Our helpline: 01924 200799 Mon-Fri, 9am-4pm

Privacy information

The Miscarriage Association (“The M.A.”)  is committed to ensuring that personal information is held fairly, lawfully and securely in accordance with privacy laws.

This privacy policy covers the different elements of any personal information we collect from you and why.  It tells you what we do with the information, how long we will hold it, what we won’t do with the information, and what rights you have.

Introduction to Data Protection

Regulation (EU) 2016/679 of the European Parliament – the General Data Protection Regulation (‘GDPR’) – obliges us to provide you with information about how and why we use your data. We recognise our obligations and your legal rights set out in the GDPR. We are committed to protecting and respecting your privacy and complying with the principles of the GDPR.

Who are ‘we’?

In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to the Miscarriage Association, a registered charity, number 1076829 (England and Wales) and number SC039790 (Scotland) and registered address 17 Wentworth Terrace, Wakefield WF1 3QW.

The M.A. supports anyone affected by miscarriage, ectopic pregnancy or molar pregnancy. In order to provide online support and services we need to hold some personal information about visitors to our website.

Data Protection Officer

The Miscarriage Association does not have a Data Protection Officer. However, for information and queries about data protection compliance, please email dataprotection@miscarriageassociation.org.uk, telephone 01924 200799, or write to the Miscarriage Association, 17 Wentworth Terrace, Wakefield WF1 3QW.

Amendments to our Privacy Policy

If we amend our privacy policy, any changes will be published on our website. If necessary, this will be brought to your attention.

This policy was last updated on: 06/08/18

What is personal data?

‘Personal data’ means any information relating to an individual (‘data subject’) who can be identified, directly or indirectly by the information.

The types of personal data we may collect and use

The data we hold about you will vary, depending on our relationship with you.  Below are examples of the sorts of data that we may hold:

How we use your personal information

We collect, store and process personal data for several purposes, mainly: membership administration, volunteer administration and financial accounting. We will not use any of the information that we collect from you, or about you, for any purpose other than those listed in this document. If we would like to use your personal data in any other way, we will seek your permission.

There are four legal bases by which we process your personal information:

1. Where required to perform a CONTRACT. For example:

2. Where required to comply with our LEGAL OBLIGATIONS. For example:

3. Where there is a LEGITIMATE INTEREST. For example:

4. Where you have provided CONSENT. For example:

Retaining your information

If we collect your personal information, the length of time that we keep (retain) it depends on a number of factors (e.g. your consent and any legal obligations). The M.A.’s Retention Schedule records approved retention periods, the reason for the retention period and how that is ended.

We do not retain personal information in an identifiable format for any longer than is necessary. Where you have given us consent to retain your data, we will only hold the data for the duration of your consent.

Children

If we know that someone contacting us is under the age of 13, we would require parental or guardian consent to collect or process their personal data.

We seek parental or guardian approval of any fundraising or other agreement made with anyone under the age of 16.

Using your information for marketing

We do not send marketing information.

Sharing your personal data and data processing

We only share personal data with people when you have given us permission to do so or where we are required by law.  Other than the circumstances set out above, information about you will not be passed to a third party for any other purposes. All our suppliers and contractors are required by their data sharing agreements or contracts to treat your data as carefully as we would, to use it only as instructed, and to allow us to check that they do this.

For a list of the types of organisations we may share your personal information with, see below:

Profiling

The Miscarriage Association does not perform any profiling (e.g. wealth screening) or automated decision-making.

International transfer

The personal information we collect may be transferred to and stored in countries outside of the UK and the European Economic Area. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than in the UK. We will take all reasonable steps to ensure that your personal information is used only in accordance with this privacy notice and applicable data protection laws and is respected and kept secure; and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws.EU-US Privacy Shield and Swiss-US Privacy Shield. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our users. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov. Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us via privacyshield@dropbox.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.

Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world – including outside your country. Information may also be stored locally on the devices you use to access the Services.

EU-US Privacy Shield and Swiss-US Privacy Shield. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with our users. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov.

Dropbox is overseen by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us via privacyshield@dropbox.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.

Information Security

Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We place a great importance on the security of all personally identifiable information associated with our service users. This includes policies, procedures and security features to ensure that information about you is treated securely and protected from unauthorised and unlawful access and used in accordance with this privacy policy. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. While we cannot guarantee that loss, misuse or alteration of data will not occur while it is under our control or being transferred, we use our best efforts to try to prevent this.

Cookies

When someone visits www.miscarriageassociation.org.uk or www.daysthatmatter.org.uk  we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from this site with any personally identifying information from any source.

We use your IP address to help diagnose problems with our server, and to administer our website. Your IP address is used to help identify you and to gather broad demographic information.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Our site uses cookies to keep track of your shopping cart. We use cookies to identify you so we can retrieve your information so you don’t have to re-enter it each time you visit our site.

We use Google Analytics to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google

The following cookies are used on our website:

Name Purpose
PHPSESSID Session cookie used to establish a user session. It is used on a temporary basis and disappears when the session is closed
catAccCookies Used to record whether use of cookies has been accepted
_ga 

_gid 

This is used by Google Analytics to distinguish users)

This is used by Google Analytics to distinguish users

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

What we don’t do with your information

We never sell or share your information to other organisations to use for their own purposes.

Your rights

The GDPR grants you certain rights (‘information rights’) which we summarise below.

Right of access You have the right to obtain confirmation from the Miscarriage Association as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data.
Right to rectification You have the right to oblige the Miscarriage Association to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
Right to erasure (right to be forgotten) You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to erase personal data concerning you.
Right to restriction of processing You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

Right to data portability

You have the right (under certain circumstances, but not all) to oblige the Miscarriage Association to provide you with the personal data about you which you have provided to them, in a structured, commonly used and machine-readable format. You also have the right to oblige the Miscarriage Association to transmit those data to another controller.
Right to withdraw consent If the lawful basis for processing is consent, you have the right to withdraw that consent.
Right to object to direct marketing Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
Rights in relation to automated decision making and profiling The Miscarriage Association does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.

Withdrawing consent

You have the right to withdraw your consent to the Miscarriage Association

To withdraw your consent to any or all of these, please

Your right to lodge a complaint with a supervisory authority

If you wish to exercise any of your rights concerning your personal data, you should contact us at:

The Miscarriage Association is not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this Act.

If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113, email: casework@ico.org.uk.