EU General Data Protection Regulation (GDPR) Compliance Statement and Privacy Policy
The GDPR provides a set of ‘digital rights’ and protections for EU citizens in terms of the data that individuals and organizations hold about them, and applies new responsibilities to those organizations on what data they can hold, how they can process and use that data, and how individuals can access or request changes to or deletion of the data held about them.
This GDPR Compliance Statement explains what data we hold, what we use it for, and the legal basis on which it is used. The statement has been prepared using the checklists in the ICO document, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now” and the guidance given on the ICO website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, and represents our GDPR Impact Assessment.
1. Awareness
This Compliance Statement applies to data held and processed by Miranda Gray Partnership, the members of which are Miranda Gray and Richard Gray. Both partners are aware of the impact of and responsibilities for the GDPR compliance, and have read and agreed this Compliance Statement.
Other worldwide partners and organisations with whom we work have also been made aware of this Statement, and it is available publicly on the websites mirandagray.co.uk and wombblessing.com. Additionally, links to this Statement have been sent in an email to every individual whose data we hold.
2. Information we hold
- Email addresses of people who have emailed us and to whom we have replied – automatically saved in mail server software.
- Individuals who have used the online form to register to take part in any of the ‘Worldwide Womb Blessing / The Gift for Men’ events, held five times each year. This data comprises Email Address, First Name, Family Name, Country, Preferred Language, the date of each event in which they have participated, and the time at which they chose to participate for the last event. Mailing lists are maintained using the YMLP bulk email service (www.ymlp.com) which also automatically collects data on the IP address of the individual registering, the country in which that IP address is registered, and the date on which the last registration was made.
- Individuals who have attended any of the teaching workshops given by Miranda Gray or by one of her authorized teachers. The data comprises Country, Region, Town, Postal Code, Name as it appears on the workshop certificate, Email Address. Additional data may be collected by the individual workshop organizers but is not retained by Miranda Gray Partnership.
- Individuals who have used an online form to request subscription to the regular newsletters. Data comprises Email Address, First Name, Family Name, Country. The YMLP system also automatically collects data on the IP address of the individual registering, the country in which that IP address is registered, and the date on which the last registration was made.
- Individuals who have purchased books or other products directly from Miranda Gray using the online shops. Data comprises Name, Postal address, PayPal account email address, details of the goods ordered.
“As far as security and privacy by design are concerned, we have been using the standards that GDPR imposes for quite some time. For example, the data that users manage with our application has been encrypted for many years, a unsubscribe link is automatically added at the bottom of each mailing, double opt-in is the standard for newsletter registration forms and all data is constantly backed up.
Our servers and back-ups are located in the European Union and your data does not leave the EU.
We have consulted a law firm specialized in IT law to check our procedures and policies against GDPR and to refine them where necessary. The revised Terms of Service, including the processor agreement (articles 5 & 6), can be consulted and downloaded on https://www.ymlp.com/terms-of-service.html”
Records of individuals purchasing books are collected from PayPal and transferred to YMLP for mailing purposes.
Records of individuals attending workshops by Miranda Gray and Authorized Teachers accredited by Miranda Gray are collected by workshop organisers and supplied to Miranda Gray Partnership in order to compile and keep a list of qualifications attained and training completed by each individual.
Records of authorized ‘Moon Mothers’ and Country Representatives are stored in spreadsheet format and published online on the ‘Authorized Moon Mothers’ and ‘Contacts and Enquiries’ web pages. This is by consent of the attendees at every workshop, which can be withdrawn at any time.
How we use your data
Data from registrations to the Worldwide Womb Blessing events, newsletter requests, workshop attendees and book purchasers is used to mail reminders about the subsequent event, news and information from Miranda Gray and the Womb Blessing community, and confirmation of successful registration and instructions on how to take part.
Data may also be used to send occasional mailings about events, workshops or products of specific interest to particular countries or regions.
Data from Moon Mother workshops is additionally used to compile online ‘Authorized Moon Mother’ lists, and to mail ‘Moon Mother only’ newsletters and information.
Data from registrations to the Worldwide Womb Blessing events, newsletter requests, workshop attendees and book purchasers is never passed to any third parties.
Authorized lists of Moon Mothers in particular countries or regions are supplied to the appropriate Country Co-ordination Teams for the purposes of welcome and support.
Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the YMLP server at any time.
Individuals may also send an email to the Miranda Gray Partnership requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.
