top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

Privacy Policy

Catherine Louise is owned and run by Catherine Quelcutti who is the data controller registered with the Information Commissioners Office (ICO). Additionally, as a registered International Board-Certified Lactation Consultant (IBCLC) and Registered Nurse - Children (RNC), I am required by the IBCLC Code of Conduct and the NMC code of conduct to ‘respect people’s right to privacy and confidentiality’.
​
From May 2018, the General Data Protection Regulation (GDPR) required all businesses to make it clear how we use your data. GDPR covers the safeguarding of personal data and protection against the unlawful processing, movement and storage of personal data within the UK and Europe. 
​

In order to provide care and support, I need to obtain and hold information about you. This is defined as legitimate interest under the GDPR regulations. This privacy policy explains what personal information I collect and how I use any personal information that I collect about you when you use my services. It also informs you of my responsibilities in the processing of your personal information under GDPR data protection regulations along with explaining your rights. 

​

You must read this privacy notice, along with any other privacy notice I may provide on specific occasions, when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data.  

​

My website may include links to third-party websites, plug-ins and applications. These include the links to my business social media accounts. Clicking on these links or enabling connections via these links may allow third parties to collect and share information about you. I do not control these third-party websites and am therefore not responsible for their privacy statements. Please note that this includes any information you may share on my social media platforms. As these are public forums, any information you choose to share is not covered by this privacy notice. When you leave my website, I encourage you to read the privacy notice of every website you visit, including social media sites.   

​

Personal data, or personal information means any information about a living individual from which they can be identified. You can find out more about personal data via  Information Commissioners Office -guide to data protection.  

​

The types of data I collect, use, store and transfer are grouped as:

  • Identity data – includes first name/last name/title/ Baby’s name/ Baby’s date of birth

  • Contact Data – includes billing address/ email address/ telephone numbers 

  • Financial data – I accept payment by bank transfer only so do not store or handle any of your bank details in any other way. 

  • Relevant data – any data that is deemed relevant to the service I am providing you with

    • medical history (including obstetric and mental health history) 

    • GP name and contact details

    • Health visitor name and contact details,  

    • Baby’s weight 

    • Details of any concerns you have/ why you are contacting me 

    • Summary details of the consultation and any recommendations or plan made.  

 

Transaction and financial data may be shared with my accountant, bank, card payment machine provider or with the HMRC in certain circumstances. 

​

In order to fulfil my contract with you to provide the care you are employing me for, I require the aforementioned personal data. If you fail to provide this data then I will be unable to perform the contract to provide the services you require/ have requested. In this instance I may have to cancel the service you have booked but will notify you if this is the case.   

​

I collect this information for the sole purpose of fulfilling the contract of my services to you and as such I only ask for information relevant to your care and to enable me to provide you with recommendations and guidance as part of my service to you.  

​

The information you provide is confidential and not shared with anyone as routine course. Occasionally, I would suggest that it may be beneficial to share information with your Midwife, GP or Health Visitor if, in my professional opinion, they could further support your care. In the first instance I would encourage you to share this information yourself but would be able to share this information on your behalf, with your consent if you preferred. If, in my professional opinion, I ever had concerns that there was immediate and serious risk that you might harm yourself or someone else; or were at risk of harm from someone else, then it is my duty of care to share your personal information with a third party such as your GP or emergency services. I would still try to gain your consent first. However, this may not always be possible if attempting to gain your consent risks delay in accessing the help, thereby endangering your life or that of another. In such situations, I would only share the information that is directly relevant to you receiving the appropriate care and support to protect you or others that are at risk. I will inform you what personal information I shared and to whom.  

​

It may be possible that your personal information be requested by a Court of Law, Coroner’s Office or another Professional Body. In such circumstances you may have no or limited rights to refusal. Additionally, in the event of a complaint or claim, relevant information will be shared, with your consent, with my indemnity provider and legal team. 

​

I may use consultation data as case studies in supervision, or for research and training purposes. However, these would be anonymised to protect the identity of you and your baby.  

​

I require your explicit consent (by way of signature on your registration form) for processing sensitive data, including medical information and that you are in agreement with this policy and my terms and conditions of service.   

​

I store the personal information listed above electronically, along with any communication we have via email, text, WhatsApp or phone call. I store your records using your initial, surname and date of our consultation as identifiers. I am using encryption and password protected systems with a cloud-based provider. 

  • Your data is stored in my encrypted and password protected cloud-based storage, which no one else is able to access at any time.  

  • The notes that I make during a consultation are yours to keep but I scan these to store securely in my cloud-based storage for my own records.   

  • Any email correspondence will be saved in the same cloud storage. 

  • If you choose to send pictures or videos via WhatsApp or text messages, these will be uploaded from my phone to your storage folder in my cloud-based storage.  

  • Any paper notes that I may make during phone calls will be scanned and uploaded to your folder in my cloud-based storage. Any paper notes not left with you will be shredded once I have scanned and uploaded them to your folder in my cloud-based storage.  

  • In the event of a personal data breach, I will notify you and any applicable regulator of the breach where I am legally required to do so. 

​

I am required by the IBCLC code of conduct to keep clear and accurate records relevant to my practice. I share these records with you at your consultation or via email following your consultation if it has been a virtual consultation. As with all healthcare providers, I am required by law to store the information about the care I have provided for 25 years. In addition, by law, I have to keep basic information about my clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.  

​

Full details of all of your rights can be found here Individual rights | ICO . Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data

  • Request correction of your personal data

  • Request erasure of your personal data 

  • Object to processing of your personal data 

  • Request restriction of processing your personal data 

  • Request transfer of your personal data

  • Right to withdraw consent 

​

You have the right to request a copy of any of the information that I hold about you. If you would like a copy of some or all of your personal information, please email hello@catherinelouise.co.uk or text/ phone me on +447554 007150. You may ask me to correct or remove information you think is inaccurate. You also have the right to ask me to erase the personal information I hold about you. I can refuse this erasure request if your personal information is needed in the defence of, or exercise of legal claims, or if I believe there is an overriding legitimate interest to retain your information.  

​

I must comply with your request for access without undue delay and at the latest within one month of your request. I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up our response. 

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.  

​

I hope that together we can resolve any query or concern you may raise about my use of your information. However, if you are unhappy with any aspect of how I collect or use your data, you have the right to complain to the ICO who are the UK supervisory authority for data protection issues (www.ico.org.uk). 

​

I practice under the current Code of Professional Conduct for IBCLC’s with regards to confidentiality. As such, any conversations, written communication, reports or recordings will be treated confidentially. If I am asked to share any written reports or discuss your case with another health professional caring for you e.g., your GP or Health Visitor; I will discuss this with you first and gain your consent. The only exception to this rule is if I had concerns that you are at risk of harm to yourself or others, or are at risk of being harmed by another individual. In this situation I would have a duty of care under the IBCLC code of conduct to break confidentiality. Where possible though, I would still discuss this with you first.  

​

I am required to have regular supervision in order to maintain my IBCLC certification and continue to provide the best possible evidence-based care. During my supervision, I may discuss your case, the care I delivered and any learning that I have taken from it. I will always ensure your anonymity in such discussions. Furthermore, the Lactation Consultant I have my supervision with will also be required to uphold current practice guidelines for confidentiality and will not disclose any information from the supervision session. 

My contact details are:

I am an IBCLC which is a registered profession with IBLCE. My certification number is L-307314 (valid until 31.12.2027). These details can be verified here https://iblce.org/public-registry/

bottom of page