Privacy

Updated August 2020


This Privacy Notice sets out how My Expert Midwife (known as a Data Controller) collects and uses your personal data.
When we refer to “we”, “us” “our” or “controller” in this Privacy Notice we mean My Expert Midwife.
Our Privacy Notice is structured in a way for you to easily find the specific details of what we do with your personal data, depending on which of our services you are using, for example buying one of our products, or signing up to our newsletter.
Part 1 of our Privacy Notice is information we must tell everyone regardless of the nature of our relationship with you. Parts 2 to 6 give information that is specific to your relationship with us
  • Part 1 – General Information
  • Part 2 – If you make a purchase from our website
  • Part 3 – If you make an enquiry about our products or service
  • Part 4 – If you would just like to receive our newsletters and blogs
  • Part 5 – If you stock our products
  • Part 6 – If you are a supplier

PART 1 – GENERAL INFORMATION

Our contact details

My Expert Midwife is the data controller for the personal data we process about you.
You can contact us regarding the use of your personal data via one of the following ways: Email: advice@myexpertmidwife.com
Postal Address: Unit 4 Stoneacre, Grimbald Crag Close, Knaresborough HG4 8PJ

How we get your personal data

Most of the time we obtain personal data directly from you, for example when you purchase one of our products, or ask us a question about our products. Here are some of the ways in which you may give us your personal data;
  • Purchase one of our products
  • Create an account on our website
  • Subscribe to our newsletter
  • Contact us via email, or via the contact us page on our website
  • Engage with us through social media
  • Take part in a survey

There are some occasions when we obtain personal data indirectly, through a third party or publicly available source. For example we may purchase lists from third parties in order to contact you with relevant information, or, in the case of suppliers, we may look up your contact data from publicly available sources such as companies house.  Where this is the case My Expert Midwife will carry out all due diligence checks required and only use data that complies with the General Data Protection Regulation.

Your rights

Depending on the purpose and the legal basis we rely on for processing your personal data, there are various rights available to you. You can:
  • access the personal data we keep about you and be given specific information about the processing. This right always applies regardless of the processing activity we undertake.
  • ask us to rectify personal data we hold about you that you think is inaccurate. This right always applies regardless of the processing activity we undertake.
  • ask us to delete your personal data but only when specific circumstances apply.
  • ask us to restrict the processing of your personal data but only when specific circumstances apply.
  • object to the processing when we have relied on legitimate interest to undertake that processing activity and you believe we have infringed your rights.
  • transfer your personal data from us to another service provider or give it to you. This right only applies to personal data you have given to us and when the processing is based on your consent or contractual basis and the processing is automated.
To find out more about how to exercise your rights please refer to the guidance on the Information Commissioner’s Office website - https://ico.org.uk/your-data-matters/.
You do not have to pay a fee to us to exercise any of your rights. However, if your request is manifestly unfounded or excessive, we may either charge a reasonable fee or refuse the request.
We shall respond to valid requests within one month of receiving it.
If you wish to make a request, please contact advice@myexpertmidwife.com

How to make a complaint about us to the Information Commissioner’s Office

If you are not happy with how we are processing your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make a complaint to the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. For full details how to make a complaint please refer to their website - https://ico.org.uk/make-a-complaint/.

Sharing your information

We do not share, rent, or sell your information with any third parties for the purposes of direct marketing.
When we need to use data processors who are third parties to provide any aspect of the service, we provide to you we ensure we have appropriate contracts in place that are GDPR compliant. The data processor is not allowed to do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organisation apart from us unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.

Our data processors (external third parties) include:

 

DATA PROCESSOR  FUNCTION  PROCESSING ACTIVITIES
     
Shopify
Website: www.shopify.com/legal/privacy
Used to host our ecommerce store.  Information that you enter when placing an order on our website is held by Shopify so that we can make sure you receive your order. Your information is also stored if you have chosen to receive newsletters via our stay updated page, or contacted us via the contact us page.
     
Mosaic Fulfilment Solutions
Website: www.mosaic-fs.co.uk
privacy@mosaic-fs.co.uk
Operation of our Fulfilment and packing service. (myexpertmidwife.co.uk)  The fulfilment and packing service that we use, when you place an order through myexpertmidwife.co.uk. Mosaic Fulfilment Solutions access your data through the Shopify ecommerce site and use it to process
     
2Flow Logistics Solutions
Website: www.2flow.ie
Operation of our Fulfilment and packing service. (www.myexpertmidwife.ie)   – The fulfilment and packing service that we use, when you place an order through myexpertmidwife.ie. Flow Solutions access your data through the Shopify ecommerce site and use it to process your order only.
     
Freshdesk
Website: www.freshdesk.com
privacy@freshworks.com
Our customer relationship management tool  When you contact us via email, or via the website contact us page , freshdesk will store your email address and any other information that you have passed on to us, in order that we can respond to your enquiry. 
     
