AIMS Data Protection and Privacy policy

Introduction

This document describes the personal data that AIMS keeps about its members, donors, and other contacts:

  • What information and why we keep it,
  • Where we get the information,
  • What we do with it,
  • How we protect that data

What Information we keep and why we keep it

About our members

We record and keep members’ contact details so that we can manage their membership and provide them with information about what we are doing as a charity as well as newsletters, notification of meetings, invitations to special events, etc.. This information is kept as a ‘Legitimate Interest’ under the terms of the GDPR legislation because:

  • We need to be able to contact members about matters concerning their membership, such as renewals
  • Without members’ contact details we cannot keep the members informed of what the charity is doing, including events, campaigns, local activities etc.

Financial information

We keep records of all the payments that we have received from members (usually membership subscriptions), donors and AIMS shop customers so that we have a proper audit trail of all the charity’s income. This is kept for contractual reasons and is a Legitimate Interest under the terms of GDPR because:

  • AIMS needs to prepare proper accounts for the Charity Commission and other regulatory bodies
  • AIMS needs to maintain an audit trail, including the data HMRC requires us to keep for all gift aid claims
  • AIMS must be able to answer queries from members about their past membership payment history, including investigation of claims of overpayment and accidental double payment
  • AIMS needs to be able to manage the fulfilment of purchases from the AIMS shop. (Note that contact details of purchasers are used only for matters relating to their purchase.)

Thirdly, we hold contact details for people who are not members who have asked to be kept informed about AIMS talks and other events. This information is kept with the individual’s “Consent” under the terms of the GDPR because:

  • The individual has asked us to keep them informed about talks and other events.

Members’ Personal Information

First name, last name and title

  • Organisation (optional)
  • Date joined
  • Renewal status and next renewal date
  • Postal address
  • Telephone number(s)
  • Email address
  • GiftAid declaration with date
  • Past payment history for each member:
    • Date
    • Amount
    • Purpose (memberships subscription, donation)
    • Method
    • GiftAid claimed or not

Lapsed and ex-Members

If an individual has not renewed their membership, they will be classified as a lapsed member. Their personal details will be kept on the membership database for a maximum of 12 months from their last renewal date. If they do not re-join in this time they will be treated as ex-members (see below).

If an individual has informed us that they are not renewing their membership, or if their membership has not been renewed for over 12 months, they will be classified as an ex-member. We will retain the information below for archive purposes but remove all contact details from our database.

  • First name, last name and title
  • Date joined
  • Date left/membership lapsed

Donors’ Personal Information

  • First name, last name and title
  • House name or number
  • Postcode
  • Date of donation
  • Amount given
  • GiftAid declaration and date

Talks Contacts’ Personal Information

  • First name, last name and title
  • Email address
  • Date joined list

Customers’ Personal Information

  • Name
  • Postal address
  • Date paid
  • Amount paid
  • Email address

Where We Get Personal Information

All personal information is obtained directly from AIMS members, donors, customers and those who have requested to be put on the Talks contacts list.

AIMS does not record any personal information from any third parties.

AIMS does not share or sell any information about its past or present members or contacts with any third parties.

Data Protection

All membership data is stored in a secure database with access limited to a small number of volunteers. All access to the membership database is through individual accounts of authorised users and all accounts are protected by passwords.

All use of the membership database is logged, including the timestamp of the interaction, the user account used and any queries or actions carried out.

The system administrator is automatically notified by email of any anomalous events or errors in the membership database system.
All those with access to the membership database receive training in their responsibilities as Data Processors under the GDPR.

Individuals can request a copy of the Personal Information that AIMS holds on them, ask for this information to be amended or for it to be deleted by emailing datacontroller@aims.org.uk.

Emailing platform

We use MailChimp as our emailing platform. Mailchimp’s servers are based in the USA, but they state that they have implemented “strong privacy protections that mean we’re handling your contacts’ data appropriately and in line with EU legal requirements.” Individuals are asked when they give permission for AIMS to contact them by email to acknowledge that the information they provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

Access to the Mailchimp mailing lists is restricted to a small number of volunteers and access is protected with 2-factor authentication (password and SMS codes.)

Financial information

Payments and donations are processed through PayPal, Stripe, Linnworks and BT MyDonate. These companies have all published their own privacy policies confirming that their data processing meets EU standards.

AIMS receives downloads of data from these companies when people make payments or donations, and these include email and postal addresses as well as some payment information. AIMS retains only the minimum information on these transactions that are required for legitimate purposes such as accounting and reporting to the Charity Commissioners. Other information in these records such as postal addresses and any payment information is deleted immediately on receipt of the download.

Note specifically that AIMS does not hold any details of any donor’s or customer’s bank or credit/debit card or any other accounts. Card details of members who pay their annual membership through the website are held in encrypted form in a database, access to which is through individual accounts of authorised users and all accounts are protected by passwords.

AIMS Helpline: Data Protection and Privacy Policy

Introduction

The AIMS helpline is a confidential information and support service provided by a small group of volunteers (the Helpline Group). This document describes the personal data that AIMS keeps about people who contact the helpline:

  • What information we hold and why we keep it,
  • Where we get the information,
  • What we do with it,
  • How we protect that data

What Information we keep and why we keep it

AIMS records the personal information of enquirers to the helpline in the form of emails and voicemails as a “Legitimate Interest” under the terms of the GDPR because

  • Without contact details we would not be able to provide enquirers with the information and support that they have requested.

