GDPR POLICY
Maternity Mum treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we obtain your personal data
Information provided by you
You may provide us with personal data either through written correspondence received by post or email; via online forms and website orders; or over the telephone. This can include name, address, email address and payment instructions. We will not share your data with other businesses, organisations or individuals.
How we use your personal data
We will only ever use your personal data to manage and administer the services which you have requested from Maternity Mum
Do we use your personal data for marketing purposes?
Maternity Mum does not use any personal data for marketing purposes.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Sharing information
We will keep information about you confidential and we will not disclose or share your information with other third parties with the exception of the following:
-
Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so.
Transfer of your personal data outside of the European Economic Area (EEA)
We do not transfer your personal data outside the EEA.
How long do we keep this information about you?
We keep information in line with the length of time we need to keep your personal information in order to manage and administer any services we may be offering and fulfilling to you. They also take into account our need to meet any legal, statutory to regulatory obligations. These reasons may vary from one piece of information to the next.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
-
Sources from which we acquired the information;
-
The purposes for processing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
a) The accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
b) The processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use;
c) We no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
d) You, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms from you, the data subject, or for the establishment, exercise of defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing.
If you have a complaint
If you have a complaint regarding the use of you personal data or sensitive information then please contact us by emailing us: admin@maternitymum.co.uk
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.