Survey Monkey
Website: www.surveymonkey.co.uk
To send you questionnaires and surveys  Will process the information that you submit in response to a survey. This may include your email address and other personal data. 
     
Mention-Me Ltd
Website: www.mention-me.com
gdpr@mention-me.com
Operation of refer a friend program  Processing customer email addresses and certain order data for the purposes of:
• Monitoring the programme and safeguarding against gaming or fraudulent use of the programme;
• Communicating with customers in connection with operation of the programme and delivery of rewards;
• Reporting to [Controller] on the performance of the programme
     
BazaarVoice
Website: www.bazaarvoice.com/uk/
Operation of of product Review Service  Processing Customer email addresses and certain order data for the purposes of Communicating with customers in connection with the operation of the review programme
     
Omnisend
Website: www.omnisend.com
privacy@omnisend.com
Operation of our email program Processing customer email addresses and certain order data in order to send, if we have permission, emails from time to time. 
     
Microsoft Onedrive for business  To store My Expert Midwife Business data  Used to store My Expert Midwife business data which may include your personal data 
     

Transferring personal data outside of the UK and EU

We use the marketing platform Omnisend to store your contact details and other personal data which allows us to undertake our marketing activities. From time to time, personal information Omnisend collects from data subjects in the European Economic Area (“EEA”) may be transferred to, stored, processed or accessed by, the Company and other entities who may be based outside of the EEA, for example, the United States. The Company will always take steps to ensure any transfer of such information to entities based outside the EEA is carefully managed to protect your rights and interests by implementing appropriate safeguards to protect your personal information. https://www.omnisend.com/privacy/

We use Freshdesk to log and reply to support tickets, and within this system we store contact information and details on previous support issues. The data held in Freshdesk may be transferred and stored outside of the EEA. We rely on the following exception in GDPR to undertake the transfer of personal data:
Adequacy decision in place (GDPR Article 45)
Freshdesk is registered under the EU-US Privacy Shield Framework. Their certificate can be viewed U.S. Department of Commerce’s Privacy Shield website https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active
We use Shopify to host our ecommerce shops, and store your contact details and personal data that allows us to carry out our contractual obligation to you, and send you the products that you have ordered. Your personal information is processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of their service, your data may be transferred to other regions, including to Canada and the United States.
 Adequacy decision in place (GDPR Article 45)
Shopify is registered under the EU-US Privacy Shield Framework. Their certificate can be viewed U.S. Department of Commerce’s Privacy Shield website https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active
The EU Commission has made a partial finding of adequacy for Canada. This adequacy finding covers data that is subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
We use SurveyMonkey to create, and manage information gathering surveys. Your personal or sensitive data (if applicable) is held by SurveyMonkey, in accordance with the company's Privacy Policy. SurveyMonkey operates in the United States, and your personal data may therefore be transferred to, stored, or processed in that country.
Adequacy decision in place (GDPR Article 45)
SurveyMonkey is registered under the EU-US Privacy Shield Framework. Their certificate can be viewed U.S. Department of Commerce’s Privacy Shield website https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

Visitors to our website 

In operating our website, www.myexpertmidwife.co.uk and www.myexpertmidwife.ie we use a third-party service, Google Analytics, to collect and process standard internet log information about your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data all of which enables us to improve our services to you.  We are not able to identify anyone from this data.
To gather the standard internet log information, we place cookies on your computer. Cookies are small text files that are placed on your computer phone or tablet, by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies are downloaded to your computer automatically and stored on the hard drive of your computer. All computers have the ability to decline cookies.
We rely on the legitimate interest’s legal basis (GDPR Article 6(1)(f)) to allow us to place cookies on your computer. You always have the right to not have cookies placed on your computer and this can be done by activating the setting on your browser which enables you to decline the cookies. However, should you choose to decline cookies, you may be unable to access particular parts of our website.

For a full list of the cookies that we use please see here

Children’s information

This website is not intended for children and we do not knowingly collect data relating to children.

Sensitive Information

We may receive medical information (sensitive personal data) from you if you decide to share it with us.  Sensitive personal data is not something we routinely ask for from our customers, however there are times when it can help us to deal with a specific query you have.  The type of information that is sometimes given to us includes:

  • Birth experiences
  • Pregnancy experiences (e.g. type of birth had; whether stitches were required; etc)
  • Health information relating to pregnancy and birth (e.g. thrush, piles, etc)

This information is captured on our Freshdesk system, and on social media platforms, if you choose to contact us this way.

Links to other websites

Our website may provide links to websites of other organisations. Our Privacy Notice does not cover how those organisations process your personal data when you visit their website. We advise you to read their Privacy Notices.

