Privacy notice


This privacy notice provides you with details of how I collect and process your personal data.

MILK AND MUMS is owned and run by Gillian Lund, Registered Midwife who is the data controller registered with the Information Commissioners Office. As a registered midwife Gillian is required by the Nursing and Midwifery Council’s Code of Conduct to respect people’s right to privacy and confidentiality so protecting your privacy is fundamental to my practice.

This notice explains what information I collect from you, why I collect this information, under what circumstance this information may be shared, how long it is stored and how to access it.

My email address is

My postal address is 111 Fatfield Park, Washington, Tyne and Wear, NE38 8BP

If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues.
I would be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.

It is very important that the information I hold about you is accurate and up to date. Please let me know if at any time your personal information changes by emailing me at


What data do I collect about you and for what purpose

Personal information
During our contacts via phone, text, email, facebook or face to face I will collect and record personal information about you and your baby.This includes your name, address, contact telephone number, email address and GP name and contact details. Your babies name, date of birth and NHS number.

Sensitive Data
I will also record medical information about you and your baby relevant to the reasons that you have contacted me ie feeding problems.

I am required by the Nursing and Midwifery Council’s Code of Conduct to keep clear and accurate records relevant to my practice. This is to enable me to provide safe and effective care of you and your baby. It will also allow me to contact you for follow up care and support.

These records, which will contain your personal information, include summaries of our consultations and copies of emails.

I require your explicit consent for processing sensitive data (medical information) and I will request that you complete a signed consent for this.


How will I use your personal data

The personal data I collect from you will be documented on the following documents:

  • Feeding assessment
  • Tongue tie evaluation and record of treatment

I will use your personal data to :

  • Register you as a new client
  • Manage my relationship with you
  • Manage payment
  • Perform the contract between us
  • To comply with legal and regulatory obligation

Whilst we take steps to ensure your information is secure, communication by text, email, messenger, social media and my website may not be secure so keep this in mind when using these methods.


Disclosures of your personal data

I will not share your personal or medical data with any third parties except in the following situations:

  • Your GP and Health Visitor will be informed in writing that your baby has had a tongue tie division, the reason for the procedure and a very brief summary of any care plan put in place.
  • With your consent I may contact your midwife, health visitor or GP to share any relevant information to enhance the care of you and your baby.
  • Should I have any concerns about the safety of your child then I have a legal and professional obligation to share information to the relevant agencies, and in this case your consent is not required.
  • Anonymised data may be used and shared for the purpose of audit.
  • In the event of a complaint or claim, relevant information will be shared, with your consent, with my indemnity provider and legal team.
  • Transaction and financial data may be shared with my accountant, bank, card machine provider and HMRC.

I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law.

Data security

I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. Access to your personal and sensitive data will be limited to Gillian Lund and Amanda Dunbar.

All paper records are kept in a locked cabinet in my home. All personal and sensitive records are then scanned and stored on password protected encrypted files. Paper records are destroyed following transfer to electronic files.
All electronic devices are password protected and have security software installed.

I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.


Data retention

I will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By law medical records on children must be kept for 25 years.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances I may anonymise your personal data for research or statistical purposes in which case I may use this information indefinitely without further notice to you.


Your legal rights

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at:

If you wish to exercise any of the rights set out above, please email me at

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.

I will try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you.

If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( I should be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.


Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and I am not responsible for their privacy statements. When you leave my website, I encourage you to read the privacy notice of every website you visit.


© Suzanne Dibble 2018. Copyright in this document belongs to Suzanne Dibble. You may not copy or use it for any purpose unless you have purchased this template document from Suzanne Dibble.