petals Privacy policy

petals Privacy policy

petals Privacy policy

Petals Privacy Policy

Petals is committed to protecting and respecting the personal data you share with us. We recognise the importance of transparency and care in how we collect, use and safeguard information, particularly given the sensitive nature of the support we provide.

This privacy policy explains how Petals collects, uses and protects personal information when you interact with us — whether through our website, other digital platforms or when you contact us by email, telephone or any other means.

Petals is the trading name of Pregnancy Expectations Trauma and Loss Society.

Data Protection Oversight
• Staff lead for GDPR and data protection: Paula Mothersole
• Chief Executive Officer: Karen Burgess
• Trustee with responsibility for data protection: Steve Hadwin

If you have any questions about how your data is handled, or would like to exercise your data protection rights, please contact us using the details below.

Our contact details:
Pregnancy Expectations Trauma and Loss Society (Petals)
Unit 5B Downing Park
Station Road
Swaffham Bulbeck
Cambridgeshire
CB25 0NW
Email: contact@petalscharity.org

1. Clients

What data we collect
When you contact Petals to seek counselling or access our counselling services, we may collect and process the following information:
• Full name, address, telephone number and email address
• Date of birth
• Details relating to your referral or enquiry
• Information relevant to the provision of counselling support, which may include special category data as defined by the UK GDPR and Data Protection Act 2018 (for example, information relating to physical or mental health, pregnancy or baby loss, personal circumstances and family life)
• Information relating to your counselling journey, such as appointment dates, attendance and service outcomes
• Limited demographic information collected for monitoring and reporting purposes only (such as ethnicity, sexual orientation or religion), which is anonymised and used to help us understand who we are reaching and where there may be gaps in access to services.
• Marketing preferences with respect to contact from Petals to learn more about our work and ways you can support us.

Counselling session notes and clinical records are held securely within our clinical systems and are subject to professional and ethical standards, including the BACP Ethical Framework.

How we use client data
We use client personal data to:
• Process referrals and enquiries
• Allocate counsellors and manage appointments
• Provide safe, appropriate and effective counselling support
• Communicate with you about your counselling journey
• Monitor service delivery, outcomes and quality
• Support safeguarding, clinical governance and risk management where necessary
• Produce anonymised reports to support service development, funding applications and partnership working

Any demographic or equality monitoring information is used only in an anonymised form and never to make decisions about an individual’s care.

Legal basis for processing
Petals processes client personal data in this context because:
• It is necessary to provide counselling and related support services
• We have a legitimate interest in delivering, managing and improving our services
• For special category data, we rely on your explicit consent and the provision of health and social care

Who has access to client data
Client information is shared internally on a strictly need-to-know basis with relevant Petals teams, including counselling managers, counsellors, and administrative staff involved in service delivery.

In exceptional circumstances, we may share information with external professionals (such as GPs or safeguarding agencies) where there is a legal obligation or a serious concern about safety, in line with professional and safeguarding standards. We may rely on vital interests as the legal basis for processing personal data in this context.

We do not transfer client data outside the UK.

2. Partnerships and Commissioned Services

Petals works in partnership with a range of organisations, including NHS Trusts, Integrated Care Boards (ICBs), hospitals, local authorities, councils and other charities, where a formal written agreement is in place to deliver counselling or related services.
Where a partnership agreement exists, Petals may hold and process limited personal data relating to key contacts within partner organisations. This may include:
• Name
• Job title or role
• Organisation and place of work
• Professional email address and/or telephone number
This information is used solely for the purposes of service delivery, contract management, reporting, governance, quality assurance and communication relating to the agreed service. Data is processed in line with the terms of the relevant partnership agreement and applicable data protection legislation.

We may also contact partner organisations and their staff directly to share information about Petals’ own training and professional development opportunities that may be relevant to their staff or service provision. All training is designed, delivered and administered by Petals. Individuals can opt out of receiving such communications at any time by e-mailing partnerships@petalscharity.org

Legal basis for processing
Petals processes personal data in this context because:
• It is necessary for the performance of a contract
• We have a legitimate interest in delivering, managing and improving our services

3. External Training and Professional Development

Petals deliver training and professional development courses for healthcare professionals, counsellors, those working in the field of baby loss and other external participants.

For individuals attending Petals training and professional development, we may collect and store personal data including:
• Name
• Organisation and role
• Professional contact details
• Attendance records
• Certificates of completion
• Evaluation and feedback responses

This information is used for the administration of training, issuing certificates, maintaining attendance records, evaluating training effectiveness and meeting reporting or governance requirements. Training data is stored securely and retained in line with ICO guidance.

