This document describes the personal data that AIMS keeps about its members, donors, and other contacts:
All personal information is obtained directly from individuals. This includes AIMS members, donors, customers, contractors, employees and those who have requested to be put on our mailings list.
AIMS does not record any personal information from any third parties.
AIMS does not share or sell any information about its past or present members or contacts with any third parties.
We record and keep members’ contact details so that we can manage their membership and meet our obligations to provide them with information about the AGM and other members’ meetings.
We also use their email addresses to send them newsletters, notifications about AIMS events, fundraising, Journals and other publications, and opportunities to get involved with AIMS volunteering, campaigning and other activities, as well as to inform them about maternity services issues, research studies and campaigns that may be of interest.
This information is kept as a ‘Legitimate Interest’ under the terms of the GDPR legislation because:
We need to be able to contact members about matters concerning their membership such as renewals, and to inform them of the AGM and other members' meetings.
We need members’ email contact details in order to keep them informed of what the charity is doing, including events, campaigns, local activities, publications etc., as well as to offer them opportunities to get involved with AIMS work on an occasional basis or to help fundraise for AIMS. Members can choose to opt out of these mailings if they wish.
The members’ personal information we keep consists of the following:
If an individual has not renewed their membership, they will be classified as a lapsed member. Their personal details will be kept on the membership database for a maximum of 12 months from their last renewal date. If they do not re-join in this time they will be treated as ex-members (see below).
If an individual has informed us that they are not renewing their membership, or if their membership has not been renewed for over 12 months, they will be classified as an ex-member. We will retain the information below for archive purposes but remove all contact details from our database.
In addition to the information we hold on them as members, those who wish to Volunteer with AIMS are asked to provide information about their qualifications, skills, experience and interests. AIMS has a ‘Legitimate Interest’ in storing this information as we need it to enable us to identify roles or tasks which may be of interest to a Volunteer.
We also hold contact details for people who are not members but have asked to be kept informed about AIMS activities, and about maternity services issues and campaigns that may be of interest. This information is kept with the individual’s “Consent” under the terms of the GDPR because:
The information we keep for these people consists of:
Applicants for paid or unpaid roles with AIMS may supply us with personal information as part of their application. This information is used purely for the purpose of recruitment, or in the case of successful applicants for paid roles, for HR and employment purposes. Details of unsuccessful applicants will be destroyed once the appointment is complete.
AIMS holds information on its paid employees to enable us to manage their employment. This includes:
AIMS sometimes employs individuals as contractors. We need to hold thir contact information in order to liaise with them about their current work or new opportunities to do work for the charity., and bank account details on their invoices to enable payment to be made. The information we hold on contractors may include some or all of:
We keep records of all the income that we have received and payments we have made. Income includes membership subscriptions, donations and payments from AIMS shop customers or those booking tickets for AIMS events. Payments include Volunteers' expenses, employees' salaries and expenses, and payments to suppliers or contractors.
We need to keep this information, which may include personal information and bank account details, so that we have a proper record of all the charity’s income and expenditure. This is kept for contractual and audit reasons and is a Legitimate Interest under the terms of GDPR because:
Volunteers who wish to claim expenses incurred for their AIMS volunteering work provide us with this information as part of their expense claim to enable payment to be made.
Individuals can request a copy of the Personal Information that AIMS holds on them, ask for this information to be amended or for it to be deleted by emailing datacontroller@aims.org.uk.
All membership data is stored in a secure database with access limited to a small number of volunteers. All access to the membership database is through individual accounts of authorised users and all accounts are protected by passwords. All use of the membership database is logged, including the timestamp of the interaction, the user account used and any queries or actions carried out. The system administrator is automatically notified by email of any anomalous events or errors in the membership database system. All those with access to the membership database receive training in their responsibilities as Data Processors under the GDPR.
Completed Volunteer application forms are stored securely by the Office Manager. In addition, Volunteers’ contact details are shared with all active Volunteers to enable them to contact each other for purposes relating to their AIMS volunteering work. This information is stored in documents on the AIMS Google Drive. Access to this drive is limited to active AIMS Volunteers who received training and signed an undertaking to abide by the AIMS privacy policy and their responsibilities as data processors under the GDPR legislation. Access is removed from anyone who ceases to be an active Volunteer.
