Mums Who Build - Privacy Policy 

Effective Date: 28 May 2025 

1. Introduction 

Mums Who Build (referred to as "MOB", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website at www.mumswhobuild.com (the "Website"), our associated services including the MOB+ paid membership, WhatsApp community groups, events, digital resources, and content (collectively, the "Platform"). 

We process your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws provide important protections for your personal information and give you rights over how your data is used. 

By using our Platform, you acknowledge that your personal data will be processed in accordance with this Privacy Policy. 

2. Data We Collect About You 

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows: 

  1. Identity Data: includes first name, last name, username or similar identifier, marital status, title, date of birth, and gender. 

  1. Contact Data: includes billing address, delivery address, email address, and telephone numbers. 

  1. Financial Data: includes bank account and payment card details (processed via third-party payment processors). 

  1. Transaction Data: includes details about payments to and from you and other details of services you have purchased from us. 

  1. Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses. 

  1. Usage Data: Information about how you interact with our Platform, including: 

  1. Pages and features visited and used 

  1. Time spent on pages and specific features 

  1. Click patterns and navigation paths 

  1. Frequency and timing of your use of the Platform 

  1. Search queries and filters applied 

  1. Content you engage with (e.g., posts viewed, resources downloaded) 

  1. Technical issues encountered 

  1. Responses to in-platform surveys or feedback requests 

  1. Device information when accessing the Platform (device type, operating system, browser type) 

  1. Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

  1. Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. 

  1. Community Data: includes content you post in WhatsApp groups, forums, comments on the Website, and interactions with other members. 

  1. Event Data: includes information provided when registering for or attending events, dietary requirements, accessibility needs, and potentially photos/videos taken at events (where consent is given or implied). 

We may also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

We do not typically collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). 

However, in limited circumstances, we may process such data: 

  1. For dietary requirements or accessibility needs for events: When you provide this information, we process it based on your explicit consent (Article 9(2)(a) of UK GDPR). 

  1. For community support purposes: If you voluntarily share health or other special category data in our community forums or WhatsApp groups, we will only process this data to the extent necessary to provide the community service you've requested. 

Any special category data we process is subject to additional safeguards, including: - Strict access controls limiting who can view this information - Retention only for the duration necessary (e.g., dietary information is deleted within 30 days after an event) - No use of this data for marketing, profiling, or automated decision-making 

You can withdraw your consent for processing this data at any time by contacting us at mobster@mumswhobuild.com. 

3. How is Your Personal Data Collected? 

We use different methods to collect data from and about you, including through: 

  1. Direct interactions: You may give us your Identity, Contact, Financial, Profile, and Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you: 

  1. Apply for our services; 

  1. Create an account on our Platform; 

  1. Subscribe to our MOB+ membership; 

  1. Join our WhatsApp groups or other community channels; 

  1. Register for or attend our events; 

  1. Subscribe to our publications; 

  1. Request marketing to be sent to you; 

  1. Give us feedback or contact us. 

  1. Automated technologies or interactions: As you interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy at www.mumswhobuild.com/cookies for further details. 

  1. Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, such as: 

  1. Technical Data from analytics providers (e.g., Google Analytics); 

  1. Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services (e.g., GoCardless) 

  1. Identity and Contact Data from publicly available sources. 

4. How We Use Your Personal Data 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  1. Where we need to perform the contract we are about to enter into or have entered into with you. 

  1. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 

  1. Where we need to comply with a legal obligation. 

  1. Where you have given us your consent. 

We use your personal data for the following purposes: 

  1. To register you as a new user or member. 

  1. To process and manage your MOB+ membership, including processing payments and providing membership benefits. 

  1. To provide you with access to the Platform, including the Website, digital resources, and community groups (like WhatsApp). 

  1. To enable you to participate in events and in-person gatherings. 

  1. To manage our relationship with you, including notifying you about changes to our terms or privacy policy. 

  1. To administer and protect our business and the Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). 

  1. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. 

  1. To use data analytics to improve our Website, products/services, marketing, customer relationships, and experiences. 

  1. To make suggestions and recommendations to you about services that may be of interest to you. 

  1. To communicate with you, respond to your inquiries, and provide customer support. 

  1. To allow you to participate in surveys, competitions, or promotions. 

  1. To comply with legal and regulatory requirements. 

5. Our Legal Bases for Processing 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  1. Performance of a Contract: Where we need to process your data to fulfil our obligations under a contract with you (e.g., providing you with access to MOB+ membership benefits). 

  1. Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights do not override these interests. We conduct a balancing test for each use of legitimate interests to ensure your rights are protected. Our legitimate interests include: 

  1. Service improvement: Analyzing how users interact with our Platform to enhance features and user experience 

  1. Security: Protecting our Platform and users from fraud, cyber attacks, and other security threats 

  1. Community management: Monitoring community interactions to enforce community guidelines and prevent abuse 

  1. Business development: Understanding how our services are used to develop new offerings 

  1. Direct marketing: Sending relevant information about our services to existing members (you can opt out of marketing at any time) 

For each of these interests, we have determined that the processing is: - Necessary to achieve the purpose - Limited in scope to what is needed - Balanced against your reasonable expectations and impact on your privacy - Mitigated with appropriate safeguards 

You can object to processing based on legitimate interests at any time by contacting mobster@mumswhobuild.com. 

  1. Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation (e.g., tax purposes, cooperating with law enforcement). 

  1. Consent: Where you have given us clear consent for a specific processing purpose (e.g., dietary information and using event photos/videos). You have the right to withdraw consent at any time by contacting us. 

