This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting Talk to Mums, you are accepting and consenting to the practices described in this policy.
On 25 May 2018, most processing of personal data by organisations will have to comply with the General Data Protection Regulation.
Talk to Mums adheres to the latest guidance from the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
In line with the ICO’s recommendations, Talk to Mums has taken the 12 steps to ensure GDPR compliance in advance of the start date.
In addition, we have fulfilled the obligations below.
Documentation of processing activities – requirements
- If we are a controller for the personal data we process, we document all the applicable information under Article 30(1) of the GDPR.
- If we are a processor for the personal data we process, we document all the applicable information under Article 30(2) of the GDPR.
If we process special category or criminal conviction and offence data, we document:
- the condition for processing we rely on in the Data Protection Bill;
- the lawful basis for our processing; and
- whether we retain and erase the personal data in accordance with our policy document.
- We document our processing activities in writing.
- We document our processing activities in a granular way with meaningful links between the different pieces of information.
- We conduct regular reviews of the personal data we process and update our documentation accordingly.
Documentation of processing activities – best practice
When preparing to document our processing activities we:
- do information audits to find out what personal data our organisation holds;
- distribute questionnaires and talk to staff across the organisation to get a more complete picture of our processing activities; and
- review our policies, procedures, contracts and agreements to address areas such as retention, security and data sharing.
As part of our record of processing activities we document, or link to documentation, on:
- information required for privacy notices;
- records of consent;
- controller-processor contracts;
- the location of personal data;
- Data Protection Impact Assessment reports; and
- records of personal data breaches.
- We document our processing activities in electronic form so we can add, remove and amend information easily.
Information we may collect from you
You may give us information about you by filling in forms on our website or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to our service, participate in discussion boards or other social media functions on our site. It also includes when you enter a promotion or survey, during the course of any other activity commonly carried out on our site and when you report a problem with our site. The information you give us may include (but not be limited to) your name, address, email address and phone number, personal description, job history, qualifications and photographs.
With regards to each of your visits to our site we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plugin types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers). We also collect information on the methods used to browse away from the page and any phone number used to call our customer service number.
Information we collect from you will be used in the following ways:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
Where we store your personal data
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at Talk to Mums. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.
Talk to Mums takes GDPR incredibly seriously. To discuss our policy further, please email firstname.lastname@example.org.
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)