Changes to our Privacy Notice

We keep our Privacy Notice under review to ensure it remains accurate and up to date. This Privacy Notice was last updated in August 2020.

PART 2 – IF YOU MAKE A PURCHASE FROM OUR WEBSITE

What personal data do we need?

We need to collect the following personal data from you:

  • Name (first and last name)
  • Postal address
  • Billing Address
  • Email address
  • Mobile number (Optional – Except for Ireland)

How do we get your personal data?

We gather your personal data directly from you when you place an order via www.myexpertmidwife.com / www.myexpertmidwife.ie

Why we need your personal data and the legal basis we rely on for the processing

We need your personal data to process your order and send the products that you have purchased to the order address.

Additionally, we would like to keep you informed of our new products and special offers. We also think that you would be interested in our informative blogs, and news.

The legal basis we rely on are:

Contractual obligation (GDPR Article 6(1)(b))

The order that you have placed with us is under contract or with a view to entering into a contract. We require certain information from you to enable us to fulfil our pre-contractual and contractual obligations. If you are not able to provide all the necessary information, we need we may not be able to process your order, and you will not receive your products.

Legitimate interests (GDPR Article 6(1)(f)

GDPR allows us to rely on legitimate interests for direct marketing purposes. We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy. The outcome of the balancing test justifies our use of legitimate interests for this purpose as it would not be an unreasonable expectation for anyone who has enquired about our products or made a purchase to receive information from My Expert Midwife relating to pregnancy, birth and beyond, and information about new and existing products.

This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, which governs how a business can undertake electronic direct marketing. We can rely on soft opt-in for individual customers to undertake email marketing to both existing and prospective customers.

We always give you the opportunity to object to receiving marketing communications from us when we first collect your personal data and with every marketing communication thereafter. You can change your marketing preferences at any time by clicking the “unsubscribe” link in the marketing email you receive.

Who do we share your personal data with?

When you place an order via our website, your data is collected and stored by Shopify, the host of our ecommerce store. Information that you enter when placing an order on our website is held by Shopify so that we can make sure you received your order.

In order to complete your order, information that you have entered whilst placing your order is shared with our fulfilment partners, Mosaic Fulfilment Solutions, and 2Flow. Appropriate contracts are in place, that are GDPR compliant with all third parties (data processors)

  • Mosaic Fulfiment Solutions– The fulfilment and packing service that we use when you place an order through myexpertmidwife.co.uk. Mosaic Fulfilment Solutions access your data through the shopify ecommerce site and use it to process your order only.
  • 2Flow Logistics Solutions – The fulfilment and packing service that we use when you place an order through myexpertmidwife.ie. Flow Solutions access your data through the shopify ecommerce site and use it to process your order only
  • The information that you have entered when you place your order is also shared with BazaarVoice, the company that we use in order to collect and publish reviews of our products. Access Bazaar Voice’s privacy statement here
  • MentionMe we share the information that you have given to us at the time of your purchase with Mention Me – the organisation that we use for our refer a friend program. You can read more about how your information is used here.

How long do we keep your personal data?

We only keep your personal data for as long as is necessary.

Marketing contact details are held for as long as you want to remain on our marketing contact list.

We may retain anonymised data for marketing purposes.

Part 3 – IF YOU MAKE AN ENQUIRY ABOUT OUR PRODUCTS OR SERVICES

What personal data do we need?

We only need to collect an email address from you in order to answer your query. On occasion we may wish to phone you and in which case a phone number will be requested.

We only collect and store your health information if you choose to disclose this to us when you raise an enquiry with us or at any point during our interaction with you to answer your enquiry.  We do not collect any other special category personal data. 

How do we get your personal data?

We gather your personal data directly from you when contact us via advice@myexpertmidwife.com or via the website contact forms.

Why we need your personal data and the legal basis we rely on for the processing

We need your personal data in order to reply to your questions.

The legal basis we rely on is:

Consent (GDPR Article 6(1)(a))

By submitting your contact details and other personal information when asking a question to My Expert Midwife you have given your consent for us to use your personal data for this purpose.

Explicit Consent (GDPR Article 9(2)(a)

We will only process your health-related data when you have provided us with your explicit consent to do so.

Who do we share your personal data with?

Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.

We use Freshdesk to facilitate the answering of your queries.

How long do we keep your personal data?

We only keep your personal data for as long as is necessary. A period of 5 years from your date of contact has been identified, as necessary.

Storing Passwords

Please note that we do not store your password in plain text. It is encrypted and so we are unable to see what your password is. We can process a request to re-set your password if you have forgotten it.

PART 4 – IF YOU WOULD JUST LIKE TO RECEIVE OUR NEWSLETTERS

What personal data do we need?

We only need to collect an email address from you.

How do we get your personal data?

We gather your personal data directly from you when you sign up to receive marketing information from us, which includes our newsletters and other interesting information from My Expert Midwife.

