PRIVACY NOTICE FOR CONSTITUENTS

PRIVACY NOTICE FOR CONSTITUENTS

In line with our responsibilities under the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, this Privacy Notice explains the personal data that we collect from constituents and how we use the information.

 

1. Data Controller

The Data Controller is Rebecca Harris MP. If you have any questions about this policy or require more information or would like to exercise any of your rights then please contact Rebecca Harris MP.

 

2. The personal data we collect, the purpose and lawful basis for processing

All processing is carried out by consent or either under the legitimate interest of Rebecca Harris MP or public interest.  These cover processing to conduct casework, campaigning and communication.  Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement.  This includes fundraising activity in order to support democratic engagement.

Data held is that provided by you when you contact us and correspondence with third parties in response to cases taken up on your behalf. We may also hold data that you provide when we contact you – for instance, if we ask you to participate in a survey or petition. If you do not wish for us to contact you by telephone please do not provide this information. We perform a database lookup automatically upon any form submission to include electoral boundary data. The Register of Electors that councils provide to authorised persons under the Representation of the People Act is also used for electoral purposes.

We collect a variety of personal data about constituents which are case dependent. This includes but is not restricted to;

  • Your name, address, personal contact details including email address and telephone number
  • Personal data including National Insurance numbers provided for obtaining guidance and support on employment or pensions;
  • Medical information including NHS numbers, medical conditions and if necessary on your health and wellbeing;
  • Images captured such as photos, videos and CCTV;
  • Passport details and any application numbers for any passport renewal, visas etc related to any travel;
  • Financial information such as bank accounts and card details used for financial services

The lawful bases for processing are set out in Article 6 of the UK GDPR:

  • UK GDPR Article 6 (1)(a) – We ask your consent.
  • UK GDPR Article 6 (1) (c) – Your data is processed for us to comply with the law.
  • UK GDPR Article 6 (1) (e) – As above, it is necessary for us to perform a task in the public interest or to carry out our official functions.
  • UK GDPR Article 6 (1) (f) – It is in your, or a third party’s, legitimate interest to process your data for official purposes.

Special Categories of Data:

  • personal data revealing racial or ethnic origin;
  • personal data revealing political opinions;
  • personal data revealing religious or philosophical beliefs;
  • personal data revealing trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life;
  • data concerning a person’s sexual orientation.

Special category data will be processed under the lawful basis indicated above, and under UK GDPR Article 9 (2)(a) if you have given explicit consent to the processing of those personal data for one or more specified purposes. This is permitted in Clauses 22, 23 and 24 of Schedule 1 of the Data Protection Act 2018, covering political parties and elected representatives.

 

3. Will we share your data with anyone else?

If you have contacted us about a personal or policy issue, your data may be passed on to a third-party in the course of dealing with your enquiry, such as local authorities, government agencies, public bodies, health trusts, regulators and so on. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended.

We may need to share your data with a third party, such as the police, if required to do so by law.

Unless otherwise specified, data may also be shared with entities of political party associations, federations, branches, groups and affiliates in order to assist you or maintain contact with you in support of democratic engagement.

Casework and other submissions from the Contact form are sent directly to their destination. The nature of enquiries are not retained directly on the website, but this information is available for a limited period on the Bluetree servers in the UK for access only in the event of a police investigation. Your name and contact details submitted via the Contact form are only retained on the website if you grant consent to join the email subscriptions list. Anonymised data from the Contact form is retained for benchmarking purposes.

Your personal data is only used as outlined here and within your reasonable expectations based on the nature of the communication and recognising the need of politically related engagement in wider support of democratic engagement.

 

4. How we retain your personal data

Personal data will be held for no longer than necessary. Some types of data may be held for longer than others. Typically, the maximum retention is two election cycles although this is determined on a case-by-case basis. Review of the data held will occur in each election cycle to determine whether it should be maintained or put beyond use. We also comply with the ICO's expectation guidelines relating to petitions.

 

5. Your Data Rights

At any point you have the following rights:

• Right of access – You have the right to request a copy of the information held about you.

• Right of rectification – You have a right to correct data held about you that is inaccurate or incomplete.

• Right to be forgotten – In certain circumstances you can ask for the data held about you to be erased from our records.

• Right to object – You have the right to object to certain types of processing, such as direct marketing.

• Right to object to automated processing, including profiling – You also have the right to be subject to the legal effects of automated processing or profiling.

• Right to judicial review - If our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.

 

6. Making a complaint

If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the ICO are:

• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

• Telephone: 0303 123 1113

• Website: https://ico.org.uk/concerns/

 

If you have any questions about the data held please contact Rebecca Harris MP.

Please note that proof of identity is required should you choose to exercise any of the above rights in relation to personal data.