This Data Protection and Privacy Notice (the “Notice”) describes the personal data processing activities of AIMS (Association for Improvements in the Maternity Services) ("AIMS", "we" or "us"). It sets out how we collect and use personal data about our members, donors and any other individual (“you”), why we use it, when we share it, the rights to which you may be entitled, your choices about our use of your personal data, and other information we are required to provide to you under the UK General Data Protection Regulation (the “GDPR”).
This scope of this Notice covers the activities that AIMS undertakes as a “data controller”. AIMS is a charity registered in the United Kingdom, with registered number 1157845. Its registered address is: 1, Carlton Close, Camberley, Surrey, GU15 1DS, UK.
If you have any questions about this Notice or AIMS’s personal data processing activities more generally, you may contact us at datacontroller@aims.org.uk.
We collect most personal data directly from individuals. This includes AIMS members, donors, contacts, and other individuals, such as those who have requested to be included in our mailings list.
AIMS does not sell any information about its past or present members or contacts with any third parties.
The categories of personal data we process about our members include the following:
The main personal data category we process about our members is their contact details. We use such details to manage our members’ membership and meet our obligations to provide them with information about our annual general meetings and other members’ meetings. We also use email addresses to send newsletters, notifications about AIMS events, fundraising, journals and other publications, and opportunities to get involved with AIMS volunteering, campaigning and other activities, as well as to inform them about maternity services issues, research studies and campaigns that may be of interest.
We process personal data of our members mainly to pursue our legitimate interests, which include the following:
We need to be able to contact our members about matters concerning their membership such as renewals;
We need our members’ details in order to keep them informed of what the charity is doing, including events, campaigns, local activities, publications etc., as well as to offer them opportunities to get involved with AIMS work on an occasional basis or to help fundraise for AIMS. Members can choose to opt out of these mailings if they wish.
We also process our members’ personal data to comply with our legal obligations; for example, to inform them of the AGM and other members' meetings.
Those who wish to volunteer with AIMS are asked to provide information about their contact details, name, qualifications, skills, experience and interests. For volunteers who claim expenses we also process their bank account details for payment. Volunteers who wish to claim expenses incurred for their AIMS volunteering work provide us with this information as part of their expense claim to enable payment to be made.
We process such personal data to pursue our legitimate interests, to comply with our legal obligations and to perform our agreement where there is an agreement in place between a volunteer and us.
We process details of people who are not members but have asked to be included in our mailing-list as subscribers to be kept informed about AIMS activities, and about maternity services issues and campaigns that may be of interest. We could also use their personal data to offer them opportunities to get involved with AIMS work on an occasional basis or to help fundraise for AIMS.
The information we process about these people consists of first name, last name and title, email address, and data joined the list.
The personal data is processed with the individual’s consent where the individual has asked to be added to our mailing-list.
Individuals can request to unsubscribe from the mailing-list at any time.
Applicants for paid or unpaid roles with AIMS may supply us with personal data as part of their application. This information is used purely for the purpose of recruitment, or in the case of successful applicants for paid roles, for HR and employment purposes.
We process such personal data to comply with our legal obligations and because processing is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract. We may also process such personal data for our legitimate interests including to ensure the security and safety of our members, donors, employees and other individuals.
AIMS sometimes engages with suppliers or contractors who are individuals. Where you are a supplier or a contractor, we need to process your contact information in order to liaise with you about your current work or new opportunities to do work for the charity, and bank account details on your invoices to enable payment to be made. The information we process may include the following:
We process such personal data to comply with our legal obligations and because processing is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract. We may also process such personal data for our legitimate interests including to ensure the security and safety of our members, donors, employees and other individuals.
We process the following categories of personal data about our donors:
We process such personal data to comply with our legal obligations and because processing is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract. We may also process such personal data for our legitimate interests including to ensure we have proper records and audit trail regarding our transactions, as explained further below (in section titled “Personal data associated with financial transactions”).
We may process the following categories of personal data about our customers, such as our shop customers:
We process such personal data to comply with our legal obligations and because processing is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract. We may also process such personal data for our legitimate interests including to ensure we have proper records and audit trail regarding our transactions, as explained further below (in section titled “Personal data associated with financial transactions”).
We process records of all the income that we have received and payments we have made. Income includes membership subscriptions, donations and payments from AIMS shop customers or booking tickets for AIMS events. Payments include volunteers' expenses, employees' salaries and expenses, and payments to suppliers or contractors.
We need to process this information, which may include personal data such as bank account details, so that we have a proper record of all the charity’s income and expenditure. This is necessary for us to comply with our legal obligations, perform our contracts and pursue our legitimate interests including the following:
Expense claim forms and invoices are stored in electronic format to which only members of the Finance team have access. These are retained to provide an audit trail.
Payments and donations are processed through various Banks, Card processing companies, Sales and Donation platforms. These companies have all published their own privacy policies confirming that their data processing meets EU standards.