Why we need your personal data and the legal basis we rely on for the processing

We need your personal data to be able to send you marketing information by email.

The legal basis we rely on is:

Consent (GDPR Article 6(1)(a)

By submitting your contact details to receive marketing from us you have given your consent for us to use your personal data for this purpose.

You always have the right to withdraw your consent to receive marketing, you can do this by clicking the “unsubscribe” link in the marketing email you receive.

Who do we share your personal data with?

Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.

We use Omnisend to distribute our newsletters and marketing information.

How long do we keep your personal data?

We only keep your personal data for as long as is necessary.

Marketing contact details are held for as long as you want to remain on our marketing contact list.

Promotional offers from us

We may use your Identity, Contact, Transaction, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

If you are not an existing customer of ours, but you wish to obtain our weekly newsletter, you must sign up to receive these e-mail updates.

If you have an account with us or you have purchased products from us, you will receive marketing communications from us if you have not opted out of receiving that marketing.

Where you opt out of receiving these marketing messages, we will continue to hold your personal data provided to us as a result of a product purchase, warranty registration, product experience or other transactions.

Protecting your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.  If you have any questions about security of our website, please contact us at advice@myexpertmidwife.com

PART 5 – OUR STOCKISTS

What personal data do we need?

For us to supply you with the products that you have ordered from us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business.  The personal data we are likely to need is;

  • Your business name;
  • The name (first and last name) of the person who we are liaising with at your business (in some cases this may be several staff members details);
  • Business postal address;
  • Business email address;
  • Business telephone number;
  • Business mobile number;
  • Bank details to enable payment to be made;

Any other information you feel is relevant for the purposes of the processing.  We do not collect any of the special categories of personal data.

How do we get your personal data?

We obtain your data directly from you when you place an order or make an enquiry about our products and services. We gather the relevant information from you to enable us to process payment to you for those services and goods.

We may also obtain some data, such as your business name and contact details, indirectly from publicly available sources or recommendations from 3rd parties.

Why we need your personal data and the legal basis we rely on for the processing

We need your personal data to complete your order and send you your goods. We will also use your personal data to send you an invoice or to raise any queries about the order.

The legal basis we rely on is:

Contractual obligation (GDPR Article 6(1)(b))

The order that you have placed with us is done so under contract or with a view to entering into a contract (i.e. you have asked us to send you products in exchange for payment)

We require certain information from you to enable us to fulfil our part of the pre-contractual and contractual obligations, e.g. we need to have certain information to process your order and send you your products. If you are not able to provide all the necessary information for us to do this, we will not be able process your order.

Who do we share your personal data with?

Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.

Our Accountant will see personal data relating to stockist and any payments we make.

How long do we keep your personal data?

We only keep your personal data for as long as is necessary.

We keep all financial data (which includes supplier information) for 6 years from end of the financial year it relates to.

 PART 6 – OUR SUPPLIERS

What personal data do we need?

For us to pay you for the service or goods you have provided to us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business. The personal data we are likely to need is;

  • Your business name;
  • The name (first and last name) of the person who we are liaising with at your business (in some cases this may be several staff members details);
  • Business postal address;
  • Business email address;
  • Business telephone number;
  • Business mobile number;
  • Bank details to enable payment to be made;

Any other information you feel is relevant for the purposes of the processing.

We do not collect any of the special categories of personal data.

How do we get your personal data?

We obtain your data directly when we start to use your services or have purchased goods from you. We gather the relevant information from you to enable us to process payment to you for those services and goods.

We also obtain some data, such as your business name and contact details, indirectly from publicly available sources or recommendations from 3rd parties to enable us to contact you to enquire about the services and goods you provide prior to us making a purchase.

Why we need your personal data and the legal basis we rely on for the processing. We need your personal data to either enquire about the services or goods you provide that we may be interested in purchasing or to make a purchase. We then use your personal data to pay for those goods and services when you invoice us or to raise any queries about the payment.

The legal basis we rely on are:

Contractual obligation (GDPR Article 6(1)(b))

The services or goods you have provided to us are done so under contract or with a view to entering into a contract (i.e. we have asked you for a quote for the goods or to undertake the service for us).

We require certain information from you to enable us to fulfil our part of the pre-contractual and contractual obligations, e.g. we need to have certain information to make the purchase and to process payment. If you are not able to provide all the necessary information for us to do this, we will not be able to purchase the goods or services you provide or be able to make payment once purchased.

Legal obligation (GDPR Article 6(1)(c))

We have a legal obligation to pay for any services or goods we have purchased.

Who do we share your personal data with?

Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.

Our Accountant will see personal data relating to suppliers and any payments we make.

How long do we keep your personal data?

We only keep your personal data for as long as is necessary.

We keep all financial data (which includes supplier information) for 6 years from end of the financial year it relates to.