Inner Source Privacy Policy

I am committed to protecting your personal information and being transparent about what information I hold about you. Using personal information allows me to develop a better understanding of your needs and to provide you with the services agreed between us.

I use your information in accordance with all applicable laws concerning the protection of personal information.

This policy explains

  • What information I may collect about you

  • How I may use that information

  • In what situations I may disclose your details to third parties

  • The use of cookies to improve your use of my website

  • How I keep your personal information secure, how I maintain it for you, and your rights to access it. 

If you have any queries about this policy, please contact me by emailing or by using the contact form at

Who I am
I am Kat Galbraith, a birth, postnatal and bereavement doula. I am the sole owner of Inner Source, operating in the West Midlands.


How I collect your data
I collect various types of information and in a number of ways: 

  • I keep brief written records for all my clients, which include names, address, telephone numbers, other contact details such as email addresses, and personal information which may be sensitive in nature. Information may also be collected electronically by email or text message.

  • Information from third parties. Where I have been given explicit permission to do so by a client, for example, when asked to obtain information on their behalf. I may record information given to me by third parties.

Sensitive personal data 
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. Due to the nature of my work, sensitive information may be obtained in the form of hand written notes or electronically with client consent.

Legal basis for processing your data
There are three bases under which I may process your data: 

  1. Contract purposes 

    When you book me as a doula. contracts are exchanged and you enter a contractual relationship with me. In order to perform this contract I need to process and store your data. For example I may need to contact you by email or telephone, and the personal information you give me enables me to provide my service to you.

  2. Legitimate business interests 

    In certain situations, I collect and process your personal information for purposes that are in my legitimate business interests. However I only do this if there is no overriding prejudice to you by using your personal information in this way. I describe below all situations where I may use this basis for processing. 

  3. With your explicit consent 
    For any situations where contract or legitimate business interest bases are not appropriate, I will instead ask for your explicit consent before using your personal information in that specific situation. 

Sharing your data with third parties
There are four circumstances under which I may disclose your personal information to third parties. These are:

  1. When working in a “shared care” arrangement with another doula to provide my service to you. I will ask for your consent before sharing any identifying or sensitive information.

  2. When working with a “backup” doula to provide my service to you. I will ask for your consent before sharing any identifying or sensitive information.

  3. When obtaining information on your behalf. I will ask for your consent before sharing any identifying or sensitive information.

  4. Where I am under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies). 

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used. Most web browsers are configured to initially accept cookies automatically.

You may change your Internet browser settings to prevent your computer from accepting cookies or to notify you when you receive a cookie so that you may decline it. Please note, if you disable cookies, you may not experience optimal performance of my website.

Other processing activities
I may also process personal information in the following ways:

  • I may analyse data I hold about you to ensure that the content and timing of communications that I send you are as relevant to you as possible.

  • I may analyse data I hold about you in order to identify and prevent fraud. 

  • I may analyse data I hold about you in order to comply with reporting requirements, such as to Doula UK, however no identifying information is shared.

  • I may analyse information about how you use my website, it’s content and ads in order to improve my website.

  • I may analyse data in order to produce statistics for marketing purposes. For example, providing stats on breastfeeding uptake, homebirths and so forth.

I will always keep your rights and interests at the forefront to ensure they are not overridden by my own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect my ability to carry out tasks above that are for your benefit.

Your banking details
There may be circumstances where I need to obtain your banking details in order to process a payment, such as a refund. In these circumstances, this information is kept securely on password protected devices, the payment is processed by my bank or Paypal, and your information will be deleted from my devices as soon as payment has been processed.

How I maintain your personal data
I store your personal information for 5 years. I do this so that:

  • I can provide your data to you at your request. For example, if you were to experience complications resulting from your birth or care, you might contact me to ask for information we may have discussed and recorded at the time.

  • I can send appropriate communications on anniversary’s, such as your baby’s birthday.

  • I can provide good continuity of care should you employ me again in the future.

  • I can keep accurate records for tax purposes. For example details such as your name and address may be recorded on invoices or receipts that I need to keep to fulfil my obligations to HMRC.

If there are aspects of your record that are inaccurate or that you would like to remove, you can let me know by contacting me using the details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on my system so that I can comply with your requests.

Where I store your data
Your electronic data is password protected and stored securely on a password protected hard-drive which is separate to but accessed through  my password protected personal home computer. I use Zoho as my email platform using servers in the EU.

How I keep your personal data secure
I have in place appropriate safeguards (both in terms of my procedures and the technology I use) to keep your personal information as secure as possible. I use a secure and lockable cabinet for handwritten notes, with the key kept in a separate location. Electronic data is password protected at every stage (file, storage, accessing device). I will ensure that any third parties I use do the same.

Your rights to your personal data
You have a right to request a copy of the personal information that I hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.

Changes to this privacy policy
I reserve the right to modify this Privacy Policy at any time in order to reflect any changes to my practices, or for other operational, legal or regulatory reasons. Any modifications to this Privacy Policy will be effective upon publication of the new terms. You will be notified via email of any material changes to this policy if I have your contact information.

My contact details and further information 
Please get in touch with me if you have any questions about any aspect of this Privacy Policy, and in particular if you would like to object to any processing of your personal information that I carry out for my legitimate business interests.

Kat Galbraith

Date: 24th May 2018