The Miscarriage Association (“The M.A.”) is committed to ensuring that personal information is held fairly, lawfully and securely in accordance with privacy laws.
Regulation (EU) 2016/679 of the European Parliament – the General Data Protection Regulation (‘GDPR’) – obliges us to provide you with information about how and why we use your data. We recognise our obligations and your legal rights set out in the GDPR. We are committed to protecting and respecting your privacy and complying with the principles of the GDPR.
In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to the Miscarriage Association, a registered charity, number 1076829 (England and Wales) and number SC039790 (Scotland) and registered address 17 Wentworth Terrace, Wakefield WF1 3QW.
The M.A. supports anyone affected by miscarriage, ectopic pregnancy or molar pregnancy. In order to provide online support and services we need to hold some personal information about visitors to our website.
The Miscarriage Association does not have a Data Protection Officer. However, for information and queries about data protection compliance, please email email@example.com, telephone 01924 200799, or write to the Miscarriage Association, 17 Wentworth Terrace, Wakefield WF1 3QW.
This policy was last updated on: 06/08/18
‘Personal data’ means any information relating to an individual (‘data subject’) who can be identified, directly or indirectly by the information.
The data we hold about you will vary, depending on our relationship with you. Below are examples of the sorts of data that we may hold:
We collect, store and process personal data for several purposes, mainly: membership administration, volunteer administration and financial accounting. We will not use any of the information that we collect from you, or about you, for any purpose other than those listed in this document. If we would like to use your personal data in any other way, we will seek your permission.
There are four legal bases by which we process your personal information:
1. Where required to perform a CONTRACT. For example:
2. Where required to comply with our LEGAL OBLIGATIONS. For example:
3. Where there is a LEGITIMATE INTEREST. For example:
4. Where you have provided CONSENT. For example:
If we collect your personal information, the length of time that we keep (retain) it depends on a number of factors (e.g. your consent and any legal obligations). The M.A.’s Retention Schedule records approved retention periods, the reason for the retention period and how that is ended.
We do not retain personal information in an identifiable format for any longer than is necessary. Where you have given us consent to retain your data, we will only hold the data for the duration of your consent.
If we know that someone contacting us is under the age of 13, we would require parental or guardian consent to collect or process their personal data.
We seek parental or guardian approval of any fundraising or other agreement made with anyone under the age of 16.
We do not send marketing information.
We only share personal data with people when you have given us permission to do so or where we are required by law. Other than the circumstances set out above, information about you will not be passed to a third party for any other purposes. All our suppliers and contractors are required by their data sharing agreements or contracts to treat your data as carefully as we would, to use it only as instructed, and to allow us to check that they do this.
For a list of the types of organisations we may share your personal information with, see below:
The Miscarriage Association does not perform any profiling (e.g. wealth screening) or automated decision-making.
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Economic Area. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than in the UK. We will take all reasonable steps to ensure that your personal information is used only in accordance with this privacy notice and applicable data protection laws and is respected and kept secure; and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws.EU-US Privacy Shield and Swiss-US Privacy Shield. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our users. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov. Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world – including outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-US Privacy Shield and Swiss-US Privacy Shield. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our users. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov.
Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us via email@example.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
When someone visits www.miscarriageassociation.org.uk or www.daysthatmatter.org.uk we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from this site with any personally identifying information from any source.
We use your IP address to help diagnose problems with our server, and to administer our website. Your IP address is used to help identify you and to gather broad demographic information.
We use Google Analytics to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google
The following cookies are used on our website:
|PHPSESSID||Session cookie used to establish a user session. It is used on a temporary basis and disappears when the session is closed|
This is used by Google Analytics to distinguish users)
This is used by Google Analytics to distinguish users
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We never sell or share your information to other organisations to use for their own purposes.
The GDPR grants you certain rights (‘information rights’) which we summarise below.
|Right of access||You have the right to obtain confirmation from the Miscarriage Association as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data.|
|Right to rectification||You have the right to oblige the Miscarriage Association to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.|
|Right to erasure (right to be forgotten)||You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to erase personal data concerning you.|
|Right to restriction of processing||You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.|
Right to data portability
|You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to provide you with the personal data about you which you have provided to them, in a structured, commonly used and machine-readable format. You also have the right to oblige the Miscarriage Association to transmit those data to another controller.|
|Right to withdraw consent||If the lawful basis for processing is consent, you have the right to withdraw that consent.|
|Right to object to direct marketing||Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.|
|Rights in relation to automated decision making and profiling||The Miscarriage Association does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.|
You have the right to withdraw your consent to the Miscarriage Association
To withdraw your consent to any or all of these, please
If you wish to exercise any of your rights concerning your personal data, you should contact us at:
The Miscarriage Association is not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this Act.
If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113, email: firstname.lastname@example.org.