Background When referring to Birthfully Independent Midwifery, or the term"I" in the text below, this refers to sole trader, Suyai Steinhauer. I am a registered midwife and my activities as a midwife are regulated by the Nursing and Midwifery Council. I am a member of the Royal College of Nursing and a member of the Association of Radical Midwives.
Suyai Steinhauer of Birthfully Independent Midwifery, owns and operates this site, and understands that your privacy is important to you and that you care about how your personal data is used. I respect and value the privacy of everyone who visits this website, www.birthfully.com (“my Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with my obligations and your rights under the law.
What this policy covers This Privacy Notice applies only to your use of my Site. My Site may contain links to other websites. Please note that I have no control over how your data is collected, stored, or used by other websites and I advise you to check the privacy policies of any such websites before providing any data to them.
What is personal data Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What is a privacy notice? The GDPR requires that data controllers provide certain information to people whose information (personal data) they hold and use. A privacy notice is one way of providing this information. Different Organisations may use different terms, and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.
The law determines how organisations can use personal information. The key laws are: the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), relevant health service legislation, and the common law duty of confidentiality.
This privacy notice is a statement that describes how Birthfully Independent Midwifery collects, use, retains and discloses personal information. I respect your right with regards to data privacy and data protection when you communicate (online or offline) with me through my Site, social media, text messages and offline programs or events. To ensure that I process your personal data fairly and lawfully I am required to inform you: ·Why I need your data ·How it will be used and ·Who it will be shared with
This information also explains what rights you have to control how I use your information. Within this page I describe instances where Birthfully Independent Midwifery is the “Data Controller”, for the purposes of the Data Protection Act 1998, and where I direct or commission the processing of client data to help deliver better healthcare, or to assist the management of healthcare services.
Birthfully Independent Midwifery is a ‘data controller’ under the DPA. I have notified the Information Commissioner that I process personal data and the details are publicly available from the:- Information Commissioner’s Office Wycliffe House Water Lane, Wilmslow SK9 5AF ico.org.uk Please contact me if you have any questions about this privacy notice or information I hold about you: via the website.
What information do I collect about you? Most people will use my Site without providing any personal data. I don’t collect any sensitive data, and the only personal data I collect is if you contact me directly, either by email, phone or text, and leave me your contact information. However if you contact me to discuss my services, your personal details are required in order for me to enter into a contract with you.
Under the GDPR, I must always have a lawful basis for using personal data. This may be because the data is necessary for my performance of a contract with you, because you have consented to my use of your personal data, or because it is in my legitimate business interests to use it. Your personal data may be used for one of the following purposes:
Supplying my products and/or services to you. Your personal details are required in order for me to enter into a contract with you.
Communicating with you. This may include responding to emails or calls from you.
Supplying you with information by email that you have opted-in to.
With your permission and/or where permitted by law, I may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on my products and/or services. You will not be sent any unlawful marketing or spam. I will always work to fully protect your rights and comply with my obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. I may use Google analytics for the purposes of monitoring use of my website but this only gives non-personal statistics about website and blog use, not personal information.
I only collect and use your information for a lawful purposes. These purposes include: · Accounting and Auditing · Accounts and records · Advertising, marketing & public relations · Consultancy and Advisory services · Crime prevention and prosecution of offenders · Education · Health administration and services · Information and databank administration · Research · Sharing and matching of personal information for national fraud initiative · Staff administration
Storage of personal dataThe security of your personal data is essential to me, and to protect your data, I take a number of important measures, including the following:
All personal electronic data is securely stored on my computer.
The only paper records I hold are those for midwifery clients and these are securely stored at my business address in ways that conform to the NMC Code.
I do not share data that is obtained via your use of my site with any third parties, for any purpose. If you become a midwifery client or use other services that I offer, limited data may be shared with other GDPR compliant partners (such as backup midwives, the indemnity provider, or the NHS) in order to provide the service. Your consent will always be sought prior to sharing your personal information and if you do not give consent then your information will not be shared. In some limited circumstances, I may be legally required to share certain personal data, which might include yours, if I am involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
What types of personal data do I handle? I process personal information to enable me to support the provision of healthcare services to clients, maintain my own accounts and records, promote my services, and to support and manage employees. The types of personal information I use includes: · personal details such as names, addresses, telephone numbers · family details for example next of kin details · employment details, for example for those that work for me either directly or are commissioned by me to provide a service · financial details, where I provide payment for services or access to funds for individual clients · services, for example details of the services access or offered by providers · lifestyle and social circumstances · details held in the patient’s record, where I hold or manage the patient’s record
I also process sensitive classes of information that may include: · Racial and ethnic origin · Offences (including alleged offences), criminal proceedings, outcomes and sentences · Religious or similar beliefs · Complaints, accidents, and incident details · Physical or mental health details · Sexual life
Sharing your information There are a number of reasons why I share information. This can be due to: · My obligations to comply with current legislation · My duty to comply with a Court Order · You have consented to disclosure
Retaining information I will only retain information for as long as necessary. Records are maintained in line with the NHS retention schedule which determines the length of time records should be kept. I will also maintain contact information on mobile devices for as long as is required so that you may contact me in the future. If you do not wish this to be retained please let me know and I will delete the contact information upon discharge.
Security of your information I take my duty to protect your personal information and confidentiality seriously. I am committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which I am responsible, whether computerised or on paper. Birthfully Independent Midwifery is subject to the NHS Confidentiality Code of Conduct - as such I am required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. I abide by this practice in all aspects of work including my independent practice.
How to access your personal information The Data Protection Act 1998 gives you the right to see the information that Birthfully Independent Midwifery holds about you and why. Requests must be made in writing and you will need to provide: ·adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located. ·an indication of what information you are requesting, to enable me to locate this in an efficient manner.
A request for information from a health record has to be made with the appropriate data controller, this will be Suyai Steinhauer. Details on contacting me are found on the footer of every page of this website.
I aim to comply with requests for access to personal data as quickly as possible. I will ensure that I deal with requests within 40 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act. I want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let me know promptly and I will ensure the records are amended. Some other verification may be requested to change the data record to ensure it is accurate.