1. WHO WE ARE?
Menstrual Cycle Support Ltd is a company registered in England and Wales with a registered office
at Trecara, West Polberro, St Agnes, Cornwall, TR5 0ST, and with company
Menstrual Cycle Support Ltd. are the ‘Controller’ of any personal information we collect about you.
Our Information Commissioner’s Office (ICO) Registration Number is: ZB433581
Our Data Protection Officer & Safeguarding Lead is Kate Shepherd Cohen: firstname.lastname@example.org
Menstrual Cycle Support is a support programme, offering a non-clinical menstrual health literacy
course to its users.
Menstrual Cycle Support Ltd. must process personal data (this may at times also include sensitive
personal data) in order to deliver its menstrual literacy course. In doing so, Menstrual Cycle
Support Ltd. acts as a data controller.
Menstrual Cycle Support Ltd. will process your personal information in accordance with all
applicable laws, including the UK General Data Protection Regulations (GDPR) and the Data
Protection Act 2018 (DPA 2018).
2. WHAT IS PERSONAL DATA?
The term “personal data” means any information relating to you that identifies you, or through which
you can be identified, directly or indirectly. In particular, by reference to an identifier such as a
name, an identification number, location data, or an online identifier or to one or more factors
specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
3. THE PURPOSE OF THIS PRIVACY NOTICE
The purpose of this Privacy Notice is to explain what personal data we collect from you and how we
collect, use, store and disclose it when you use our website, or take a course we provide. This
Privacy Notice also contains information about your rights under applicable data protection
We are committed to compliance with data protection laws. We believe that ensuring data protection
compliance is the foundation of trustworthy business relationships.
It is important that you read this Privacy Notice together with any other Privacy Notice we provide.
We will issue additional Privacy Notices on specific occasions should we collect or process personal
data about you for any other purpose that is not detailed within this Privacy Notice. This Privacy
Notice supplements the other notices and is not intended to override them.
Please note that you must be at least 18 to take our course or otherwise use any of our products or
services. We do not knowingly collect personal information from children under 18 years of age.
4. HOW DO WE USE YOUR PERSONAL DATA?
We will collect data about you, both personal data (such as your name and contact details) and
Sensitive Personal Data. Sensitive Personal Data, also referred to as Special Category Personal
Data, is defined as data that needs more protection due to its sensitive nature, and which controllers
have additional obligations with regard to. This might include information about your health and well-
being, as well as your age and ethnicity.
What Day am I? Calculator
We don’t collect, process, or store any of the data that you enter while using this tool. All calculations are done exclusively in your browser, and we don’t have access to the results. All data will be permanently erased after leaving or closing the page.
V2.0 Privacy Notice
We collect your personal data for the purpose of enabling you to access menstrual
cycle information and educational services, namely in the form of a literacy course
on menstrual health.
We collect your contact information and any information you provide when signing up and taking the course to enable you to review your progress during and after taking the course.
We may also use the data for research purposes, to improve the course or promote our advocacy for increased awareness and action to increase access and support for menstrual cycle services, but we ensure that this is done on an anonymous/aggregated basis.
We may also use your personal data for marketing purposes. This may be on the basis of your
express consent or on our legitimate interests, and may include:
Providing you with information, suggestions and recommendations about other courses we
offer that are similar to one that you have already taken or enquired about (unless you have
To measure or understand the effectiveness of advertising we serve to you and others, and
to deliver relevant advertising to you, which may be based on your activity on our website(s)
or third parties’ websites (the information we use for this purpose is collected using cookies
and you can adjust your cookie settings by clicking on cookie settings on our website);
To send you our newsletter after you have signed up for it;
To contact you after you have signed up to a webinar or event.
We will only use your personal data for the purpose that we collected it and in accordance with the
law. We will not use your personal data for any other purpose without your prior consent. The only
exception to this is if it is required or permitted by law, such as where it is necessary for the
prevention, investigation, detection or prosecution of criminal offences, or the enforcement of civil
5. HOW DO WE COLLECT AND USE YOUR PERSONAL DATA?
We will collect your personal data directly from you in the following ways:
● During the sign up process;
● During the initial survey, on completion of the sign-up process;
● During a survey upon completion of the course.
