Privacy Policy

Last updated: 12/02/2024

The Happy Mums Foundation (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our website and services.

For a more detailed and transparent view of how we collect, protect and use data across the organisation as a whole, please see our Record of Processing Activities and 

1. Information We Collect

a. Website Usage Data: We use Google Tag Manager and Google Analytics to collect information about how visitors use our WordPress.org site. This data includes, but is not limited to, IP addresses, browser types, device types, pages visited, and other similar data.

b. Advertising: We occasionally advertise new groups and activities through Facebook. This may involve collecting and processing certain information through Facebook Pixel or its equivalent.

c. Customer Relationship Management (CRM): We use HubSpot as our CRM to manage user data and interactions.

d. Data Provided to Us: When you submit information to us through Microsoft Forms, we collect and securely store this data on password-protected servers.

2. How We Use Your Information

a. Website Improvement: We analyze the data collected through Google Analytics to understand how people use our site, and we use this information to make improvements and enhance the user experience.

b. Advertising: Data collected through advertising tools like Facebook Pixel helps us track the effectiveness of our advertising campaigns and make them more relevant to you.

c. CRM: HubSpot is used to manage user data, inquiries, and communications effectively.

d. Data Provided to Us: Information submitted via Microsoft Forms is used for the purposes specified at the time of collection, such as event registration or inquiries.

3. Data Security

We take data security seriously. Information collected is stored securely on password-protected servers, and access is restricted to authorized personnel only.

4. Sharing Your Information

We do not sell or share your personal information with third parties unless required by law or as outlined in this Privacy Policy.

5. Your Choices

You may choose to disable cookies or tracking mechanisms in your browser settings. However, this may impact your experience on our website.

You can request for any information we hold identifiable to you to be removed at any time – contact info@happymums.org.uk

6. Your Consent

Consent is important to us, we do not share any identifiable data without express permission unless someone is at risk of harm, even then we endeavour to work with you where possible. By using our website, you consent to the collection and use of information as described in this Privacy Policy.

7. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices. Please check the policy periodically for updates.

8. Contact Us

If you have questions or concerns regarding this Privacy Policy or the data we collect, please contact us at info@happymums.org.uk

The Happy Mums Foundation Record of Processing Activities

Volunteers

What do we collect:
Name, address, phone numbers, personal email address, volunteer role title, DBS Certificate number, bank details, date of birth, driving licence number, passport number, medical conditions, declarations of interests, training records and certificates. Next of Kin name and phone number (for emergecy use only)

How do we collect it:
Application form, Volunteer Details Form, DBS supporting evidence , Medical Info form, letters
ALL ELECTRONIC unless specified otherwise

Storage:
Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. DBS information restricted to need-to-know users.

Why do we need this data:
To provide volunteer role
To pay expenses
To ensure safety of service users

Source of Data:
Volunteer, Line Manager

Permission / Legal Basis for storing and using data:
Contract – Volunteer Agreement

Who is this data shared with:
In response to requests for references
To/ from DBS check provider
To/ from HMRC as required by law
To healthcare providers in health emergency (with consent where possible)
To/ from accountant

Is any of this data shared oversees:
No

Security Arrangements:
Password protected systems with 2-step -verifcation where possible

Any Further Processing: 
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC

Retention and Disposal:
Application and recruitment data for unsuccessful candidates held for 6 months from interview date
Volunteer details and training records up to 6 years after volunteering ends
Bank details & DBS info no longer than necessary
Expenses payments 6 years from financial year end

Third Parties: Next of Kin, Emergency Contacts and Children of Service Users

What do we collect:
Name, address, phone number, email address, job title, organisation

How do we collect it:
Application forms, Registration Forms, Group Register, Group Debrief Form, Emails, Telephone calls. 
ALL ELECTRONIC unless specified otherwise

Storage:
Manual: If initially collected on paper, this is transfered to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system.

Why do we need this data:
To comply with Recruitment Policy
To keep employees, volunteers and beneficiaries safe
To report safeguarding concerns

Source of Data:
Service User, Volunteer, Employee

Permission / Legal Basis for storing and using data:
Legitimate Interest

Who is this data shared with:
Police / Safeguarding Hub (with consent where possible)
To healthcare providers in health emergency (with consent where possible)

Is any of this data shared oversees:
No

Security Arrangements:
Password protected systems with 2-step -verifcation where possible

Any Further Processing: 
Anonymised statistical analysis for reporting to funders; CIC Regulator and HMRC

Retention and Disposal:
All data held for 6 years from last contact EXCEPT:
If safeguarding procedures retain for 10 years from last contact
Suspicious death in relation to services provided of a service user kept for 75 years
Aggregated statistical returns including non-identifiable personal data kept indefinitely
Enquries which do not lead to services being received kept for 2 years (aggregated statitstical returns including non-identificable personal data kept indefinitely)
Records of accidents/incidents and If safeguarding procedures used until child reaches 24 years
Suspicious death in relation to services provided of a child kept for 75 years
Shredded on disposal

Suppliers

What do we collect:
Name, business address, business phone number, email address, company name, job title, bank details (if BACs payment required)

How do we collect it:
Phonecalls, emails, websites, invoices.

Storage:
Manual: If initially collected on paper, this is transferred to electronic format within a maximum of 2 weeks and paper version securely destroyed.
Electronic: Microsoft 365 – Password protected system. DBS information restricted to need-to-know users.

Why do we need this data:
To request products/services,
To pay invoices

Source of Data:
Supplier

Permission / Legal Basis for storing and using data:
Contract 
Legitimate Interests

Who is this data shared with:
To / from accountant
To / from payment provider

Is any of this data shared oversees:
No

Security Arrangements:
Password protected systems with 2-step -verifcation where possible

Any Further Processing: 
None

Retention and Disposal:
All data held for 6 years from last contact.

Associated Privacy Policies