AIMS holds partial credit or debit card details of members who have paid their annual membership through the website and people who have made purchases through the AIMS shop. These are held in encrypted form in a database, access to which is through individual accounts of authorised users and all accounts are protected by passwords. The information we store is:
We need this data in order to process membership payments made through our website.
For further information about the data we hold on customers who make purchases through the AIMS shop, see Privacy policy – AIMS UK Shop
The AIMS helpline is a confidential information and support service provided by a small group of volunteers (the Helpline Group).
Your communications with our Helpline Group (in the form of emails, calls, voicemails) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our service.
The information we collect about you through our Helpline can roughly be grouped into two areas:
You can check what information we have on you in the database or ask us to delete your personal data from it by emailing datacontroller@aims.org.uk
If you ask us to delete your personal data we may retain your records in an anonymised form.
All personal data is obtained directly from individuals who call or email the AIMS helpline.
AIMS does not share or sell any information about the people who make helpline enquiries with any third parties.
If you speak to a helpline volunteer by phone you do not need to tell them your name or contact details unless you wish to do so. However, the volunteer may ask for these details for the purposes described above.
If you leave a voicemail, an email which includes your phone number and a recording of your message will be sent to our small group of Helpline Group volunteers, so that one of them can call you back as soon as possible. Similarly, if you email helpline@aims.org.uk your email address and message will be seen by all our Helpline Group volunteers so that we can respond to you as soon and as fully as possible.
As above, we take your confidentiality very seriously and we will not share your personal data or the details of what you tell us with anyone outside the Helpline Group without your permission. Occasionally we may ask your permission to share your personal data with another organisation, for example to find additional information or sources of support for you.
The only exception to this would be in the very rare situation where there is a safeguarding issue. This might be where an enquirer is at risk of harm and unable to help themselves (for example, if they have a medical condition which is worsening), or where they’ve told us that they or a child is at risk of being hurt by someone else. In this case if we have information that identifies the enquirer and their location we might tell someone else in order to get help for them . We would never do this without telling the person concerned what we were doing.
All helpline data is stored in a secure database with access limited to a small number of volunteers. All access to the helpline database is through individual accounts of authorised users and all accounts are protected by passwords. All use of the helpline database is logged, including the timestamp of the interaction, the user account used, and any queries or actions carried out.
The system administrator is automatically notified by email of any anomalous events or errors in the helpline database system.
Helpline volunteers receive training in their responsibilities under the GDPR, and have signed an undertaking which requires them to:
Keep your personal details confidential and not share them with anyone outside the Helpline Group without your permission (other than for safeguarding issues as described above).
Ensure that any electronic devices (computers, laptops, tablets, smartphones etc.) on which they receive Helpline emails are password protected and not left unattended where anyone else might access them.
Delete any emails you send to the Helpline group from their electronic devices after a maximum of 6 months (or as soon as you request it), unless we are still actively supporting you, in which case they will be deleted once the support is no longer needed.
If they take any written notes during a conversation to destroy these as soon as they have dealt with your query.
Processing your personal data in connection with your enquiries to our Helpline Group is necessary for our, your and potentially certain third parties’ (such as a child, as explained above) legitimate interests because, without contact details, we would not be able to provide enquirers with the information and support that they have requested. It may also help us to respond more effectively to any future enquiries you make and enables us to contact you to seek your views to inform our campaigns. Therefore, we generally rely on legitimate interests grounds to process your personal data under the GDPR. Where required by law, however, we rely on your consent to process your personal data.
If you prefer for us not to record your personal details in the database we will record details of your enquiry and our response(s) in anonymised form to enable us to use this information for research, quality assurance and training purposes.
You can ask us at any time to delete your communications with Helpline Group by emailing helpline@aims.org.uk.
In addition to the above processing activities, we may also process your personal data for the following purposes:
In connection with our operation of our website, to process your requests, to contact you and to provide you with the information or services that you have requested. In general, you are not required to provide any personal data in order to consult our website. However, you may elect to contact us by completing the form provided on the “Contact Us” page of this website, in which case we ask you to provide certain data such as your name and e-mail address, and to submit specific questions to us. You may also elect to contact us by telephone or e-mail, in which case we will process your name and contact details, and any other personal data you may provide in such communications. When using the website for mere information purposes, we may also collect the personal data that your web browser transmits to our server, including internet or other electronic network activity such as your IP address, the date and time of your visit, and data relating to your operating system and web browser. We also use cookies and similar technologies on our website. For more information about the information we collect, please refer to our www.aims.org.uk/cookies.
to ensure the security and successful navigation of our website and to compile statistical data on the use of our website;
for internal administrative or operational processes;
use your photos, which you have voluntarily submitted to us or which we have taken in our events, in our social media posts;
to maintain a safe and secure working environment for our staff, volunteers, suppliers and contractors and to protect our property and premises;
to enable us to keep our contact database accurate and up-to-date;
to send invitations and information about events, publications, and services provided by us. In this respect, when you meet with us online, visit one of our locations or attend one of our events, including our webinars, we may also collect personal data from you, including identifiers such as your name, address, the date and time of our meeting, your visit or the event, and any other personal data you may provide to us such as dietary requirements;
to publicise our events and activities, including on our website, as part of future event invitations, via social media, and within recruitment publications; and
to satisfy any legal, regulatory, accounting, accreditation, or reporting requirements.
