This privacy notice provides you with details of how we collect and process your personal data.
Cheshire Infant Feeding and Baby Support (CIFBS) is owned by Amanda Brooks IBCLC, who is the data controller registered with the Information Commissioners Office.
IBCLCs Practice is in accordance with the defined Scope of Practice found here.
Jennifer Johnson is a registered midwife (RM) and tongue tie practitioner, and is required by the Nursing and Midwifery Council’s Code of Conduct to respect people’s right to privacy and confidentiality. Protecting your privacy is fundamental to her practice.
CIFBS may also provide other treatments, about which our staff will be pleased to provide more details.
Our contact details
Name: Amanda Brooks
Phone Number: 07904956293
During our contacts by phone, text, messenger, email, via the contact page on our website, via social media and face to face we will collect and record personal information about you and your baby.
This may include;
Personal identifiers, contacts and characteristics (e.g name and contact details)
Detailed personal information, including that of a medical nature, for the purposes of providing treatment. We will only collect what is relevant and necessary to provide the service requested.
During the booking process or visit, we will make notes which may include details concerning medication, treatment and other issues affecting the health of you and your baby. This information may also be collected via any correspondence you have with us via email, phone, social media or letter.
We may use your contact information to contact you at a later date for the purposes of follow up, audit and research.
CIFBS will only collect the information needed so that we can provide you with the services you require, we never sell or broker your data.
To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow CIFBS to document and process your personal and medical data. You will be required to sign a consent form.
Contact details provided by you such as telephone numbers, email addresses and postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment or to assess your satisfaction with the service we provided.
Whilst we take steps to ensure your information is secure communications by text, email, messenger, social media and our website may not be secure so keep this in mind when using these methods.
DISCLOSURES OF YOUR PERSONAL DATA
We will not share your personal/medical data with any third parties except in the following situations:
Should we have a concern about the safety of your child then we have a legal and professional obligation to share relevant information with the relevant agencies and in this case your consent is not required.
We will write to your GP to inform them that your baby has had a tongue-tie division, the function and appearance scores, the reason for division and a very brief summary of any care plan put in place. This is so it can be recorded in your baby’s GP records and to ensure other professionals involved in the care of your baby are informed to promote safe and effective care.
With your consent we may contact your midwife, GP, HV or other healthcare professionals involved in your care and share relevant information to enhance the care of you and your baby.
Anonymised data may be used and shared for the purpose of internal and external audits/research/training.
In the event of a complaint or claim relevant information will be shared, with your consent, with our indemnity provider and legal team.
Photographs may be used to form part of our consultation record, for educational and publicity purposes but only with your consent.
Transaction and financial data may be shared with our accountant, bank, card payment machine provider and with HMRC in certain circumstances
We require all third parties we work with (for example the clinics we use) to respect the security of your personal data and to treat it in accordance with the law.
We use SumUp to process face to face card payments and invoicing. This is what they say about cardholder data security in their privacy notice (https://sumup.co.uk/privacy/).
SumUp is responsible for the security of cardholder data which is processed, transmitted and stored within our systems. To this end, SumUp is certified as compliant under the Payment Card Industry Data Security Standard (PCI-DSS). SumUp applies best industry practice to safeguard this sensitive data and to ensure that it operates in line with these requirements, and to this end SumUp undergoes annual audits to ensure that we continue to meet this high standard.
All Data is held in the United Kingdom. IFS does not store personal data outside the EEA.
Records are stored on electronic devices which are password protected and have security software installed. Long term storage is on encrypted memory sticks kept securely.
We have put in place what we believe are appropriate security measures to prevent your personal and medical data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
This data is always held securely and is not shared with anyone not involved in your treatment and agents acting on our behalf (for example administrative and support staff).
In the event of a personal data breach we will notify you and any applicable regulator of the breach where we are legally required to do so.
CIFBS will process personal data during the duration of any treatment and will continue to store only the personal data needed, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Medical records on children have to be kept for 25 years.
- We have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
Through agreeing to this privacy notice you are consenting to CIFBS processing your personal data for the purposes outlined. You can withdraw consent at any time by using the email address or telephone number provided at the top of this Privacy Notice.
Your rights as a data subject
At any point whilst CIFBS are in possession of, or processing your personal data, all data subjects have the following rights:
GDPR provides the following rights for individuals:
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To access what personal data is held, identification will be required to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113 or email: https://ico.org.uk/global/contact-us/email/I