Any feedback or evaluation data used for reporting or learning purposes is anonymised wherever possible.

Legal basis for processing
Petals processes personal data in this context because:
• It is necessary for the performance of a contract
• We have a legitimate interest in managing and improving our services

4. Job Applicants

What data we collect
If you apply for a role with Petals, we may collect:
• Name, address, telephone number and email address
• Employment history, qualifications and experience (e.g. CV and application form)
• References and right-to-work information (where relevant)
• Information disclosed during the recruitment process
• Equality and diversity monitoring information (such as age, gender, ethnicity, disability or sexual orientation), which is collected anonymously and stored separately from your application

Providing equality monitoring data is optional and has no impact on recruitment decisions.

How we use applicant data
We use applicant data to:
• Assess suitability for roles
• Communicate with you during the recruitment process
• Meet legal and regulatory requirements
• Produce anonymised recruitment statistics to help us monitor fairness, equality and inclusion

Equality monitoring data is used only in aggregate, anonymous form.

Legal basis for processing
Petals processes job applicant personal data on the basis of:
• Legitimate interest in recruiting staff and contractors
• Compliance with legal and regulatory obligations

Retention of applicant data
If your application is unsuccessful, we will retain your data for a limited period in line with ICO guidance, after which it will be securely deleted.

5. Supporters

What data we collect and why
When you choose to support Petals for example by making a donation or taking part in an event, we may collect and process the following information:

• Your name, address, contact details including email and telephone, any donation amounts or regular gifts given (we not store credit or debit card details)
• Details of any previous support including participation at events or information relevant to your participation at that event
• Any information given about the reason for your donation/support
• Gift aid status
• The organisation you work for and your role within the organisation
• Your relationships with other supporters
• Communication preferences and a record of the previous communications we have had with you
• Personal experiences of baby loss or your connection to Petals, where shared with us
• Information that is publicly available about you, such as on your fundraising page or in posts you tag us in on social media
• If you are a Petals client and you have given us consent to know this information, we will store your name, email, the fact you are a Petals client and the type of loss you have experienced.

How we use supporter data
• To manage the events that you might be taking part in
• To keep you informed of news and developments and to help you to feel connected to our cause
• To promote all the different events, campaigns and activities that we have going on
• To thank supporters and showcase the difference your donations make to the organisation and to local people
• To raise awareness of baby loss and demonstrate the importance of the need of specialist mental health support
• To set up direct debit payments
• To process donations
• To comply with our legal obligations, policies and procedures, for example claiming Gift Aid
• For delivery of items purchased from our online shop
• To ensure we are contacting you with relevant information, in a personalised way, and where relevant, with sensitivity and respect given your connection to the charity
• To measure the effectiveness of our marketing and better understand our supporters
• To ensure that your details are accurate and up-to-date.

Legal basis for processing
Petals processes supporter data on the basis of:
• Legitimate interest so we can send you relevant marketing and fundraising materials by post and on the telephone
• Consent to send you marketing and fundraising information by email and text message
• As part of a contract with us because if you have chosen to participate in an event or challenge, and have paid to do so (or bought a product), we will process your details as its necessary for that event to be able to take place.
• Legitimate interest in recruiting staff and contractors
• Compliance with legal and regulatory obligations

Who has access to supporter data?
Information about our supporters is held securely on our CRM Database. The database can be accessed by trained members of our fundraising and communications team.

Data sharing with partners
We may share your information securely with partner companies who support us in delivering our fundraising activities, such as mailing houses who act on our behalf to circulate our publicity materials. If you are participating in an event we will share your personal data with the relevant event organisers and administrators when required for legal purposes.

When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. We may also share your data if it is required by law, for example, by a court order or for the purposes of prevention of fraud or crime.

Please be reassured that we will not release your information to any third parties for them to use for their own direct marketing purposes. We have never and will never sell your information.

Targeting our marketing
We will carry out targeted fundraising and marketing to ensure that we are contacting you with the most relevant information (for example about volunteering, events or how your support helps) through your preferred channels.

This approach has mutual benefits; you will hopefully receive communications from us that feel purposeful, but equally we are using our resources effectively, which is important to both us and you as supporters. For example, if you have already participated in an event or bought a product; we will contact you about that and/or similar events or products, unless you ask us not to.

We will keep your record updated with relevant information that will help us, such as previous events you have taken part in or whether you are giving in memory.

Client data
In order to protect the way we communicate with current clients, if you are receiving counselling services and you give your consent, we will amend your Fundraising CRM record to reflect your relationship with Petals and where needed, adjust your communications accordingly. With your consent, we will collect the following information from our counselling services client data system: name, address, email, the type of loss you have experienced. If you are having counselling with a partner, we will link your two records on our CRM.