3. Privacy information
The privacy information required under the GDPR Regulations are as follows:
Identity and contact details of the controller: Richard Gray for Miranda Gray Partnership, richard@mirandagray.co.uk
Purpose of the processing and the legal basis for the processing: Data is collected and retained for the purposes of informing individuals of events and products in which they have expressed an interest. This data is collected and processed under the legal basis of ‘Legitimate Interests’ – see below.
The legitimate interests of the controller or third party: Miranda Gray Partnership uses the data to inform individuals of the free Worldwide Womb Blessing events, and to create awareness of commercial events and products which we may reasonably expect the individuals to find of interest.
Categories of personal data: The categories of personal data collected and processed are as indicated in the section on ‘Information we hold’, above.
Any recipient or categories of recipients of the personal data: Except for Moon Mother information, data is used only by Miranda Gray Partnership for the purposes outlined above. Moon Mother data is published online to indicate to potential clients of the Moon Mothers that they are part of the authorized register; it is also provided to Country Co-ordination Teams to provide local support and recognition of the Moon Mothers.
Details of transfers to third country and safeguards: Personal data on Moon Mothers is provided to Country Co-ordination Teams in the countries and territories in which they operate to provide local support and recognition. Country Co-ordination Teams have been made aware of their responsibilities under GDPR.
Retention period or criteria used to determine the retention period: Data is retained for as long as it still has relevance; for example, individuals who register for the Worldwide Womb Blessing will have their data retained as long as the Worldwide events continue, or until they request to be unsubscribed.
The existence of each of data subject’s rights: The data subjects rights are acknowledged and best efforts will be used to respond to any and all requests for access to or deletion of data records.
The right to withdraw consent at any time, where relevant: Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the YMLP server at any time. Individuals may also send an email to the Miranda Gray Partnership requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.
The right to lodge a complaint with a supervisory authority: Miranda Gray Partnership is based in the UK and the relevant supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/
The source the personal data originates from and whether it came from publicly accessible sources: The sources the personal data originates from are as indicated in the section on ‘Information we hold’, above.
Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data: There are no statutory requirements to provide data.
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences: No automated decision making is used. Mailshots are tailored according to stated language preference, events for which the individual has registered, and in some cases country.
4. Individuals’ rights
We acknowledge individuals’ rights as specified in the GDPR and will make best efforts to respond to any requests from individuals in association with these rights, as follows:- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling
5. Subject access requests
We will make best efforts to respond to any requests from individuals in association with these rights as quickly as possible, and in all cases within the one month timescale required by GDPR.
6. Lawful basis for processing personal data
Data is collected and processed under the legal basis of ‘Legitimate Interests’, using the three-part test:
Identify a legitimate interest: By registering for a Worldwide Womb Blessing event, requesting a newsletter subscription, attending a workshop or purchasing a book, individuals have expressed a legitimate interest in the Worldwide Womb Blessing community and/or the work of Miranda Gray.
Show that the processing is necessary to achieve it: Communication via email is fundamental to the operation of the Worldwide Womb Blessing and associated events.
Balance it against the individual’s interests, rights and freedoms: the individual has the absolute right to request deletion of their data at any time.
Data is used in ways which the individuals would reasonably expect and which has a minimal privacy impact. Only data necessary for the operations stated is collected and processed.
7. Consent
Consent is requested from each individual on registration to the Worldwide Womb Blessing for use of their data in the ways outlined above. Links are given to this Compliance Statement from the sign-up form, and individuals are enabled to choose whether or not to receive mailings and other information via email. If consent is not given for direct mailings, then data is collected and processed solely for the purposes of participation in the free Worldwide Womb Blessing event.
Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the YMLP server at any time.
Individuals may also send an email to the Miranda Gray Partnership requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.
8. Children
None of the services offered by Miranda Gray Partnership are offered to or recommended to children. We do not ask for or verify age, except as part of the PayPal payment process for purchased products and services.
9. Data breaches
We acknowledge the requirement to notify the ICO in certain instances of data breaches. Reasonable steps are taken to prevent data breaches, including the use of secure servers and strong password protection of individual PCs, mobile phones and online accounts.
10. Data Protection by Design and Data Protection Impact Assessments
We acknowledge the content of the ICO’s Guide to Data Protection Impact Assessments (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/) and have implemented to the limited extent required for our current operations.
11. Data Protection Officers
Any issues pertaining to the GDPR and data protection in general will in the first instance be addressed by Richard Gray.
12. International
Miranda Gray Partnership is based in the UK and the lead data protection supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/
Miranda Gray Partnership, Highfield Court, Tollgate, Chandlers Ford, Hampshire SO53 3TY, UK.
Contact enquiries@wombblessing.com
Books, training and resources for empowering women
