PRIVACY POLICY
Solare Maternity
Last updated: [02/04/26]
1. Important information and who we are
1.1 This privacy policy sets out how Solare Maternity collects, uses and protects your personal data when you use our website (www.solarematernity.com) and our services. It is provided in a layered format so you can navigate to the specific areas set out below.
1.2 Solare Maternity is a sole trader business operated by Laura Smith. Laura is the data controller responsible for your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out in section 10.
1.3 This website is not intended for children and we do not knowingly collect data relating to children under the age of 18.
2. The data we collect about you
2.1 Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
(a) Identity Data: your first name, last name, title and date of birth.
(b) Contact Data: your postal address, email address and telephone numbers.
(c) Financial Data: your payment information (name on card, expiry date, last four digits) processed through our secure third-party payment processor. We do not store full payment card details.
(d) Transaction Data: details about payments you have made and the services you have purchased from us.
(e) Technical Data: your internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, mobile device type and identifier, and the pages you view.
(f) Usage Data: information about how you use our website and services, such as which resources you access and how long you spend on each page.
(g) Marketing and Communications Data: your preferences for receiving marketing communications from us and your communication history with us.
2.2 We also collect special category data, specifically health data. We process health information only with your explicit informed consent obtained at the point of intake. This includes:
(a) your expected due date and current week of pregnancy;
(b) pregnancy health and relevant medical history;
(c) birth preferences; and
(d) psychological and emotional wellbeing notes relevant to the transition to parenthood.
2.3 We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data is not personal data as it does not directly or indirectly reveal your identity.
3. How your personal data is collected
3.1 We use different methods to collect data from and about you, including through:
(a) Direct interactions: you may give us your Identity, Contact, Financial and Health Data by completing booking forms, making payments, requesting information, sending us emails or otherwise communicating with us directly.
(b) Automated technologies: as you interact with our website, we automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details.
(c) Third-party sources: we may receive data from third-party service providers such as analytics platforms (for example, Google Analytics), payment processors and communication platforms (Zoom and doxy.me).
4. How we use your personal data
4.1 The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
(a) Performance of a contract with you: where we need to perform the contract we are about to enter into or have entered into with you.
(b) Legitimate interests: where it is necessary for our legitimate business interests (for example, to keep our records updated; to administer our business and to market our services) and your interests and fundamental rights do not override those interests.
(c) Legal obligation: where it is necessary for us to comply with a legal obligation (for example, tax reporting to HMRC).
(d) Consent: where we have obtained your active agreement to use your personal data for a specified purpose, in particular for the processing of special category health data.
4.2 The table below sets out the purposes for which we use your personal data and the legal bases we rely on to do so.
Direct marketing
4.3 We will only send you direct marketing communications (such as newsletters, service updates and promotional offers) where we have your explicit opt-in consent. You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at laura@solarematernity.com.
4.4 If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative purposes (for example, booking confirmations and session reminders).
Cookies
4.5 Our website uses cookies to enhance your experience. For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy, available on our website.
5. Disclosures of your personal data
5.1 We may share your personal data with the following categories of recipients where necessary for the purposes set out in section 4:
(a) Service providers: Proton (Mail, Drive, Calendar) for data storage with zero-access encryption; Zoom Business for group educational sessions with end-to-end encryption; doxy.me for one-to-one consultation sessions with peer-to-peer encryption and no data stored after the call; and our payment processor to process your payments securely.
(b) Professional advisers: our accountants, lawyers and insurance brokers who provide professional services to us.
(c) Regulators and authorities: HM Revenue and Customs (HMRC) and other regulators where we are required by law to disclose your data.
5.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and permit them to process it only for specified purposes and in accordance with our instructions.
6. International transfers
6.1 Your personal data may be transferred to and processed in countries outside the United Kingdom. In particular:
(a) Data processed and stored by Proton (Mail, Drive, Calendar) is transferred to Switzerland. This transfer is permitted under the UK GDPR adequacy decision for Switzerland, which recognises that Switzerland provides an adequate level of protection for personal data.
