Marie Stopes UK values and respects the trust you put in us when you choose to share your private information. Read this Privacy Notice to find out more about how we keep your information safe and private.
About the Privacy Notice
This Privacy Notice is intended for anyone using the mariestopes.org.uk website and anyone who chooses to donate to us or contact us through this website, including clients
This notice tells you about the information we, Marie Stopes UK, collect and hold about you. It explains what we do with the information, how we will look after it and who we might share it with.
This notice complies with the EU General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Marie Stopes UK is the data controller. It means that if this notice applies to your information, it is our responsibility to protect it.
What information do we collect?
Depending on what information you choose to share or what information we are legally required or authorised to collect, we may collect the following:
- Name, address, telephone number, email
- Your next of kin details
- Date of birth, ethnicity, marital status, the language that you speak
- Your sexual and reproductive health records, including laboratory test results and scans.
- Details about health conditions that may affect treatment
- Details about physical or mental health. This is so we can make sure our services are accessible to you.
- Your GP details and NHS Number
- Your lifestyle and circumstances
- Visual images that show personal appearance and behaviour. For example CCTV images that are used as part of our building security and for the prevention of crime.
- IP address, browser type and information about the page you last visited
Where do we collect your information from?
We collect information about you in the following ways:
- When you give it to us directly
You may give us your information when you visit our website, book an appointment with us, submit a contact us form or make a donation. Sometimes when you support us, your information is collected by a third party who processes your donation, but we are responsible for your information at all times.
- When you give it to us indirectly
Your information will be shared with us by independent fundraising sites like BT My Donate and JustTextGiving when you make a donation to us through their site and you consent to your information being shared with us. You should check their Privacy Notice when you provide your information to understand how they will use your information.
We do not buy information about individuals from companies that sell such details, unless individuals specifically have consented.
Why do we collect your information?
- If you have submitted a contact us form, we need your information to contact you.
- If you have made a donation to Marie Stopes UK, we need this information to be able to process your donation (including your gift aid declaration if applicable).
Why do we use your information?
Each time we use any information about you we need to have a lawful basis to do so.
The reasons why we would use information about you are:
- For NHS clients’ medical care: We need to use the information to be able to provide our official and legal services. This lawful basis is known as a “public task”.
- For Private clients’ medical care: We need to use the information to be able to provide our official and legal services that the client has asked to pay for. This lawful basis is known as a “contract”.
- For clients needing an emergency transfer to a hospital: We need to use the information to protect the life of the client. This lawful basis is known as “vital interest”.
- For all clients who are part of anonymised research: We need to keep information that is in the public interest. It can be used for scientific or historical research. This lawful basis is known as “public task”.
- For team members: We need to use the information as part of our team members’ employment contracts.
- We also may need to include team member names in organisational documents. We need to use this information to meet our legal duties as a health care provider. This lawful basis is known as “legal obligation”.
- For internal communication: We need to share information with our teams to be able to provide our services. Sharing information with our teams also helps us to work with other organisations. This lawful basis is known as “legitimate interest”.
- For website visitors: If a person sends personal information on our website, we can use the information if the person gives permission. This lawful basis is known as “consent”.
When the information you give to us is classed as sensitive, it needs more protection than usual. Sensitive information, such as information about your health, is called “special category data’’. We can only use sensitive information if we have two reasons to use it.
The first reason comes from the list above. The second reason to use sensitive information is:
- For medical reasons and to provide health care.
- For public health reasons, for example to stop the spread of disease or infection.
- To keep information for statistics, for scientific or historical research, or for public interest. This is always balanced with your right to data protection.
How do we keep your information safe?
Any information we hold about you is kept secure through appropriate technical controls and systems. Our website is hosted by secure servers located within the European Economic Area. The information you choose to share with us through our website is also encrypted.
We ensure your information is only accessible to trained team members and contractors responsible for looking after it. Your information will only ever be read or used on encrypted hardware and reliable software.
Who sees your information?
Select Marie Stopes team members will have access to your information to carry out their job, to assist in the delivery of healthcare treatment, and team members who reply to contact us form submissions.
We may also engage with external organisations to process information on our behalf such as our professional file archiving and laboratory partners. We will always ensure that our contract with them sets out our expectations and requirements as to how they should handle your information. Where possible we will keep the sharing of your information to a minimum.
We may have to disclose your details, where required by the law, to the police, regulatory bodies or legal advisors.
We will never sell your information to third parties.
How long will we keep your information for?
We only keep information about you for as long as we need to. We are required to retain all of our health care records for a minimum period of time for legal and safety reasons. The length of time depends on the type of record. We keep all abortion records for 30 years and all vasectomy records for 10 years. For more information about our records management and retention, please see the Records Management Code of Practice for Health and Social Care 2016.
Your rights and control over your information
Information we collect and use about you is always within your control. This means that you have rights over this information and you may be able to request the following:
- Information about how we handle your information
- Access to the information we hold about you
- Your information to be amended or updated
- To object to the use of your information
- To restrict the ways in which we use your information
In some cases your information can be deleted or deactivated, however, the right to erasure does not apply if processing is necessary for the purposes and for the provision of health or social care; or for the management of health or social care systems or services.
Can I request my information?
As a client you can request access to, or copies of your health record(s), this includes scans or personal data we hold as part of your records. The right of access, commonly referred to as 'Subject Access', gives individuals the right to obtain a copy of their personal data as well as other supplementary information.
If you would like to find out more information about your rights, please email firstname.lastname@example.org
If you would like to make a complaint, please email email@example.com
You also have a right to submit a complaint to the Information Commissioner’s Office in the UK. Our ICO number is Z5517462.
We do all that we can to protect your information
Marie Stopes UK is accredited with the Cyber Essentials certificate. Cyber Essentials is a Government-backed scheme which protects organisations against cyber threats. This accreditation recognises our ability to resist and react to cyber-crime attempts, and acknowledges our commitment to protecting your personal information.
How to contact us
If you have any questions about our Privacy Notice, you can contact us by email: firstname.lastname@example.org, telephone: 0345 300 8090, or by post:
Marie Stopes UK
1 Conway Street
Changes to this notice
We will keep this notice under regular review and will publish any updates on this page. This Privacy Notice was last updated on 24 May 2018.