Privacy Policy

Essential Parent Privacy Notice

This is the privacy notice of Essential Parent Company Ltd. In this document, “we”, “our”, or “us” refer to [Essential Parent Company Ltd].

We are company number 07535196 registered in the United Kingdom.

Our registered office is at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS.

Introduction

  1. This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
  2. We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
  3. We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
  4. We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
  5. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
  6. The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at knowyourprivacyrights.org
  7. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website. We will not place any advertisements on the interface to our services.
  8. If you have any questions regarding this notice, please email us at [email protected] or write to us at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS – UK Registered in England and Wales No. 7535196
  9. Company status – Private limited Company Incorporated on 18 February 2011.

Definitions

  • Personal Information: means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number.
  • Special Category Information: means personal information about an identified individual that is considered more sensitive and therefore requires greater levels of protection. Special Category information includes things like; Race, Ethnicity & Health data.
  • Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Protection & Privacy

We will comply with current data protection law, which states that the personal information we hold must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

A key part of complying with the law is that we state the lawful basis under which we use personal / special category information. Below we describe the processing that we undertake as a company together with the associated legal basis;

  • Information we process because we have a contractual obligation with you

When you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. To carry out our obligations under that contract we must process the information you give us.

Some of this information may be personal information about you or personal / special category health information about your patients.

We may use it to:

  • verify your identity for security purposes
  • sell products to you
  • provide you / your patients with our services

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

Where we are processing your patient’s health information, you are responsible for obtaining and maintaining all relevant patient consents/authorisations as necessary for you use of our services.

Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

  • Information we process with your consent

Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including job opportunities and our products and services,

Wherever possible, we will obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies. Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.

Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.

We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.

You may withdraw your consent at any time by instructing us at [email protected]

  • Information we process for the purposes of legitimate interests

We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.

Where we process your information on this basis, we do after having considered:

  • whether the same objective could be achieved through other means
  • whether processing (or not processing) might cause you harm
  • whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so

For example, we may process your data on this basis for the purposes of:

  • record-keeping for the proper and necessary administration of our business.
  • responding to unsolicited communication from you to which we believe you would expect a response
  • protecting and asserting the legal rights of any party
  • insuring against or obtaining professional advice that is required to manage business risk
  • protecting your interests where we believe we have a duty to do so

  • Information we process because we have a legal obligation

We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.

For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.

In such circumstances, this may include your personal information.

If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.

If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

Disclosure of your information

We may have to disclose information provided by you with third parties, including:

  • third-party service providers (data “processors” who support our services and only process information on our instructions and subject to specific contractual obligations).
  • other employees within our company insofar as reasonably necessary for the purposes set out in our agreement.
  • All our third-party service providers are required to take appropriate security measures to protect personal information in line with our policies. We only allow our third-party service providers to process provided information in accordance with our instructions and for the specified purposes. We do not allow any third parties to use provided personal data for their own purposes.

Transfers of data outside of the European Economic Area (EEA)

Our website is hosted in the United Kingdom and in the normal provision of services, we do not transfer your information outside of the EEA.

Security

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your provided personal information. All information provided to us is stored on our secure (password and firewall protected) servers. All electronic data associated with transactions you make or in relation to our website will be encrypted.

Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Withdraw consent for processing in any circumstance where you may have provided it for a specific purpose.

If you want to exercise any of your rights listed above, please email [email protected]

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity prior to undertaking such requests. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Internet Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use. We use two types of cookies, “session” and “persistent”;

  • A “session” cookie is temporary and expires after you close your browser. We use this type of cookie to help customise your experience on our site and maintain your signed-on status as you navigate through the site.
  • A “persistent” cookie remains on your computer after you have closed your browser. They remain on your computer until you delete them, or they expire. They do not contain any personal information.

Your web browser should allow you to delete any cookies you choose. It also should allow you to prevent or limit their use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you may not be able to use all the functionality of our website.

Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed into our website.

Retention period for personal data

Except as otherwise mentioned in this privacy notice, we keep your personal information:

  • to provide you with the services you have requested;
  • to comply with other law, including for the period demanded by our tax authorities;
  • to support a claim or defence in court.

