The Real Birth Company (“we”) promises to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect. In May 2018, in accordance with the General Data Protection Regulations (GDPR), we will only send communications to those that have explicitly stated that they are happy for us to do so, via their preferred channel(s) (email, SMS, phone or post).
We collect information in the following ways:
When you give it to us directly
You may give us your information in order to register to use our Real Birth Workshop Online, purchase our products or communicate with us. Sometimes when you purchase products from us, your information is collected by our sister organisation 27 Web Management, but we are responsible for your data at all times.
Social Media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us from those accounts or services.
When we collect it as you use our WEBSITE or WORKSHOP
Like most websites, we use “cookies” to help us make our site and the way you use it, better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer, phone or tablet. They make interacting with a website faster and easier, for example by automatically filling your name and address in text fields.
In addition, the type of device you’re using to access our website or workshop and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, your device manufacturer or operating system provider will have more details about what information your device makes available to us.
When you register with the Real Birth Workshop, you are asked to provide the following information:
We collect the above information to analyse the trends and usage of the workshop and to review our product to better respond to the needs of our users.
We will use your data to:
Data Minimisation
We will always ensure the data we collect is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and only collect personal data we actually need for our specified purposes. The company periodically reviews the data it holds and deletes anything we do not need.
Data Change
Should the purpose of our data collection change we will inform all users by email of the proposed changes thereby giving them the opportunity to opt out and where appropriate reobtain their consent.
Children’s data
We collect and manage information from workshop users who are under 16, as they may be parents to be who wish to use our workshop. We aim to manage it in a way which is appropriate to the age of the child. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about those under 16.
Direct Marketing
We do not sell or share personal details to third parties for the purposes of marketing
Enquiries about commissioning the Workshop, giving feedback or making a complaint
When you contact us to enquire about our products, about commissioning opportunities or provide feedback or make a complaint we will collect your contact details which will be kept on a secure internal CRM sales system. This enables us to record your enquiry and log our response to resolve your issue.
To minimize the risk of loss, accidental or intentional destruction or theft of personal data all data held by the Company is encrypted during transit using SHA Hashing and is hosted on an NHS approved server, so we are unable to identify individual users using The Real Birth Workshop.
We undertake regular reviews of who has access to the information we hold, this ensures that your information is only accessible by appropriately trained staff.
Data collected by the company will not be shared or processed for any other reason than outlined in this document. We will only ever share your data in other circumstances, if we have obtained your explicit and informed consent.
Breach of Personal Data
Should there be a personal data breach the company will assess whether the breach of security leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. Data breaches vary in severity and as such not all personal breaches that fall within the above definition need to be reported. Where the impact of a breach represents a high risk to the rights and freedoms of individuals those individuals will be advised immediately, and the breach reported to the ICO within 72 hours from point of discovery. If the breach does not fall within the above definition and does not represent a high risk the breach will be formally documented and the justification for the decision recorded.
How we delete your data
The company administrator can delete your data from our phpMyAdmin system upon email or written request. The data will be deleted from the system immediately and cannot be recovered by any users or Real Birth Company employees after this point. Data which has been deleted cannot be recovered at any time. Sufficient warning is given to the system administrator before they permanently delete anything
How long do we store your data for?
We will continue to hold personal data on our system for six months after the expected due date. At which point if you have given marketing consent, your email and username will be added to an archive directory, if you have not, your email, username will be removed from the system. Ethinicity, Postcode Sector, Age Range, Hospital Name and Language will be still be stored.
What would happen to your information if our organisation closed?
If our organisation closes, we are required by law to delete all personal and sensitive contact information for all our contacts.
Keeping your information up to date
We would really appreciate it if you could let us know if your email details change, by sending an email to dpo@therealbirthcompanyltd.com
Using the Real Birth Workshop may subject you to potential risks including, but not limited to the following.
Use the The Real Birth Online Workshop at your own risk. The Real Birth Company is not liable for any injuries, losses or damages that occur through use and access of The Real Birth Online Workshop.
To communicate with our Data Protection Officer, Daniel Davies, please send an email with data protection in the subject heading to the following address: dpo@therealbirthcompanyltd.com or write to:
Daniel Davies,
The Real Birth Company,
The Old Magistrates Court,
Gaol Street,
Hereford,
HR1 2HU
To communicate with our Clinical Safety Officer, registered midwife Zoe Wright, please send an email with clinical safety in the subject heading to the following address: cso@therealbirthcompanyltd.com or write to:
Zoe Wright,
The Real Birth Company,
The Old Magistrates Court,
Gaol Street,
Hereford,
HR1 2HU
You have the right to ask us to stop processing your personal data, and we will immediately do so. You have a right to ask for a copy of the information we hold about you. You have the right to ask for your data to be deleted. You have the right to rectify your personal data. You have the right to object to use of your personal data. You have the right to object to use of your personal data. You have the right to the portability of your personal data. You have the right to withdraw consent. We will respond to any data requests within 1 month. If you have any questions or concerns, contact us on 01432 345534 or email us dpo@therealbirthcompanyltd.com. Please be aware if you want to access information, we will need to prove who you are, you will need to send proof of identity before we release any personal data. Please contact us to be guided on where to send this.
We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website, the Real Birth Workshop or by contacting you directly. If you have any questions, comments or suggestions, please let us know by emailing us at dpo@therealbirthcompanyltd.com
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site