All the personal information we process is provided to us directly by you for the following reason:
● To assist in providing a tailored course and appropriate materials;
We use the information that you have given us in order to:
● Provide you with a tailored course and appropriate materials;
● Provide you with updates about your progress in the course;
● Provide you with surveys to assess your circumstances before and after completing the course;
● Provide you with a report on completion of the course showing your responses to the surveys, to
enable you to assess the benefits of the course to you;
● Conduct research to assess the efficacy of the course content in providing helpful menstrual
V2.0 Privacy Notice
● Advocacy for menstrual cycle health, including promotion of Menstrual Cycle
Support Ltd’s educational content and services;
● Improvement of the course and development of educational content to promote menstrual
We may share this information in an anonymised format with Meaningful Measures Ltd. for
analytical and research purposes. This data is shared in a completely anonymous form to ensure
that it can only be used for research and never to identify you.
6. OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
The UK GDPR requires that a Controller must have a legal basis for processing personal data. More
details are provided in the Schedule of Processing but, in most instances, our legal bases for
processing your personal information are:
(a) Your consent. We obtain your consent by providing you with this notice at the point when
you sign-up for our course and requiring you to confirm your understanding and approval.
We also process Special Category Data and as such also require you to signify your consent
to that separately. You are able to withdraw your consent at any time. You can do this by
(b) Our legitimate interests. This applies in situations where we have legitimate commercial
interests in processing your data and have assessed that doing so will not infringe on your
rights. You will still have all the rights outlined in Section 10 of this notice, if you have any
queries, you can get in touch by contacting us via email@example.com.
The other legal basis that we can, or may, rely on are set out in Article 6 GDPR, and they are:
(a) We have a contractual obligation.
(b) We have a legal obligation.
(c) We have a vital interest.
(d) We need it to perform a public task.
7. HOW LONG WE WILL KEEP YOUR PERSONAL DATA
We will only keep your personal data for as long as is necessary to fulfil the purposes we collected it
for, which may include satisfying any legal, accounting, or reporting requirements. When you take
our course, we retain the information you provide to us for a period of one year following your
completion or last recorded activity on the course, although we may use the information for
research, advocacy, and analytics purposes beyond this period, in which case it will be anonymised
by removing your name, email address and other identifying information.
When calculating the appropriate retention period for your data, we consider the nature and
sensitivity of the data, the purposes for which we are processing the data, and any applicable
statutory retention periods. Using these criteria, we regularly review the personal data which we
hold and the purposes for which it is held and processed.
When we determine that personal data can no longer be retained (or where we must comply you
request us to delete your data in accordance with your right to do so) we ensure that this data is
securely deleted or destroyed.
V2.0 Privacy Notice
8. SECURITY OF YOUR PERSONAL DATA
In order to protect your personal data, we put in place appropriate organisational and
technical security measures. These measures include ensuring our internal IT
systems are suitably secure and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data
and, if required, will notify you and any applicable authority of such a breach.
Although we use appropriate security measures once we have received your personal data, you will
appreciate that the transmission of data over the internet (including by email) is never completely
secure. We endeavour to protect personal data, but we cannot guarantee the security of data
transmitted to or by us.
9. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA
To provide our services, we may need to share your personal data with third parties and suppliers
outside the UK. For instance, your personal data may be transferred to the USA due to our use of
Google Analytics to track user engagement on our webpages. The laws of the U.S. and the laws of
other countries may not offer the same protections as the laws of the UK, so we make sure to
implement appropriate safeguards to ensure that your personal data is protected, as required under
the applicable data protection legislation. For example, our contracts with our suppliers stipulate the
standards they must follow to process personal data, and we may use the EU Standard Contractual
Clauses and the UK’s International Data Transfer Agreement (or the ‘Addendum’) as is appropriate
in each case.
