<\/p>\n
Last updated: 14\/04\/2024<\/p>\n
At The Happy Mums Foundation, we believe that privacy is a foundation of trust. When you share your story, your contact details, or your time with us, we promise to look after that information with the same care we provide in our support groups.<\/p>\n
This policy explains what information we collect, why we need it, and, most importantly, how we keep it safe.<\/p>\n
<\/p>\n
Depending on how you interact with us, we may collect:<\/p>\n
Contact Details:<\/b> Your name, email, and phone number so we can stay in touch.<\/p>\n<\/li>\n Support Data:<\/b> Information about your wellbeing (such as the Warwick Edinburgh Wellbeing scale) to help us provide the right support and measure our impact.<\/p>\n<\/li>\n Safeguarding Information:<\/b> If we are concerned about your safety or the safety of a child, we record these details as part of our duty of care.<\/p>\n<\/li>\n Volunteer & Training Data:<\/b> Your training progress, quiz results, and group attendance.<\/p>\n<\/li>\n Financial Data:<\/b> Our payment processor (Stripe) handles your card details for donations or training. We never see or store your card number.<\/p>\n<\/li>\n Digital Data:<\/b> Information about how you use our website (via the google analytics, tag manager and Facebook Pixel).<\/p>\n<\/li>\n<\/ul>\n We use various tools to make sure we are accessible while keeping everyone\u2019s data secure:<\/p>\n Facebook Messenger:<\/b> We only communicate via the official Happy Mums Foundation<\/b> business account. Our staff and volunteers never use their personal Facebook accounts to contact you about Foundation work.<\/p>\n<\/li>\n WhatsApp:<\/b> We use a Business WhatsApp Channel<\/b>. This allows us to send updates and information to members safely without sharing your personal phone number with other members of the group.<\/p>\n<\/li>\n Professional Telephony:<\/b> When we call you, we use an app called FlowUC<\/b>. This means our team calls from our office number, even if they are working flexibly, ensuring their personal numbers and your contact logs stay private.<\/p>\n<\/li>\n Newsletters:<\/b> We use Mailchimp<\/b> for bulk updates. You can “unsubscribe” at any time with one click.<\/p>\n<\/li>\n<\/ul>\n We use a carefully chosen “family” of secure systems. We use Two-Factor Authentication (2FA)<\/b> on all these systems\u2014which is like having a second, secret lock on the door that only we have the key to.<\/p>\n Beacon CRM:<\/b> Our main “digital filing cabinet” for contact details and support history.<\/p>\n<\/li>\n Volunteero:<\/b> Used to coordinate our volunteers. To protect you, safeguarding notes here use initials only<\/b>, keeping your identity separate from the sensitive details of the report.<\/p>\n<\/li>\n Microsoft 365:<\/b> Our internal emails and documents, secured by our IT partners, Castle Computers<\/b>.<\/p>\n<\/li>\n Stripe & QuickBooks:<\/b> These handle our payments and accounting with world-class security.<\/p>\n<\/li>\n Our Website:<\/b> Stores training progress and utilizes the Facebook Pixel<\/b>. This “pixel” helps us understand how people use our site and ensures our Facebook adverts reach the people who might need our support most.<\/p>\n<\/li>\n<\/ul>\n .<\/p>\n We take an extra step to protect your most sensitive information. By keeping your name in Beacon<\/b> and any safeguarding notes in Volunteero<\/b> (using only your initials), we ensure that even if one system were ever compromised, your full identity and your private wellbeing notes stay disconnected.<\/p>\n We handle criminal record checks with the highest confidentiality. We physically inspect certificates, log the check, and return the certificate to you. We only keep a record of that inspection for one year after you stop working or volunteering with us.<\/p>\n We will never<\/b> sell your data. We only share it when:<\/p>\n You give us explicit permission.<\/p>\n<\/li>\n We are legally required to (for example, in a safeguarding emergency).<\/p>\n<\/li>\n We share “anonymised” impact data (like average mood scores) with funders. This never includes your name or identifying details.<\/p>\n<\/li>\n<\/ul>\n You are in charge of your data. You have the right to:<\/p>\n Ask for a copy of the information we hold about you.<\/p>\n<\/li>\n Ask us to correct anything that is wrong.<\/p>\n<\/li>\n Ask us to delete your information (unless we have a legal duty to keep it).<\/p>\n<\/li>\n<\/ul>\n If you have any questions or would like to exercise your rights, please contact our Data Protection Officer, Katie Bruce<\/b>, at info@happymums.org.uk.