RCM Information Services Limited (11914882) incorporating ‘MIDIRS’ and the ‘Midwives Information and Resource Service’, is part of the RCM Trust (Registered Charity No: 275261 (England and Wales) Registered Charity No: SC039694 (Scotland).
We are also registered with the Information Commissioner’s Office (ICO) as a data controller1 and have a legal duty to protect the personal information2 that we collect and use.
Keeping your personal information safe is very important to us and we are committed to complying with privacy and data protection laws and being transparent about what we are doing.
Please contact firstname.lastname@example.org with questions about this policy or your data protection rights. You can also request a copy or more detail about the personal information we hold on you.
You also have the right to contact the Information Commissioner’s Office (ICO) if you have any concerns about data protection on 0303 123 1113 or at www.ico.org.uk.
This policy explains what information we might collect from or about you, how we look after your personal information and what we do with it.
The policy applies to our use of personal information about our subscribers, supporters, service users and people who work for us. We take the responsibility to look after your personal information very seriously.
The personal information that we collect
We collect information about our subscribers, stakeholders, service users, and staff. This sometimes includes:
- a name
- contact details
- role and relationship with us
- date of birth
- education level (for statistical purposes)
- reasons for coming to us and personal stories
- anything that’s ordered, bought or borrowed from us
- bank account and credit card details.
How we collect personal information
Most of the personal information that we hold is given to us directly by our subscribers, service users and staff when interacting with our services and/or website. We collect personal information from people when they:
- Become a subscriber
- Apply for a job or to work with us
- Purchase our services and products
- Complete our surveys
- Make a donation
- Participate in our research projects
How we use personal information
We use the personal information that we collect to:
- Provide people with the services, products or information that they ask for
- Manage subscription payments, and other financial transactions
- Keep a record of our relationships with subscribers, stakeholders, service users and staff
- Keep records relating to any feedback or complaints
- Manage subscribers’ communication and marketing preferences3
- Provide people with information about us and our work, including promotional campaigns, product updates and news relating to events MIDIRS may be attending. We will do this when people have agreed to this or when we have a legitimate interest in raising awareness of our work
- Tailor online advertising according to someone’s interests, preferences and other characteristics
- Direct advertisements and other communications to people who might have similar interests or other characteristics to our subscribers.
- Invite people to participate in surveys and research
- Undertake research and equal opportunities monitoring
- Report on the services we have been commissioned to provide including aggregated personal data
We might not use your personal information for all of these purposes – it will depend on our relationship with you, and how you interact with our services, website, and activities.
We might analyse (or use outside services to analyse) our subscribers’ personal information so that we can better understand the needs of maternity health care professionals, student midwives and allied health professionals. This could involve carrying out research on the number and characteristics of subscribers who live in particular areas, their information resource preferences and what they do within the field of maternity care.
This helps us to get a better understanding of and create profiles of interests and preferences. With this information, we can develop and improve our services, and the way we promote them. We can also better focus our communications and marketing, contacting people with information that is relevant to them.
Our lawful basis for processing
We need a lawful basis to collect and use your personal information.
Our lawful basis for the purposes that we process personal information is consent, for the performance of a contract, or for the legitimate interests of MIDIRS (and where we are confident that the processing will not infringe on your rights and freedom).
Usually we will only process sensitive personal data4 if we have the explicit consent of those concerned. In extreme situations, we might share your personal details with the emergency services if we believe it is in your ‘vital interests’ to do so. For example, if someone is taken ill during an event they might be attending. We may also share your personal information if the law says we have to.
We will ask for your consent to send you marketing emails. You can withdraw consent for this at any time. There are times when it is just not practical to ask a person for consent. In many situations, the best approach for MIDIRS and its subscribers and service users is to process personal data because of our legitimate interests, rather than consent.
The law allows personal data to be legally collected and used if it is necessary for a legitimate business interest of the organisation, as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned. We process employee personal information to meet our legal obligations as an employer.
Sharing and processing personal information
We will never sell personal information.
Sometimes we need to use outside organisations to process personal information for us, for example our mailing house which distributes our quarterly journal, MIDIRS Midwifery Digest to subscribers. In these situations we put in place a contract to ensure that the personal information that we provide to them is properly protected and treated in accordance with the requirements of data protection legislation.
We might share some information with social media providers to help us ensure our posts reach individuals who are likely to be interested in them. This is to help us achieve our mission ‘To be the leading international information resource relating to childbirth and infancy, disseminating this information as widely as possible to assist in the improvement of maternity care’.
We do not pass on data to other organisations unless required by law or with your specific permission.
How long do we hold onto your personal information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity.
In some circumstances, we might legally be required to retain your personal information for audit purposes. The table below outlines our retention periods for different kinds of personal information.
|Basic information about our subscribers, service users, and employees (including Contact, Identity, Financial and Transaction Data)||Six years plus current year for tax purposes|
|Informal case notes||6 months after our last planned contact|
|Equipment hire records||Up to 21 years after hire ceases|
|Job applications and interview records of unsuccessful candidates||6 months after notifying unsuccessful candidates|
|Employee and training records||While employment continues and up to six years after employment ceases|
|Any reportable accident, death or injury in connection with work||For at least three years from the date the report was made|
|Google user and event data||26 months for cookies, user identifiers, or advertising identifiers|
Your data protection rights
We respect the privacy of our subscribers, and service users, and their right to decide how and if we can contact them. You are able to choose how you want to hear from us.
We will not contact you if you ask us not to, unless we need to legally or administratively – for instance, to follow up on a subscription enquiry or provide details about the subscription you have chosen.
Anyone can tell us about changes to the personal information we hold about them by contacting our Customer Services Team on (+44) 0117 370 6799. We will then update our records as appropriate. You can also:
- Request a copy of, or more detail about, the personal information that we hold and how we use it by emailing email@example.com
- Change the ways in which we communicate with you
- Withdraw consent for how we use your information
- Ask us to delete information which we have no valid reason for keeping
- Request us to stop processing personal information
- Object, on grounds relating to your specific situation, to any of our particular processing activities where you feel this has a disproportionate impact on you.
Cookies are small data files which are stored on your computer when you use a website. Cookies make using a website much easier because they remember your personal settings such as your username and password, what’s in your shopping cart, what you just searched for, etc. This way, you don’t need to re-enter information on the site.
The cookies on our website do not allow us to identify you personally. They allow us to see the trends in how people use our site so we can make improvements and adjustments to help improve your overall experience of visiting our website.
The cookies on MIDIRS website enable the three following features:
- i) Storing information when you’re logged in
The cookies which store information during your visit essentially enable you to log in with your username and password
- ii) Social media and sharing tools
iii) Website trends
Controlling and deleting cookies on your computer
All web browsers allow you to manage which cookies you accept, reject and delete. Learn more about types of cookies at www.whatarecookies.com, and about individual browser settings at www.aboutcookies.org.
If you set your browser to not accept cookies from MIDIRS website, some sections will not work properly, such as logging into the MIDIRS Reference Database.
- A controller is an organisation which determines the purposes for which and the manner in which personal data is processed.
- Personal information includes personal and sensitive personal data. It is information, facts or opinion, which identifies a living individual.
- Also regulated by the ICO under its Guide to Privacy and Electronic Communications Regulations.
- Personal information relating to someone’s race or ethnicity, political opinions, trade union membership, health, religion, sex life, criminal proceedings or convictions.