PRIVACY POLICY

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It came into effect on 25th May 2018.

GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual's data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals.

Midwife Millar is committed to protecting the rights and freedoms of individuals with respect to the processing of clients’ personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly. GDPR includes eight rights for individuals:

1) The right to be informed ‘Midwife Millar' services are provided by Midwife Millar. Midwife Millar is a business owned and managed by Lara Basini, and provides private midwifery care including birth preparation, birth trauma support, and email and telephone consultations.

The basis on which I keep client data is that of “ Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together and that it is data that you would reasonably expect me to hold and use. For those who enquire about my services, the data I hold includes any information you have sent me by email or text. For those who book, the data I hold includes:

• Basic information such as name, email address, phone number

• Information that you give me as part of the work I do

• Records of what was documented at each appointment

• Emails, texts and/or messages that are sent between us

Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is (précised from the Act) “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.

Data is not shared with anyone, and is used to enable me to provide midwifery care, support or therapy for you. It may also be used for statistical purposes within my business. Midwife Millar may use an accountant, who will have access only to names attached for payments and the purposes of payments.

Midwife Millar may use Cookies on their website to collect data for Google Analytics, this data is anonymous.

Cookies are small pieces of information that are stored by your browser on your device’s hard-drive. They are used to distinguish individual users, and help us improve our website. Analytics and search engines providers that assist us in the improvement and optimisation of our site may collect data about your IP and computer set up.

2) The right of access Lara Basini, of (enter business address) is the named data controller for Midwife Millar. At any point an individual can make a request relating to their data and Midwife Millar will need to provide a response (within 1 month).

3) The right to rectification. You have the right to request that any inaccurate personal data is rectified, or completed if it is incomplete. You can make a request for rectification verbally or in writing and Midwife Millar will need to provide a response (within 1 month).

4) The right to erasure You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Midwife Millar has a legal duty to keep individual details for a reasonable time (records will be retained for 7 years after using Midwife Millar services). This data is archived electronically and in paper form securely onsite and shredded after the legal retention period.

5) The right to restrict processing Clients can object to Midwife Millar processing their data. This means that records can be stored but must not be used in any way, for statistical reports or for research.

6) The right to data portability You have the right to receive personal data you have provided to Midwife Millar in a structured, commonly used and machine readable format. You also have the right to request that Midwife Millar transmits this data directly to another controller. The right to data portability only applies when: the lawful basis for processing this information is consent or for the performance of a contract; and you are carrying out the processing by automated means (i.e. excluding paper files). Information is only within the scope of the right to data portability if it is personal data that has been provided to Midwife Millar (e.g. address, age). This also includes personal data resulting from observation of an individual’s activities (e.g. where using a service).

7) The right to object Individuals can object to their data being used for certain activities like marketing or research. Midwife Millar will only use your details with your permission as part of a secure mailing list to email you details of future Midwife Millar services that may be of interest to you. These details will never be used for any other form of marketing nor be given to another organisation for marketing their own products and services.

8) The right not to be subject to automated decision-making including profiling. Automated decisions and profiling are used for marketing-based organisations. Midwife Millar does not use personal data for such purposes.

Storage and use of personal information All paper copies of individual records are kept in a locked filing cabinet (accessed only by Lara Basini) in Midwife Millar offices. All information is confidential and these records remain on site at all times, including for archiving. These records are shredded after the retention period. Midwife Millar stores personal data held visually in birth stories, photographs or video clips or as sound recordings, only where full written consent has been obtained. No full names are stored with images in photo albums, displays, on the website or on Midwife Millar social media sites. Data of names, email addresses and telephone numbers are held electronically on a computer hard drive and on a cloud storage system. Access to all office computers, cloud accounts and to websites is password protected. GDPR means that Midwife Millar must: * Manage and process personal data properly * Protect the individual’s rights to privacy * Provide an individual with access to all personal information held on them If there is any breach of data security, Midwife Millar will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.