We will process such personal data if and to the extent applicable law provides a lawful basis for us to do so, and in particular where the processing is necessary:
to perform the contract we have entered into with a data subject or in order to take steps at the data subject’s request prior to entering into a contract;
to comply with a legal obligation to which we are subject; or
for our (or a third party’s) legitimate interests which are not overridden by the data subjects’ interests or fundamental rights and freedoms. Such legitimate interests include the provision of our services, administrative or operational processes within our organisation, marketing, the safety and security of our staff, volunteers, suppliers and contractors, property, and premises, and promotion of activities and events;
That said, where required by law or where it is appropriate for us to do so, we will process your personal data with your consent.
The GDPR requires additional protections for the processing of any special category data. Such data include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs. If you contact us through our Helpline Group or in other more general communications with us such as blogs or emails, you may choose to provide details of a sensitive nature, which may include special category data. We will only use such data to address your enquiry and for quality monitoring.
We will not pass on your details to anyone else without your explicit consent except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others contacting us and sharing serious issues such as physical abuse or exploitation.
Where we process special category data, we will generally do so on the basis of your explicit consent. We may also process such data in the course of our activities on condition that that the processing relates solely to the members or to former members of the AIMS or to persons who have regular contact with us in connection with our purposes and that the personal data are not disclosed outside AIMS without the consent of the data subjects.
In exceptional circumstances, we may also process such personal data where processing is necessary:
for the purposes of carrying out the obligations and exercising specific rights of us or of the data subject in the field of employment and social security and social protection law;
to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
for the establishment, exercise or defence of legal claims;
for reasons of substantial public interest in accordance with the UK Data Protection Act 2018.
We may carry out certain, limited activities, where we may need to transfer your personal data to an organisation such as a third party service provider that is located in another jurisdiction. Transfers from the UK to jurisdictions outside of the UK which are not considered to have adequate personal data protections by the UK Government as appropriate are generally governed by contractual arrangements which incorporate the European Commission’s standard contractual clauses or the UK International Data Transfer Addendum. Where relevant, you can request a copy of these clauses by contacting us at the following e-mail address: datacontroller@aims.org.uk.
The personal data we process about you will mainly be used by our employees and volunteers so that they can undertake the processing activities described in this Notice.
We may share your personal data with our trusted partners and suppliers, such as information technology and telecommunications providers and our advisers, who work with us on our behalf to deliver our services. We will put in place measures to ensure that such parties process your personal data securely and delete it when they no longer need it. Where required, we may also share personal data with regulatory authorities and enforcement agencies.
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected and used in compliance with this Notice. To determine the retention period for personal data, we will take into consideration the purposes for which it was collected, as well as the nature and sensitivity of the information and the applicable legal requirements. We conduct periodic reviews of the data we retain and will safely delete data to the extent we no longer need to retain it.
Your provision of personal data to us (including personal data of third parties) is voluntary, and refusal to provide personal data will not result in denial or change in the quality of our services. However, any refusal on your part to provide any such data could prevent us, depending upon the circumstances, from providing certain services to you or from undertaking certain activities where your personal data is required.
You have the following rights under the GDPR in respect of the personal data we process about you.
Access to your personal data: You have the right to request access to a copy of the personal data we process about you. If you make an access request, we may ask to you to verify your identity before we can fulfil your request.
Right to object: You can object to our processing of your personal data in certain circumstances, for example where we are relying on a legitimate interest (or those of a third party).
Rectification: You can ask us to rectify any inaccurate or incomplete personal data we process about you.
Deletion: You can ask us to delete your personal data where it is no longer necessary for us to use it, where you have withdrawn consent, or where we have no lawful basis for processing it.
Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you.
Restriction: You can ask us to restrict the personal data we process about you where you have asked for it to be erased or where you have objected to our use of it.
No automated-decision making: You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you. We do not currently carry out any automated decision-making.
If you have given us your consent to process your personal data (for example, where you have subscribed to our mailing-list), you can withdraw such consent at any time.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
If you wish to exercise any of these rights or make a complaint, you can do so by contacting by emailing datacontroller@aims.org.uk. You can also make a complaint to the Information Commissioner’s Office, https://ico.org.uk/
Any changes we make to this Notice in the future will be posted on this page. Please check back periodically to see any changes to our Notice.
Updated June 2025