top of page

Privacy Policy

Introduction

BreastfeedingHerts is committed to protecting and respecting your privacy.

This Privacy Notice explains how I collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of data protection legislation, BreastfeedingHerts is the Data Controller responsible for your personal information.

 

Contact Details

Data Controller: BreastfeedingHerts

Email: Breastfeedingherts@gmail.com

Telephone: 07533491202

Website: www.breastfeedingherts.com

 

Information I Collect

To provide lactation and infant feeding support services, I may collect and process the following information:

 

Personal Information

  • Parent or caregiver name

  • Address

  • Email address

  • Telephone number

  • Date of birth (where relevant)

  • Emergency contact details

 

Baby’s Information

  • Baby’s name

  • Date of birth

  • Feeding history

  • Growth and weight information

  • Relevant medical history

 

Health Information

As part of providing clinical support, I may collect health-related information about you and your baby, including:

  • Pregnancy, birth and medical history

  • Feeding concerns and assessment findings

  • Medications and treatments

  • Relevant healthcare professional involvement

  • Consultation notes and care plans

This information is considered Special Category Data under UK GDPR.

 

Photographs and Videos

With your consent, photographs or videos may be taken during consultations for clinical records, monitoring progress, educational purposes, or professional training.

Separate consent will be sought where required.

 

Website Information

If you visit my website, certain information may be collected automatically through cookies and website analytics. Further details are available in the Cookie Policy.

 

How I Use Your Information

I use your information to:

  • Provide lactation and infant feeding support

  • Arrange and manage appointments

  • Create consultation notes and feeding plans

  • Communicate with you regarding your care

  • Process payments and maintain financial records

  • Comply with legal, professional, safeguarding and insurance obligations

  • Improve the quality and safety of services provided

 

Lawful Basis for Processing

Under UK GDPR, the lawful bases for processing your information are:

 

Contract

Processing is necessary to provide the services you have requested.

 

Legitimate Interests

Processing is necessary for the effective administration and operation of the business.

 

Legal Obligation

Processing is necessary to comply with legal, taxation, safeguarding, and regulatory requirements.

 

Special Category Health Data

Health information is processed under Article 9(2)(h) UK GDPR, which permits processing necessary for the provision of health and care services.

Where photographs, videos, testimonials, or educational materials are used beyond your clinical record, explicit consent will be obtained where required.

 

Information Sharing

Your information will remain confidential and will not be sold or shared for marketing purposes.

Information may be shared where necessary with:

  • Your GP, Health Visitor, Midwife, Paediatrician, or other healthcare professionals (with your consent unless safeguarding concerns apply)

  • Professional advisers, insurers, or legal representatives where required

  • IT, payment processing, and secure record-keeping providers who assist in delivering services

  • Regulatory, safeguarding, or law enforcement authorities where required by law

 

Data Storage and Security

I take appropriate technical and organisational measures to protect your information.

This may include:

  • Password-protected electronic devices

  • Secure cloud storage systems

  • Encrypted communication where appropriate

  • Restricted access to client records

While every effort is made to maintain security, no method of electronic transmission or storage can be guaranteed as completely secure.

 

Retention of Records

Client records will be retained for a period consistent with professional, legal, insurance, and safeguarding requirements.

Currently, consultation records are retained for a minimum of 8 years after the last consultation, or longer where required by law or professional obligations.

After this period, records will be securely destroyed or permanently deleted.

Financial records may be retained for longer periods where required for tax and accounting purposes.

 

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal information

  • Request correction of inaccurate information

  • Request deletion of information where appropriate

  • Restrict processing in certain circumstances

  • Object to processing where applicable

  • Request transfer of your data where applicable

  • Withdraw consent where processing is based on consent

Please note that some rights may be limited where records must be retained to comply with legal, insurance, safeguarding, or professional obligations.

 

Complaints

If you have concerns about how your information is handled, please contact me in the first instance.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

 

Changes to this Privacy Notice

This Privacy Notice may be updated from time to time to reflect changes in legal requirements or business practices.

The latest version will always be available on request and, where applicable, on the business website.

Last Updated: 12/06/2026

bottom of page