We retain and destroy the information we hold in line with the Records Management Code of Practice for Health and Social Care 2016. This provides the retention periods for the categories of data we process, as outlined above.

Compliance with the law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.

However, ultimately it is your choice as to whether you wish to use our website.

How you can complain

If you are not happy with our privacy policy or if have any complaint, then in the first instance you should contact us at [email protected]

If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.

If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/.

Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

Contact

If you have any question regarding our privacy policy, please contact our Data Protection Officer at [email protected]

GDPR Website Privacy Notice

1. Introduction

This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.essentialparent.com

Essential Parent are the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

We have appointed a Data Protection Officer/Data Controller who is in charge of privacy-related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer/Data Controller using the details set out below.

Contact Details

Our full details are:

Full name of legal entity: Essential Parent Limited

Our named Data Protection Officer/Data Controller is Rebecca Chicot

Email address: [email protected]

Postal address: Essential Parent Limited, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS.

As part of GDPR, it’s important that the information we hold about you is accurate and up to date. If you have any changes to your data please let us know by contacting our Data Protection Officer/Data Controller on [email protected]

2. What data we collect and what we do with it

Personal data means any information capable of identifying any living individual or natural person however anonymised data is excluded.

From the data you share on this website we may process the following categories of personal data about you:

• Customer Data this includes data relating to any purchases of goods/services including but not limited to your name, title, billing/delivery address, email address, phone number, contact details, purchase details and your card details.

We will only use this data to provide you with the goods and/or services you have purchased and to keep records of such transactions for our records.

Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

• Communication Data this includes but is not limited to any communication that you send to us through our website, through email, text, social media messaging, social media posting, online chats or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims.

Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

• Technical Data this includes but is not limited to data about your use of our website and online services such as your IP address, any login data, information regarding your choice of browser, length of visits to web pages, your journey through our website, how often you revisit the site time zone settings and other technology on the devices you use to access our website.

The source of this data is from our analytics tracking system, we process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our marketing

Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly maintain our website and help our business and to grow and define a marketing strategy.

• Marketing Data this includes but is not limited to data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this marketing

Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display marketing on platforms including but not limited too Youtube, Instagram, Twitter, Google ads display) and to measure or understand the effectiveness of the marketing you see.

Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).

• User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.

We process this data to operate our website effectively and ensure relevant content is provided to you. Like all companies to ensure the security of our website we maintain backups of our website and/or databases and to enable publication and administration of our website, other online services and business.

Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.

Essential Parent Limited does not collect any Sensitive Data about you. Under the GDPR sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, we have no need to collect this data so don’t.

When we need to collect sensitive data from you we require your explicit consent for processing this information. Therefore when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.

Sometimes we are required to collect personal data by law, or under the terms of the contract between Essential Parent Ltd and you. If you fail to provide us with the information we require we may be forced to cancel the product/service you ordered. If this does happen we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at [email protected]. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

3. How we obtain your data

Often we collect data from you by you providing the data directly to us i.e filling in a contact form on our website or entering a competition. However, we may automatically collect certain data from you as you use our website by using cookies and similar technologies. Please see our cookie policy for more details about this.

We will also receive data about you from 3rd party companies such as Google where we access their analytics platform, and Facebook where we use their display networks, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.

We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

4. Marketing

When we engage in marketing activity our lawful ground of processing your personal data to engage with you using marketing communications is either your consent or our legitimate interests (specifically to grow our business).

Under PECR we may send you information about our company if you made a purchase or asked for information from us about our goods or services or you agreed to receive marketing communications and in each case, you have not opted out of receiving such communications since.

Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

Before we share your personal data with any third party for their own marketing purposes we will get your express consent.

You can ask us or third parties to stop sending you marketing messages at any time by selecting the unsubscribe option that will be on all marketing communication going forward. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

5. Disclosures of your personal data

We may have to share your personal data with the parties set out below:

  • Other companies in our group who provide services to us.

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, auditors and insurers.

  • Government bodies that require us to report processing activities.

  • Third parties to whom we sell, transfer, or merge parts of our business or our assets.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the GDPR and other Laws. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions and we will always have a legitimate reason for doing so.

6. International transfer of your data

We do not transfer your personal data outside the European Economic Area (EEA).

