I am committed to protecting your personal information and being transparent about what information I hold about you. Using personal information allows me to develop a better understanding of your needs and to provide you with the services agreed between us.
I use your information in accordance with all applicable laws concerning the protection of personal information.
This policy explains
What information I may collect about you
How I may use that information
In what situations I may disclose your details to third parties
How I keep your personal information secure, how I maintain it for you, and your rights to access it.
Who I am
I am Kat Galbraith, a birth, postnatal and bereavement doula. I am the sole owner of Inner Source, operating in the West Midlands.
How I collect your data
I collect various types of information and in a number of ways:
I keep brief written records for all my clients, which include names, address, telephone numbers, other contact details such as email addresses, and personal information which may be sensitive in nature. Information may also be collected electronically by email or text message.
Information from third parties. Where I have been given explicit permission to do so by a client, for example, when asked to obtain information on their behalf. I may record information given to me by third parties.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. Due to the nature of my work, sensitive information may be obtained in the form of hand written notes or electronically with client consent.
Legal basis for processing your data
There are three bases under which I may process your data:
When you book me as a doula. contracts are exchanged and you enter a contractual relationship with me. In order to perform this contract I need to process and store your data. For example I may need to contact you by email or telephone, and the personal information you give me enables me to provide my service to you.
Legitimate business interests
In certain situations, I collect and process your personal information for purposes that are in my legitimate business interests. However I only do this if there is no overriding prejudice to you by using your personal information in this way. I describe below all situations where I may use this basis for processing.
With your explicit consent
For any situations where contract or legitimate business interest bases are not appropriate, I will instead ask for your explicit consent before using your personal information in that specific situation.
Sharing your data with third parties
There are four circumstances under which I may disclose your personal information to third parties. These are:
When working in a “shared care” arrangement with another doula to provide my service to you. I will ask for your consent before sharing any identifying or sensitive information.
When working with a “backup” doula to provide my service to you. I will ask for your consent before sharing any identifying or sensitive information.
When obtaining information on your behalf. I will ask for your consent before sharing any identifying or sensitive information.
Where I am under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used. Most web browsers are configured to initially accept cookies automatically.
You may change your Internet browser settings to prevent your computer from accepting cookies or to notify you when you receive a cookie so that you may decline it. Please note, if you disable cookies, you may not experience optimal performance of my website.
Other processing activities
I may also process personal information in the following ways:
I may analyse data I hold about you to ensure that the content and timing of communications that I send you are as relevant to you as possible.
I may analyse data I hold about you in order to identify and prevent fraud.
I may analyse data I hold about you in order to comply with reporting requirements, such as to Doula UK, however no identifying information is shared.
I may analyse information about how you use my website, it’s content and ads in order to improve my website.
I may analyse data in order to produce statistics for marketing purposes. For example, providing stats on breastfeeding uptake, homebirths and so forth.
I will always keep your rights and interests at the forefront to ensure they are not overridden by my own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect my ability to carry out tasks above that are for your benefit.
Your banking details
There may be circumstances where I need to obtain your banking details in order to process a payment, such as a refund. In these circumstances, this information is kept securely on password protected devices, the payment is processed by my bank or Paypal, and your information will be deleted from my devices as soon as payment has been processed.
How I maintain your personal data
I store your personal information for 5 years. I do this so that:
I can provide your data to you at your request. For example, if you were to experience complications resulting from your birth or care, you might contact me to ask for information we may have discussed and recorded at the time.
I can send appropriate communications on anniversary’s, such as your baby’s birthday.
I can provide good continuity of care should you employ me again in the future.
I can keep accurate records for tax purposes. For example details such as your name and address may be recorded on invoices or receipts that I need to keep to fulfil my obligations to HMRC.
If there are aspects of your record that are inaccurate or that you would like to remove, you can let me know by contacting me using the details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on my system so that I can comply with your requests.
Where I store your data
Your electronic data is password protected and stored securely on a password protected hard-drive which is separate to but accessed through my password protected personal home computer. I use Zoho as my email platform using servers in the EU.
How I keep your personal data secure
I have in place appropriate safeguards (both in terms of my procedures and the technology I use) to keep your personal information as secure as possible. I use a secure and lockable cabinet for handwritten notes, with the key kept in a separate location. Electronic data is password protected at every stage (file, storage, accessing device). I will ensure that any third parties I use do the same.
Your rights to your personal data
You have a right to request a copy of the personal information that I hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
My contact details and further information
Date: 24th May 2018