We use MailChimp as our emailing platform. Mailchimp’s servers are based in the USA, but they state that they have implemented “strong privacy protections that mean we’re handling your contacts’ data appropriately and in line with EU legal requirements.” Individuals are asked when they give permission for AIMS to contact them by email to acknowledge that the information they provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.
Access to the Mailchimp members' and subscribers' mailing lists is restricted to a small number of volunteers and access is protected with 2-factor authentication (password and SMS codes.)
Expense claim forms and invoices are stored in electronic format in a Dropbox to which only members of the Finance team have access. These are retained to provide an audit trail.
Payments and donations are processed through PayPal, Stripe, Linnworks and BT MyDonate. These companies have all published their own privacy policies confirming that their data processing meets EU standards.
AIMS receives downloads of data from these companies when people make payments or donations, and these include email and postal addresses as well as some payment information. AIMS retains only the minimum information on these transactions that are required for legitimate purposes such as accounting and reporting to the Charity Commissioners. Other information in these records such as postal addresses and any payment information is deleted immediately on receipt of the download.
Note specifically that AIMS does not hold any details of any donor’s or customer’s bank or credit/debit card or any other accounts. Card details of members who pay their annual membership through the website are held in encrypted form in a database, access to which is through individual accounts of authorised users and all accounts are protected by passwords.
The AIMS helpline is a confidential information and support service provided by a small group of volunteers (the Helpline Group). This document describes the personal data that AIMS keeps about people who contact the helpline:
AIMS records the personal information of enquirers to the helpline in the form of emails and voicemails as a “Legitimate Interest” under the terms of the GDPR because
AIMS also records personal information including details of the enquiry and our response(s) to it in a database with consent because
If you prefer for us not to record your personal details in the database we will record details of your enquiry and our response(s) in anonymised form to enable us to use this information for research, quality assurance and training purposes.
The information can roughly be grouped into two areas:
Firstly, there is the direct personal information about the person making the enquiry. This makes it simple to maintain the context of an ongoing enquiry across possibly several helpline volunteers. It also helps if the same person contacts AIMS again with a subsequent enquiry which could be years later. This information may include some or all of the following:
Secondly, there is the less-direct information about the enquiry itself. The Helpline database keeps the text of the email enquiries and responses, and notes about conversations etc with the enquirer and with possibly multiple AIMS helpline volunteers, and there may be personal information such as names, dates and locations included in those notes and messages.
AIMS helpline volunteers work from home so all may have copies of emails and other communications in their personal electronic devices and similarly online including online email and messaging accounts.
You can check what information we have on you in the database or ask us to delete your personal data from it by emailing datacontroller@aims.org.uk If you ask us to delete your personal information we will retain your records in anonymised form.
All personal information is obtained directly from individuals who call or email the AIMS helpline.
AIMS does not record any personal information from any third parties.
AIMS does not share or sell any information about the people who make helpline enquiries with any third parties.
If you speak to a helpline volunteer by phone you do not need to tell them your name or contact details unless you wish to do so. However, the volunteer may ask for these details for the purposes described above.
If you leave a voicemail, an email which includes your phone number and a recording of your message will be sent to all our helpline volunteers, so that one of them can call you back as soon as possible. Similarly, if you email helpline@aims.org.uk your email address and message will be seen by all our helpline volunteers so that we can respond to you as soon and as fully as possible.
We take your confidentiality very seriously and we will not share your personal information or the details of what you tell us with anyone outside the Helpline Group without your permission.
Occasionally we may ask your permission to share your personal information with another organisation, for example to find additional information or sources of support for you.
The only exception to this would be in the very rare situation where there is a safeguarding issue. In this case if we have information that identifies the enquirer and their location we might tell someone else in order to get help for them. This might be that an enquirer is at risk of harm and unable to help themselves (for example, if they have a medical condition which is worsening), or that they’ve told us that they or a child is at risk of being hurt by someone else. We would never do this without telling the person concerned what we were doing.
All helpline data is stored in a secure database with access limited to a small number of volunteers. All access to the helpline database is through individual accounts of authorised users and all accounts are protected by passwords.
All use of the helpline database is logged, including the timestamp of the interaction, the user account used, and any queries or actions carried out.
The system administrator is automatically notified by email of any anomalous events or errors in the helpline database system.
Helpline volunteers receive training in their responsibilities as Data Processors under the GDPR, and have signed an undertaking which requires them to:
You can ask us at any time to delete all helpline emails to and from your email address by emailing helpline@aims.org.uk .
Updated May 2018