<\/p>\n We review this policy every year to make sure we are always using the best and safest ways to look after you.<\/p>\n <\/p>\n <\/p>[\/et_pb_text][et_pb_divider _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”] What do we collect: Name, phone number, email address, emergency contact name and phone number, dates attended groups, mood survey scores, photos and quotations<\/p>\n ANONYMISED: ethnicity, age, pregnancy status, postcode, sexual orientation, gender, disability status<\/p>\n How do we collect it: Storage: Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with:<\/strong><\/p>\n Police \/ Safeguarding Hub (with or without consent in instances of Immediate risk of harm)<\/p>\n To healthcare providers in health emergency (with consent where possible)<\/p>\n To Emergency contact (with Consent where possible)<\/strong><\/p>\n Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong> What do we collect: How do we collect it: Storage: Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with: Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong> What do we collect: Name, email address<\/p>\n Collected via Stripe for Payment processing: Name, Address, email address and Payment Information. This information is not held by Happy Mums.<\/p>\n How do we collect it: Storage:<\/strong> Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with:<\/strong><\/p>\n To \/ From Payment Provider Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong> What do we collect: How do we collect it: Storage: Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with: Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong> What do we collect:\u00a0 How do we collect it: Storage: Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with:<\/strong><\/p>\n To\/ from payroll provider Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong> What do we collect: How do we collect it: Storage: Why do we need this data: Source of Data: Permission \/ Legal Basis for storing and using data: Who is this data shared with: Is any of this data shared oversees: Security Arrangements: Any Further Processing:\u00a0<\/strong> Retention and Disposal:<\/strong>2. How We Communicate With You<\/h2>\n
\n
3. Our “System Family” (Where Your Data Lives)<\/h2>\n
\n
4. Privacy by Design: Our “Silo” Approach<\/h2>\n
5. DBS Data & Recruitment<\/h2>\n
6. Sharing Your Data<\/h2>\n
\n
7. Your Rights<\/h2>\n
\n
8. Contact Us<\/h2>\n
The Happy Mums Foundation Record of Processing Activities<\/span><\/h2>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]
Mums, Mums-to-be & Birth-Givers (Service Users)<\/strong><\/h2>\n
<\/strong><\/p>\n
<\/strong>Online registration form, Group Registers, Group Debrief Form
Emails, Telephone calls recorded manually, Meta messenger
Questionnaires. Images taken at events usually via smart phones. All Electronic Unless Specified otherwise.<\/p>\n
<\/strong><\/strong>Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. Images taken via smart phones are transfered to M365 as soon as possible then removed from Mobile Device
Facebook Messenger
Canva (images for promotional use)
<\/strong><\/p>\n
<\/strong>To provide project services
To report safeguarding concerns
To inform of new services
To analyse impact and report to funders<\/strong><\/p>\n
<\/strong>Service User, Group Facilitators<\/p>\n
<\/strong>Legitimate Interests
Consent (explicitly for newsletter, photos, quotations and all special category data)
<\/strong><\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC<\/p>\n
All data held for 6 years from last contact EXCEPT:
If safeguarding procedures retain for 10 years from last contact
Suspicious death of a service user kept for 75 years
Aggregated statistical returns including non-identifiable personal data kept indefinitely
Enquiries which do not lead to services being received kept for 2 years (aggregated statistical returns including non-identifiable personal data kept indefinitely)<\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Volunteers<\/strong><\/h2>\n
<\/strong>Name, address, phone numbers, personal email address, volunteer role title, DBS Certificate number, bank details, date of birth, driving licence number, passport number, medical conditions, declarations of interests, training records and certificates. Next of Kin name and phone number (for emergecy use only)<\/p>\n
<\/strong>Application form, Volunteer Details Form, DBS supporting evidence , Medical Info form, letters
ALL ELECTRONIC unless specified otherwise<\/p>\n
<\/strong><\/strong>Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. DBS information restricted to need-to-know users.
