GDPR Notice

What is the purpose of this confidentiality and privacy notice?

From May 2018, the General Data Protection Regulation (GDPR) required all businesses to make it clear how we use your data. GDPR covers the safeguarding of personal data and protection against the unlawful processing, movement and storage of personal data within the UK and Europe.

You must read this privacy notice, along with any other privacy notice I may provide on specific occasions, when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data.

Third party links

My website may include links to other websites, including links to my business social media account. Clicking on these links may allow third parties to collect and share information about you. I do not control these third-party websites and am therefore not responsible for their privacy statements.

The personal data I collect about you

Personal data means any information about an individual from which they can be identified. The types of data I use to provide my service may include identity, contact, medical history (including obstetric and mental health history), GP name and contact details, health visitor name and contact details, baby’s weight, concerns you have or why you are contacting me, and summary details of the consultation and any recommendations or plan made.

Why do I collect this personal data and how will you use it?

I collect this information to fulfill the contract of my services to you and I will only ask for information relevant to your care that enables me to provide you with recommendations and guidance as part of my service to you.

I may use your contact details for follow up services including requests for feedback and providing information about relevant additional services.

The information you provide is confidential and not normally be shared with anyone. If, in my professional opionion, it may be beneficial to share information with your Midwife, GP or Health Visitor, I will suggest doing so, if they could further support your care. I would encourage you to share this information yourself, but would be able to share this information on your behalf, with your consent, if you preferred. If I ever had concerns that there was immediate and serious risk that you might harm yourself or someone else, or were at risk of harm from someone else; then it is my duty of care to share your personal information with a third party such as your GP or emergency services. I would still try to gain your consent first.

I may use consultation data as case studies in supervision, or for research and training purposes. However, these would be anonymised to protect the identity of you and your baby.

I require your explicit consent that you are in agreement with this policy and my terms and conditions of service.

How do I store your information?

I store the personal information listed above electronically, along with any communication we have via email, text, WhatsApp or phone call. I store your records using your initial, surname and date of our consultation as identifiers. I am using encryption and password protected systems with a cloud-based provider.

Your data is stored in my encrypted and password protected cloud-based storage, which no one else is able to access at any time.

The notes that I make during a consultation are yours to keep but I scan these to store securely in my cloud-based storage for my own records.

Any email correspondence will be saved in the same cloud storage.

If you choose to send pictures or videos via WhatsApp or text messages, these will be uploaded from my phone to your storage folder in my cloud-based storage.

Any paper notes that I may make during phone calls will be scanned and uploaded to your folder in my cloud-based storage. Any paper notes not left with you will be shredded once I have scanned and uploaded them to your folder in my cloud-based storage.

In the event of a personal data breach, I will notify you and any applicable regulator of the breach where I am legally required to do so.

How long do you store the information?

I am required by the IBCLC code of conduct to keep clear and accurate records relevant to my practice. I share these records with you at your consultation or via email following your consultation if it has been a virtual consultation. I am required by my insurance company to store the information about the care I have provided for 5 years.

Your rights

Full details of all of your rights can be found at Individual rights | ICO. (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/)

Your Right to complain about how I handle your data protection

I hope that together we can resolve any query or concern you may raise about my use of your information. However, if you are unhappy with any aspect of how I collect or use your data, you have the right to complain to the ICO who are the UK supervisory authority for data protection issues (www.ico.org.uk).

Confidentiality

I am required to have regular supervision in order to maintain my IBCLC certification and continue to provide the best possible evidence-based care. During my supervision, I may discuss your case, the care I delivered and any learning that I have taken from it. I will always ensure your anonymity in such discussions. Furthermore, the Lactation Consultant I have my supervision with will also be required to uphold current practice guidelines for confidentiality and will not disclose any information from the supervision session.