paper copies of individual training records are kept in a locked filing cabinet in Better Birth & Baby offices (accessed only by Debbie Willis). All information is confidential and these records remain on site at all times, including for archiving. These records are shredded after the retention period.
Better Birth & Baby collects personal data every year including; names, telephone numbers and email addresses of those on the waiting list for a course or who have asked to be informed of future courses via a mailing list.
Better Birth & Baby stores personal data held visually in birth stories, photographs or video clips or as sound recordings, only where full written consent has been obtained. No full names are stored with images in photo albums, displays, on the website or on Better Birth & Baby’s social media sites.
Data of names, email addresses, telephone numbers is also held electronically on a computer hard drive and on a cloud storage system. Access to all office computers, cloud accounts and to websites is password protected.
GDPR means that Better Birth & Baby must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
If there is any breach of data security, Better Birth & Baby will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
This Policy was last updated by Better Birth & Baby on 22nd May 2018
betterbirthandbaby.co.uk (“I” “us”, “we”, or “our”) operates the https://betterbirthandbaby.co.uk/ website (the “Service”).
We are committed to protecting the privacy of your data. We wish to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
WHY WE COLLECT DATA
We collect information to allow us to provide you with the information or service you have requested from us; to provide you with information or services which we think you will be interested in; to understand how people use the information or services we provide on our Website; to tailor information and services we provide to ensure they are relevant to you; and so we can improve how we communicate with you and how we operate more generally.
By using the Service, you agree to the collection and use of information in accordance with this policy.
TYPES OF DATA COLLECTED
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Cookies and Usage Data
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.
You can adjust the settings on your browser to refuse all cookies or to indicate when a cookie is being sent if you wish. For more information please read the advice at AboutCookies.org
Examples of Cookies we use:
- Session Cookies: We use Session Cookies to operate our Service.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
- Security Cookies: We use Security Cookies for security purposes.
USE OF DATA
betterbirthandbaby.co.uk uses the collected data for various purposes:
- To provide and maintain the Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer care and support
- To provide analysis or valuable information so that we can improve the Service
- To monitor the usage of the Service
- To detect, prevent and address technical issues
TRANSFER OF DATA
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there.
DISCLOSURE OF DATA
betterbirthandbaby.co.uk may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of betterbirthandbaby.co.uk
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
SECURITY OF DATA
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
LINKS TO OTHER SITES
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.