10. YOUR RIGHTS
You have rights under the data protection legislation and, subject to certain legal exemptions, we
must comply when you inform us that you wish to exercise these rights. There is no charge unless
your requests are manifestly unfounded or excessive. In such circumstances, we may make a
reasonable charge or decline to act on your request. Before we action your request, we may ask
you for proof of your identity. Once in receipt of this, we will process the request without undue
delay and within one calendar month. In order to exercise your rights please contact us at
You can contact us if you wish to complain about how we collect, store, and use your personal data.
It is our goal to provide the best possible remedy with regard to your complaints.
However, if you are not satisfied with our answer, you can also contact the relevant competent
supervisory authority. In the UK, the relevant supervisory authority is the ICO, contact details of
which can be found below.
Your rights in connection with personal information are set out below:
Subject Access Request – You have a right to receive a copy of all the personal data we hold
Rectification – If any of the personal data we hold about you is incomplete or inaccurate, you have
a right to have it corrected.
V2.0 Privacy Notice
Erasure – This is also known as the “right to be forgotten”. You have a right to ask us
to delete your personal data where there is no good reason for us continuing to
process it. However, certain criteria apply and if we have a legitimate reason to
continue processing your personal data, we will not be legally required to delete it.
Objection – You have a right to object where we are relying on legitimate interests as our legal
basis for processing your personal data but, in certain circumstances we may be able to continue
with the processing. For example, if we have compelling legitimate grounds which override your
interests, rights and freedoms or your personal information is needed for the establishment,
exercise or defence of legal claims. However, you have an absolute right to object to us processing
your personal data for direct marketing purposes.
Restriction – You have a right to ask us to restrict the processing of your personal data in certain
circumstances. For example, you may require us to suspend processing information about you
whilst checks are made to ensure it is accurate.
Portability – You have the right to ask us to transfer any personal data you have provided to us to
another party, subject to certain criteria being satisfied. We will provide this personal data in a
structured, commonly used and machine-readable format.
Right to withdraw consent – If you have given us your consent for the processing of your personal
data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of
the data processing carried out in the past on the basis of your consent. To exercise your right to
withdraw consent contact us at firstname.lastname@example.org.
Right to complain – If you are unhappy with the way in which your personal information has been
or is being processed, you have the right to make a complaint about it to the Information
Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
11. YOUR OBLIGATIONS
If any of your personal data changes whilst you are a user of our services, it is important that you
update the information within your account to ensure that the data we hold about you is accurate
and up to date.
12. HOW TO CONTACT US
If you wish to contact us in order to exercise any of your rights referred to above or any other data
protection matter, please contact us at email@example.com.
13. THE DATA PROTECTION PRINCIPLES
We will comply with the UK GDPR and the DPA 2018. Article 5 of the UK GDPR contains the data
protection principles, which require that personal data shall be:
V2.0 Privacy Notice
● Processed lawfully, fairly and in a transparent way.
● Collected for specified, explicit and legitimate purposes and not used in any
way that is incompatible with those purposes.
● Adequate, relevant, and limited to what is necessary.
● Accurate and, where necessary, kept up to date.
● Kept for no longer than is necessary for the purposes we have told you about.
● Kept securely.
We operate according to the principles of the UK GDPR, and PECR, regardless of the location of
the data subject.
14. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice from time to time. Updates to this Privacy Notice
will be published on our website. To ensure you are aware of when we make changes to this
Privacy Notice, we will amend the revision date at the top of this page. Changes apply as soon as
they are published on our website. We therefore recommend that you visit this page regularly to find
out about any updates that may have been made.
Version No. Author Effective Date Status/Comments
REVIEW AND APPROVAL
This policy will be reviewed regularly and may be altered from time to time in light of legislative
changes or other prevailing circumstances.
Reviewer Job Title Signed Off Date Status/Comments
Next Review Date
All policies should be reviewed at least annually or when significant change occurs to the policy
The next review date for this policy is 16/12/23