7. Data security

Throughout our business, we have put in place significant security measures to prevent your personal data from being breached. This includes your data being lost, used, altered, disclosed, or accessed without authorisation.

We also allow access to your personal data only to those employees and partners who have a business need to know such data, They will only process your personal data on our instructions and they must keep it confidential and all employees have signed a Non Disclosure agreement to this effect.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

8. Data retention

The data we collect from you will be retained only for as long as necessary to fulfil the purposes we collected it for. This will naturally include the purposes of satisfying any legal, accounting, or reporting requirements.

For tax purposes, the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances, we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

For more information about our data retention process please see our policy on data destruction.

9. Your legal rights

GDPR gives you the right to request access, correction, erasure, restriction, transfer, to object to processing, to the portability of data and (where the lawful ground of processing is consent) to withdraw consent.

If you want to know more about your rights please take a look at the ICO website link provided here.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of the rights set out above, please email us at [email protected]. If you wish to access your personal information that we hold on you (or to exercise any of the other rights), you can contact Rebecca Chicot on [email protected]

Before we will realise any information to you we will request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

This is a robust security measure and is designed to ensure that you have both the right and legal basis for accessing such information. It protects your data from being disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you. For more information please see our subject access request information then please email [email protected] for further details.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

10. Third party links

Our website https://hospital.essentialparent.com sometimes includes links to third-party websites, plug-ins and applications. By clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, therefore we encourage you to read the privacy notice of every website you visit.

11. Cookies

Your website browser gives you the control over cookies, and you have the ability to refuse all cookies, however, if you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about the cookies we use, please see our cookie policy.

Your consent

By using this site, you agree to the terms of this Privacy Policy and Essential Parent’s Terms of Use. Whenever you submit information via this site, you consent to the collection, use, and disclosure of that information in accordance with those Terms of Use and this Privacy Policy.

What we collect

We may collect the following information:

  • Your email address.
  • Your chosen username and password.
  • Demographic information, such as your postcode and your IP address and, should you choose to tell us, your date of birth, your gender, your relationship status, whether you are pregnant or not (and, if you are, when your due date is) and/or whether or not you have children and how many.
  • Your blog url and Twitter handle, should you join the Essential Parent forum.
What we do with the information we gather

We do not, as a clear and overarching rule, pass on your information, unless you specifically consent to us doing so or we are specifically required to by law. However, on rare occasions where there appears to be a clear need to safeguard the welfare of an Essential Parent user and/or his/her family, it may be necessary to contact relevant authorities about a clearly identifiable member and his/her posts on Essential Parent.

We only use the information you give us to understand your needs and provide you with a better service, and in particular:

For internal record keeping.

To improve our services, and email your responses to discussion-board posts you have reported.

To periodically send you emails about parenting news, Essential Parent news and courses, competitions, discounts or other information which we think you may find interesting, using the email address which you have provided. This includes updates on the Essential Parent Forum, should you join.

To send you pregnancy-stage emails or child development emails, should you choose to receive them.

To contact you, but only with your prior permission, by email or personal message, for market-research purposes.

To offer you, on our website pages, information based on your location.

Any personal data that you give us will be retained by us for as long as it’s needed to perform its function. There’s no one-size-fits-all time limit, but to give some examples: data provided by members of our Insight panel for that specific purpose is retained for as long as the user remains a member of the panel. Information provided in respect of competitions is held for three months. We regularly review the data held by different teams and delete information that is no longer needed. All data we hold is stored securely and only accessible by authorised members of Essential Parent.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic procedures to safeguard and secure the information we collect online.

Signing in via Facebook or Google, what information do we collect?

If you choose to sign in via Facebook or Google you grant us access to information held by those services. The information we have access to depends on the service and is explicitly stated when you first connect those services.

Facebook

You may choose to sign in via Facebook. By doing so you grant us access to your email address, your profile and your friend list. We respect our users privacy so we choose never to ask for your Friends List and we will never use your Friends List. You may revoke access at any time via your Facebook account settings. We follow the guidelines set out by Facebook regarding data collection and use as laid out here.

Google

You may choose to sign in via Google. By doing so you give us your email address and basic account information. More details on signing into apps with Google can be found here.