6. Sharing Your Personal Data 

We may share your personal data with the following parties for the purposes set out in Section 4: 

  1. IT and System Administration Providers: - e.g. Amazon Web Services (AWS) - Cloud hosting and storage - Google Drive 

  1. Payment Processors: - e.g. GoCardless - Direct debit payment processing 

  1. Communication Services: - e.g. WhatsApp (Meta) - Community group communications - Zoom - Virtual event hosting 

  1. Analytics and Marketing: - e.g Google Analytics - Website usage analysis - Hotjar - User experience analysis - Meta (Facebook) – Social media integration and advertising 

  1. Other Service Providers: - e.g. Eventbrite - Event registration and management - SurveyMonkey - Member surveys and feedback collection 

  1. Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services 

  1. HM Revenue and Customs, regulators, and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances. 

  1. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy. 

  1. Specific partners where you have explicitly signed up for an offer or service requiring us to share your data with them (e.g., Pure Muscles Gym). 

  1. Other members of the community when you participate in community features like WhatsApp groups or forums (e.g., your username and profile information may be visible). 

Where applicable, each third-party processor is subject to contractual obligations requiring them to process data only on our instructions and implement appropriate security measures. 

7. Data Retention 

We retain different categories of personal data for different periods depending on the purpose for processing: 

  1. Account information: Retained for the duration of your membership plus 24 months after account closure 

  1. Financial and transaction data: Retained for 7 years to comply with tax and accounting regulations 

  1. Community content and interactions: Retained for the duration of your membership plus 6 months 

  1. Marketing preferences: Retained until you opt-out or close your account 

  1. Event registration data: Retained for 12 months after the event 

  1. Technical and usage data: Retained for 26 months in an identifiable form 

  1. Special category data (e.g., dietary requirements): Deleted within 30 days after the relevant event 

If you request deletion of your data, we will delete or anonymise it unless we are legally required to retain certain information or where we need to retain it in accordance with our data retention policy. We review our retention periods annually to ensure we're not keeping data longer than necessary. 

8. International Transfers 

We do not currently transfer your personal data outside the UK or European Economic Area (EEA). All our data processing activities, including storage, hosting, and analysis, take place within the UK and EEA using service providers with data centers located in these regions. 

However, if in the future we need to transfer your personal data outside the UK or EEA, we would implement appropriate safeguards to ensure your data remains protected to UK GDPR standards, including: 

  1. Only transferring to countries covered by UK adequacy regulations 

  1. Implementing approved transfer mechanisms such as the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses 

  1. Conducting and documenting transfer impact assessments before any transfers 

  1. Implementing additional technical and organisational measures where necessary 

We would update this privacy policy before making any such transfers and inform you of the specific safeguards being used. You would retain all your rights in respect of your personal data regardless of where it is processed. 

9. Data Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

10. Third-Party Links 

Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit. 

11. Children's Privacy 

Our Platform is primarily designed for adults and is not intended for individuals under 18 years of age. We do not knowingly collect or process personal data from children under 18. 

To prevent the collection of data from underage users, we implement the following measures: 1. Age verification during registration requiring users to confirm they are 18 or older 2. Terms of service that clearly prohibit underage use 3. Prompt removal of any accounts and associated data if we discover a user is under 18 

If you believe we have inadvertently collected personal data from someone under 18, please contact us immediately at mobster@mumswhobuild.com, and we will take steps to delete this information. 

For our WhatsApp community groups and events where parents might discuss their children, we advise members not to share identifiable information about children. Any such information that is shared will be treated with extra care and will not be used for marketing or profiling purposes. 

12. Your Legal Rights 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: 

  1. Request access to your personal data (commonly known as a "data subject access request"). 

  1. Request correction of the personal data that we hold about you. 

  1. Request erasure of your personal data. 

  1. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. 

  1. Request restriction of processing of your personal data. 

  1. Request the transfer of your personal data to you or to a third party. 

  1. Withdraw consent at any time where we are relying on consent to process your personal data. 

13. How to Exercise Your Rights 

You have several rights regarding your personal data. To exercise any of these rights, please contact us at mobster@mumswhobuild.com: 

  1. Access Request: To request a copy of your data, please email us with the subject "Data Access Request" specifying what information you need. We'll respond within one month. 

  1. Correction Request: To update inaccurate information, email us with the subject "Data Correction Request" detailing what needs to be corrected. 

  1. Erasure Request: To request deletion of your data, email us with the subject "Right to be Forgotten" explaining what data you want deleted. We'll confirm deletion or explain why we can't delete certain information. 

  1. Restriction Request: To request we limit processing of your data, email us with the subject "Processing Restriction Request." 

  1. Objection: To object to processing based on legitimate interests or direct marketing, email us with the subject "Processing Objection." 

  1. Data Portability: To request your data in a machine-readable format, email us with the subject "Data Portability Request." 

  1. Withdraw Consent: Where we rely on consent, you can withdraw it at any time by: 

  1. Clicking the "unsubscribe" link in marketing emails 

  1. Updating your preferences in your account settings 

  1. Emailing us with the subject "Consent Withdrawal" 

We will respond to all requests within one month. In complex cases, we may extend this by up to two additional months, but we'll inform you within the first month if this is necessary. 

There is no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. 

If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113. 

14. Changes to This Privacy Policy 

We keep our Privacy Policy under regular review. This version was last updated on 28 May 2025. Historic versions can be obtained by contacting us. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

15. Contact Us 

If you have any questions about this Privacy Policy or our data protection practices, please contact us at: 

mobster@mumswhobuild.com