Ribble Valley Conservative Association Data Protection Policy
The text below outlines how the Ribble Valley Conservative Association processes and manages personal data. It:
1) Identifies our data controller;
2) Provides our lawful basis for processing personal data;
3) Outlines the scope of personal data we hold and process;
4) Outlines the scope of the special category personal data we hold and process;
5) Describes and justifies our data retention policy;
6) Shows how we intend to respond to Subject Access Requests
What is the GDPR?
The General Data Protection Regulations apply from the 25th May 2018. It applies to both data controllers and processors.
- A controller controls how and why personal data is processed.
- A processor acts on the controller's behalf.
Within Ribble Valley Conservative Association the organisation is the controller and authorised users of our database are processors..
1. Data Controller
The Data Controller is the Chairman of the Ribble Valley Conservative Association, Mr. David Peat.
2. Lawful basis for processing
Personal data contained in the political Ribble Valley Conservative Association Mailing List is processed under the lawful basis of public task and legitimate interest: It is necessary for us to process individuals’ data to promote voter participation in local, county, national and other elections and referenda. Furthermore it is also necessary to process individuals’ data garnered from public records (e.g. the electoral roll) to encourage voter participation in all relevant elections. It does not fall within the definition of direct marketing.
Conservative Party Members have also given their express permission to be contacted by groups within the Conservative Party.
Who can access your data?
Access to Ribble Valley Conservative Association Data is determined by need and authenticated users only are permitted to access this data.
The management team of the Ribble Valley Conservative Association made the decision that processing is necessary for us to perform a task in the public interest at a meeting on 06h November 2018.
3. Data we hold
As of 25th May 2018, the office holds information on 78,198 number of constituents held on the Conservative Vote Source System which incorporates the most recent copy of the published Electoral Register for the Ribble Valley Constituency which incorporates the Borough of Ribble Valley, and the nine Borough of South Ribble wards of Bamber Bridge East, Bamber Bridge West, Coupe Green and Gregson Lane, Farington East, Farington West, Lostock Hall, Samlesbury and Walton, Walton-le-Dale East and Walton-le-Dale West. This data is accessed by officials and members of the Conservative Party for the purpose of political campaigning.
We operate a mostly paperless office in terms of data collection. Personal data is stored electronically and securely on our computer systems. Our systems are in offices which are locked when unattended.
The Office also maintains a mailing list of our membership and supporters. These subscribers receive Associations Newsletters and information about upcoming events and campaigning. Personal data we hold in this regard includes:
▪ Names, postal and email addresses, telephone numbers, and bank details for collection of membership subscriptions by Standing Order relating to individual members who have given us their consent to process this data.
4. Special category data we hold
The office may also hold special category data for a smaller number of data subjects. This data will be processed under the lawful basis indicated in point two, as is permitted in clauses 23 and 24 of schedule 1 of the Data Protection Act. The data may include:
▪ Political opinions
▪ Religious beliefs
▪ Trade union activities
▪ Sexual orientation
▪ Race and ethnic origin
▪ Details of criminal offenses
▪ Physical and mental health
5. Data retention policy
Ribble Valley Conservative Association retains personal data for no longer than is necessary, but as we use data for campaigning purposes, we will not remove your data unless you leave the Party, or have asked for your data to be removed. We keep a list of ex-members for our internal records. If a former member would like to be removed then we will do so in accordance with the rules and regulations.
Data that cannot be removed includes:
- Any booking information where there is a cost involved, as your details form part of our annual accounts.
6. Subject Access Requests
We will comply with Subject Access Requests in line with the guidance given by the Information Commissioners Office (ICO).
i. We will respond as quickly as possible, within 30 calendar days.
ii. We will request verification of the identity of any individual making a request, and ask for further clarification and details if needed.
iii. Data subjects have the right to the following:
A. To be told whether any personal data is being processed
B. To be given a description of the personal data, the reasons it is being processed and whether it will be given to another organisations or people.
C. To be given a copy of the information comprising the data, and given details of the source of the data where this is available.
7. Privacy notice
Our office will undertake to ensure all members and supporters sharing their personal data can have the opportunity to read our privacy notice. We will:
i. Publish our privacy notice on the Associations website https://www.ribblevalleyconservatives.com
ii. Add a link to our privacy notice to staff email signatures, and to our email signature.
iii. Add a link to our privacy notice on our auto-response on Microsoft Outlook.
iv. Direct individuals who contact us via letter and telephone to our privacy notice online, or supply them with a paper copy if needed.
This privacy notice relates to the personal data processed by the Ribble Valley Conservative Association in relation to membership and policy queries.
Who is the Data Controller?
The Data Controller is David Peat, Chairman of the Ribble Valley Conservative Association.
What does the Office do?
The office discharges the duties and functions of the Ribble Valley Conservative Association. As part of this work, we conduct membership work and respond to policy queries, for which we must process personal data of our members. We also manage a small, -political mailing list for the purpose of sending Ribble Valley Conservative Association’ information about upcoming events.
How do we process data?
This office processes members and supporters data under the lawful basis of public task. In instances where this lawful basis is not sufficient and explicit consent is required, a member of the office will contact you to establish your consent. Data Protection Policy v.1.2 – 06th November 2018
We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Will we share your data with anyone else?
If you have signed up as a member of the association, we will pass your personal data head office of the Conservative and Unionist Party.
We will not share the personal information of members of the Ribble Valley Conservative Association mailing list or those in receipt of E-Mail Correspondence.
In any case, we will not use your personal data in a way that goes beyond your reasonable expectations in contacting us.
What rights do I have to my personal data?
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to be Forgotten/Erasure
We will adhere to any requests where you want your personal details deleted from our database. According to the GDPR, you have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
If any of the above applies, please email the Data Controller with your name, any other email addresses you may be registered with and your home address, so we can ensure that all your personal data is erased.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
Data Protection Policy v.1.2 – 06th November 2018
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.
How can I contact somebody about my privacy?
You can get in touch with our office by letter, email or telephone using the details at the foot of this page.
Please note that we will ask for identification should you choose to exercise any of the above rights in relation to personal data we hold.
9 Railway View Avenue,
Tel. 01200 425 939