2Doulas Privacy Notice
Thank you for choosing us! In this Privacy Policy we explain how we collect and handle personal data we collect from you.
What data do we collect?
We are collecting the following personal data from you:
On first contact:
- Name
- Phone number
During our collaboration:
- Personal and medical details related to your pregnancy that you share with us in the intake document
- bank account details
- address
- other data that you actively provide us within correspondence with us
How do we collect your data?
If you reached out to us via our website, we collect your name, phone number, email address on our website for contact purposes.
On first consulting, we collect your personal and medical details related to your pregnancy that you share with us in the intake document.
How will we use your data?
We use your data only to provide you doula services and for smooth communication between you and the 2Doulas.
We will never sell your data or grant access to your data to 3rd parties for any kind of marketing or behavioural analytics activities.
How long do we keep your data?
2Doulas does not keep your personal records any longer then is strictly required to attain the purpose the data was collected for. We keep the following the storage time to each category of personal data:
Sensitive and personal data: these records will be removed after the last (postpartum) visit we provide as postpartum or birth doula. This includes data on:
- race,
- religion and or personal beliefs,
- sexual life,
- health,
- last name,
- gender,
- date of birth,
- address,
- telephone number,
- bank account details,
- other data that you actively provide us with in correspondence with us, over the phone or by setting up an account at this website.
- Personal data (part 2): these records will be kept for a maximum of 7 years and will be used by 2Doulas with the company for management, the birth calendar and as base for company statistics. Appropriate organizational and technical means will be used, such as password restriction on folders. The data can also be used for external publications, but only after anonymization. This includes records on:
- first name,
- baby’s first name,
- baby’s gender,
- baby’s date of birth,
- e-mail address,
- brief summary of the birth.
How do we handle your data?
We handle your data using our self hosted cloud environment (the “Server) running on Nextcloud. We do our utmost to handle your data safely. To that end,
we are taking measures to:
- Keep data in The Netherlands
- Encrypt data in transit and at rest
- Restrict access to the data
Below we provide brief detail on how we achieve this.
Keep data in The Netherlands
Your data is stored on our Server that is physically hosted in Amsterdam, The Netherlands. We utilize a secondary server for backup purposes, also located in Amsterdam, The Netherlands.
Our Server receives regular security upgrades and security checks.
Encrypt data in transit and at rest
During transit (when transferred to/from the Server), data is encrypted using industry standard TLS encryption.
At rest, data is encrypted on the Server using server side encryption. Note: inherent to the concept of server side encryption, encryption keys will be present in memory of the Nextcloud server during the time a user is logged in and could be retrieved by a determined attacker. We take care to ensure keys are not stored unencrypted on permanent storage and at rest keys are encrypted using a strong cipher.
Restrict access to the data
We restrict access data on the Server to the 2Doulas and the systems administrator of the Server. No other people are granted access to the data.
What are your data protection rights?
As an individual (or “data subject”), under the GDPR you have the following rights:
- Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
- Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
- Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.
- Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.
- Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.
- Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
- Rights related to automated decision making including profiling: individuals can ask organisations to provide a copy of its automated processing
activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.
How to contact us
In case of any questions or requests related do your data or how we process it, you can reach out to us via the following channels:
Email: [email protected]