Having this information his helps us make sure that any communications you choose to receive from Petals, or if you make contact with our fundraising or comms team, are appropriate, respectful, and sensitive to your connection with the charity, and helps us understand our supporters better so we can plan our work responsibly. We will only use this information for these purposes. It will not affect the counselling or support you receive.

No information is shared or stored regarding the nature of your mental health, unique personal circumstances or anything discussed within your counselling sessions. We comply with the BACP ethical framework regarding confidentiality.

The organisation complies with the Fundraising Regulator’s requirements and will provide a simple and easy way to stop communications that are no longer required. Any use of legitimate interest will only relate to postal communications and telephone only.

Sharing your story or photographs
Stories of people who have completed counselling with Petals help us to raise awareness of our work and the difference it makes. If you choose to support us by getting involved in publicity work, including photographic, video or written content, we will obtain consent from you and explain how your words and images will be used (for example on social media, our website, to the press etc). All stories will be kept on our website for a minimum of five years, prior to 10 years we will be in touch to request onward use of your story.

Please contact us using the information below if you change your mind about us using it. If we plan to use your story again on any other medium in the future, we will contact you to let you know.

Photographs taken at our fundraising events will be used for up to five years. You can withdraw your consent at any time by emailing marketing@petalscharity.org.

Keeping our data accurate
Whenever we contact our supporters, we will give you an opportunity to update your information so it is as current and accurate as possible.

Changing your preferences

You are welcome to contact us at any time to change your communications preferences. Please contact the team by emailing fundraising@petalscharity.org. Any email or postal marketing we send will include information on how you can change your communication preferences or cease communication from Petals. If you request to receive no further information from us, we will also keep your personal data on our database so that we can always ensure that you do not receive any unwanted communication.
.

6. General information

Equality, Monitoring and Reporting (Clients & Applicants)
Petals is committed to promoting equality, diversity and inclusion. To help us understand who we reach and how we can improve access to our services and opportunities, we may collect limited demographic information such as ethnicity, disability, religion or sexual orientation.
• This data is optional
• It is analysed anonymously
• It is never used to make decisions about individual care, recruitment outcomes or eligibility for services

This information helps us identify unmet need, address inequity and meet our reporting obligations to funders and regulators.

How does Petals protect your data?
Petals takes the protection and security of your personal data very seriously. We have appropriate internal policies, procedures and controls in place to help ensure that your data is handled safely and responsibly. This includes measures to prevent data from being lost, accidentally destroyed, misused, disclosed without authorisation, or accessed by anyone who does not have a legitimate reason to do so as part of their role.

Where Petals works with trusted third-party organisations to process personal data on our behalf, this is done under strict written agreements. These organisations are required to maintain confidentiality and to implement appropriate technical and organisational safeguards to protect your data in line with data protection legislation.

Our website may contain links to other websites operated by third parties. These organisations have their own privacy notices and data protection practices. We encourage you to review their policies if you choose to use their websites, as Petals is not responsible for the privacy or security arrangements of external sites.

How long does Petals keep your data?
Petals will retain your personal data for as long as you are engaged with our services or activities. After this time, data is held only for as long as necessary and in line with current guidance from the Information Commissioner’s Office (ICO), relevant legal requirements and best practice.

Once data is no longer required, it is securely deleted or anonymised to ensure your privacy is maintained.

Sensitive Personal Data (Special Category Data)
We recognise that much of the information shared with Petals may be deeply personal and sensitive. This can include information relating to health, pregnancy or baby loss, mental health, sexual orientation, ethnicity, religion or other protected characteristics.

Petals treats all sensitive personal data with the highest level of care and confidentiality. Such information is only accessed by authorised staff and is processed strictly on a need-to-know basis, in line with our legal obligations and internal policies. Where sensitive data is collected for monitoring, evaluation or reporting purposes, it is anonymised and used only to help us improve equity, access and quality of our services.

7. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These include the right to:
• request access to, and receive a copy of, the personal data we hold about you;
• ask us to correct any information that is inaccurate or incomplete;
• request that we delete or restrict the processing of your data where it is no longer needed for the purposes for which it was collected;
• object to the processing of your data where we are relying on legitimate interests as the legal basis for processing; and
• ask us to pause the processing of your data if there is a concern about its accuracy or if there is a dispute about whether our legitimate interests override your rights.

If you have any concerns about how your data is being handled, we encourage you to contact us in the first instance so we can address them. You also have the right to raise a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have not been upheld.