<\/strong><\/p>\n
<\/strong>To provide volunteer role
To pay expenses
To ensure safety of service users<\/strong><\/p>\n
<\/strong>Volunteer, Line Manager<\/p>\n
<\/strong>Contract – Volunteer Agreement<\/strong><\/p>\n
<\/strong>In response to requests for references
To\/ from DBS check provider
To\/ from HMRC as required by law
To healthcare providers in health emergency (with consent where possible)
To\/ from accountant
<\/strong><\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC<\/p>\n
Application and recruitment data for unsuccessful candidates held for 6 months from interview date
Volunteer details and training records up to 6 years after volunteering ends
Bank details & DBS info no longer than necessary
Expenses payments 6 years from financial year end<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Supporters (via Supporterships)<\/h2>\n
<\/strong><\/p>\n
<\/strong>Online sign up page<\/p>\n
Electronic: WordPress Database and Microsoft 365 – Password protected system.\u00a0
<\/strong><\/p>\n
<\/strong>To provide services described in each supportership package
<\/strong><\/p>\n
<\/strong>Supporter<\/p>\n
<\/strong>Legitimate Interests
Consent\u00a0
<\/strong><\/p>\n
To \/ From Accountant<\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC<\/p>\n
All data held for 6 years from last contact\u00a0<\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Third Parties: Next of Kin, Emergency Contacts and Children of Service Users<\/strong><\/h2>\n
<\/strong>Name, address, phone number, email address, job title, organisation<\/p>\n
<\/strong>Application forms, Registration Forms, Group Register, Group Debrief Form, Emails, Telephone calls.\u00a0
ALL ELECTRONIC unless specified otherwise<\/p>\n
<\/strong><\/strong>Manual: If initially collected on paper, this is transfered to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system.
<\/strong><\/p>\n
<\/strong>To comply with Recruitment Policy
To keep employees, volunteers and beneficiaries safe
To report safeguarding concerns
<\/strong><\/p>\n
<\/strong>Service User, Volunteer, Employee<\/p>\n
<\/strong>Legitimate Interest<\/strong><\/p>\n
<\/strong>Police \/ Safeguarding Hub (with consent where possible)
To healthcare providers in health emergency (with consent where possible)
<\/strong><\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC<\/p>\n
All data held for 6 years from last contact EXCEPT:
If safeguarding procedures retain for 10 years from last contact
Suspicious death in relation to services provided of a service user kept for 75 years
Aggregated statistical returns including non-identifiable personal data kept indefinitely
Enquries which do not lead to services being received kept for 2 years (aggregated statitstical returns including non-identificable personal data kept indefinitely)
Records of accidents\/incidents and If safeguarding procedures used until child reaches 24 years
Suspicious death in relation to services provided of a child kept for 75 years
Shredded on disposal<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Employees<\/strong><\/h2>\n
<\/strong>Name, address, phone numbers, personal email address, job title, bank details, salary, NI Number and Tax Code, date of birth, DBS certificate number, passport number, driving licence number, medical conditions, travel expenses claims, personalised risk assessments, training records and certificates, sickness absence records, contracts and letters, Right to Work ID check form<\/p>\n
<\/strong>Application form, Employee Details Form, DBS and Right to Work checklists, HMRC forms, Medical Info form, training records form, travel expenses form, sickness absence recording forms, letters, contracts. ALL ELECTRONIC unless specified otherwise<\/p>\n
<\/strong><\/strong>Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. DBS information restricted to need-to-know users.
<\/strong><\/p>\n
<\/strong>To provide employment
To pay wages
To ensure safety of service users
To ensure health and wellbeing of employee
<\/strong><\/strong><\/p>\n
<\/strong>Employee, Line Manager<\/p>\n
<\/strong>Contract – Terms and Conditions of employment<\/strong><\/p>\n
To \/ from pensions provider
In response to requests for references
To\/ from DBS check provider
To\/ from HMRC as required by law
To healthcare providers in health emergency (with consent where possible)
To\/ from accountant
<\/strong><\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC<\/p>\n
Application and recruitment data for unsuccessful candidates held for 6 months from interview date
Personal details and training records up to 6 years after employment ends
Bank details & DBS info no longer than necessary
HMRC\/Pension\/Payroll payments 6 years from financial year end<\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Suppliers<\/strong><\/h2>\n
<\/strong>Name, business address, business phone number, email address, company name, job title, bank details (if BACs payment required)<\/p>\n
<\/strong>Phonecalls, emails, websites, invoices.<\/p>\n
<\/strong><\/strong>Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. DBS information restricted to need-to-know users.
<\/strong><\/p>\n
<\/strong>To request products\/services,
To pay invoices<\/strong><\/p>\n
<\/strong>Supplier<\/p>\n
<\/strong>Contract\u00a0
Legitimate Interests<\/strong><\/p>\n
<\/strong>To \/ from accountant
To \/ from payment provider<\/strong><\/p>\n
<\/strong>No<\/p>\n
<\/strong>Password protected systems with 2-step -verifcation where possible<\/p>\n
None<\/p>\n
All data held for 6 years from last contact.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_divider _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_divider][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]Associated Privacy Policies<\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.24.0″ _module_preset=”default” global_colors_info=”{}”]