(b) Zoom and doxy.me operate global infrastructure but both comply with GDPR and healthcare data protection requirements. Where data is processed outside the UK or EEA, appropriate safeguards (including standard contractual clauses) are in place.
6.2 Your data is primarily managed within the United Kingdom and Switzerland through our data controller and our main service providers.
7. Data security
7.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:
(a) All data stored in Proton (Mail, Drive, Calendar) is protected by end-to-end zero-access encryption.
(b) Hardware-based two-factor authentication (2FA) is enabled on all administrative accounts.
(c) Zoom sessions use end-to-end encryption when enabled. Sessions are not recorded without your explicit prior consent.
(d) doxy.me sessions use peer-to-peer encryption with no data stored on doxy.me servers after the call ends.
7.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office (ICO) of a breach where we are legally required to do so (within 72 hours of becoming aware of the breach).
8. Data retention
8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The retention periods applicable to different types of data are as follows:
(a) Educational and health records: 7 years from your last contact with us, as required for professional indemnity insurance purposes in respect of midwifery education services.
(b) Financial and transaction data: 6 years in accordance with HMRC tax requirements.
(c) Marketing data: retained until you opt out of receiving communications from us.
8.2 In some circumstances you can ask us to delete your data. See section 9 below for further information. Please note that we may need to retain certain data for legal, regulatory or professional obligations even where you request erasure.
9. Your legal rights
9.1 Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have a number of rights in relation to your personal data. You have the right to:
(a) Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you.
(b) Request correction of the personal data that we hold about you if it is incomplete or inaccurate.
(c) Request erasure of your personal data in certain circumstances (the right to be forgotten).
(d) Object to processing of your personal data where we are relying on a legitimate interest as the legal basis for processing.
(e) Request restriction of processing of your personal data in certain circumstances.
(f) Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format (data portability).
(g) Withdraw consent at any time where we are relying on consent to process your personal data (in particular for health data). Withdrawing consent does not affect the lawfulness of any processing carried out before you withdraw your consent.
9.2 To exercise any of these rights, please contact us at laura@solarematernity.com. We will respond to your request within one month of receipt. There is usually no fee for exercising your rights.
9.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
10. Contact details and complaints
10.1 If you have any questions about this privacy policy, about our use of your personal data, or you wish to exercise your privacy rights, please contact us:
Laura Smith, trading as Solare Maternity
Email: laura@solarematernity.com
Postal address:
Office 369
18 Young St,
UNIT LGE
Edinburgh
EH2 4JB
Scotland
10.2 You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues:
Website: www.ico.org.uk
Helpline: 0303 123 1113
10.3 We would ask that you contact us first so that we have an opportunity to address your concerns before you approach the ICO. The ICO will expect you to have raised the matter with us before they review your complaint.
10.4 If you are located outside the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
11. Changes to this privacy policy
11.1 We keep our privacy policy under regular review. Any changes will be posted on this page with the date of the last update noted at the top of the document.
11.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
12. Third-party links
12.1 Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
| Purpose | Type of data | Legal basis |
|---|---|---|
| Register you as a new client | Identity, Contact | Performance of a contract with you |
| Process bookings and payments | Identity, Contact, Financial, Transaction | Performance of a contract with you; Legitimate interests (to recover debts due to us) |
| Provide educational services (including collecting health information to tailor sessions) | Identity, Contact, Health | Performance of a contract with you; Consent (for health data) |
| Manage our relationship with you (including notifying you of changes to our terms or privacy policy) | Identity, Contact, Marketing and Communications | Performance of a contract with you; Legal obligation; Legitimate interests (to keep our records updated) |
| Send you marketing communications | Identity, Contact, Usage, Marketing and Communications | Consent |
| Administer and protect our business and website | Identity, Contact, Technical | Legitimate interests (for running our business, IT services, network security); Legal obligation |
| Use data analytics to improve our website and services | Technical, Usage | Legitimate interests (to keep our website updated and relevant, to develop our business) |