AIMS also records personal information including details of the enquiry and our response(s) to it in a database with consent because

  • It may help us to respond more effectively to any future enquiries you make
  • It enables us to contact you to seek your views to inform our campaigns.

If you prefer for us not to record your personal details in the database we will record details of your enquiry and our response(s) in anonymised form to enable us to use this information for research, quality assurance and training purposes.

The information can roughly be grouped into two areas:

Firstly, there is the direct personal information about the person making the enquiry. This makes it simple to maintain the context of an ongoing enquiry across possibly several helpline volunteers. It also helps if the same person contacts AIMS again with a subsequent enquiry which could be years later. This information may include some or all of the following:

  • First name, last name, familiar name or nickname, and title
  • Telephone number(s)
  • Email address

Secondly, there is the less-direct information about the enquiry itself. The Helpline database keeps the text of the email enquiries and responses, and notes about conversations etc with the enquirer and with possibly multiple AIMS helpline volunteers, and there may be personal information such as names, dates and locations included in those notes and messages.

AIMS helpline volunteers work from home so all may have copies of emails and other communications in their personal electronic devices and similarly online including online email and messaging accounts.

You can check what information we have on you in the database or ask us to delete your personal data from it by emailing datacontroller@aims.org.uk If you ask us to delete your personal information we will retain your records in anonymised form.

Where we get the information

All personal information is obtained directly from individuals who call or email the AIMS helpline.

AIMS does not record any personal information from any third parties.

AIMS does not share or sell any information about the people who make helpline enquiries with any third parties.

If you speak to a helpline volunteer by phone you do not need to tell them your name or contact details unless you wish to do so. However, the volunteer may ask for these details for the purposes described above.

If you leave a voicemail, an email which includes your phone number and a recording of your message will be sent to all our helpline volunteers, so that one of them can call you back as soon as possible. Similarly, if you email helpline@aims.org.uk your email address and message will be seen by all our helpline volunteers so that we can respond to you as soon and as fully as possible.

What we do with your personal information

We take your confidentiality very seriously and we will not share your personal information or the details of what you tell us with anyone outside the Helpline Group without your permission.

Occasionally we may ask your permission to share your personal information with another organisation, for example to find additional information or sources of support for you.

The only exception to this would be in the very rare situation where there is a safeguarding issue. In this case if we have information that identifies the enquirer and their location we might tell someone else in order to get help for them. This might be that an enquirer is at risk of harm and unable to help themselves (for example, if they have a medical condition which is worsening), or that they’ve told us that they or a child is at risk of being hurt by someone else. We would never do this without telling the person concerned what we were doing.

Data Protection

All helpline data is stored in a secure database with access limited to a small number of volunteers. All access to the helpline database is through individual accounts of authorised users and all accounts are protected by passwords.

All use of the helpline database is logged, including the timestamp of the interaction, the user account used, and any queries or actions carried out.

The system administrator is automatically notified by email of any anomalous events or errors in the helpline database system.
Helpline volunteers receive training in their responsibilities as Data Processors under the GDPR, and have signed an undertaking which requires them to:

  • Keep your personal details confidential and not share them with anyone outside the Helpline Group without your permission (other than for safeguarding issues as described above).
  • Ensure that any electronic devices (computers, laptops, tablets, smartphones etc.) on which they receive helpline emails are password protected and not left unattended where anyone else might access them.
  • Delete any emails you send to the helpline group from their electronic devices after a maximum of 6 months (or as soon as you request it), unless we are still actively supporting you, in which case they will be deleted once the support is no longer needed.
  • If they take any written notes during a conversation to destroy these as soon as they have dealt with your query.

You can ask us at any time to delete all helpline emails to and from your email address by emailing helpline@aims.org.uk .

Updated May 2018

Latest Content

Journal

« »

Reviews: Trust your Body, Trust you…

Complete list of book reviews on the AIMS website Trust your Body, Trust your Baby: How learning to listen changes everything Why Mothers' Medication Matters Trust your B…

Read more

Conference Report: Doula UK 2018 Co…

AIMS Journal, Vol 29, No 4 By Jo Dagustun Wow – what another great conference put on by the team at Doula UK! I was keen to get to this annual conference again, having be…

Read more

Babywearing Twins and Multiples: Ho…

AIMS Journal, 2017, Vol 29 No 4 Nicola Lawson shares her knowledge on carrying one - two - three babies! The idea of transporting two babies at once can be daunting, and…

Read more

Events

« »

MBRRACE-UK ‘Saving Lives, Improving…

To register your interest please email conference@npeu.ox.ac.uk or keep an eye on our website https://www.npeu.ox.ac.uk/mbrrace-uk/bookings . Earlybird bookings will open…

Read more

Midwifery Today Conference “Birthin…

17–21 October 2018 Further Details

Read more

AIMS AGM

AIMS AGM 2018 All members welcome! Please email secretary@aims.org.uk if you plan to attend to help us to judge numbers, or if you wish to send apologies 10 for 10.30 sta…

Read more

Latest Campaigns

« »

Press Release: Jeremy Hunt announce…

AIMS is delighted that the Government has recognised the importance to the safety of women and babies of the continuity of carer model of midwifery. Having a midwife that…

Read more

Dr. Ágnes Geréb, Hungarian Midwife…

Dr. Ágnes Geréb is a Hungarian obstetrician and midwife who has been under house arrest following her support for women outside of the obstetric system. March 2018: ENCA…

Read more

"Promoting professionalism, reformi…

AIMS submitted our response to this consultation on the 23 January 2018. A number of regulators, including the Care Quality Commission (CQC), the Professional Standards A…

Read more