This document outlines how Redditch County Conservative Association (“the Association”) processes and manages personal data and:
All of our candidates for elected office collect and process data on behalf of the Association.
The Data Controller is Redditch County Conservative Association, a registered political association of the Conservative & Unionist Party.
If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights contact:
Data Protection Officer
Redditch County Conservative Association
F113 Faraday Business Centre
All processing is carried out by consent or either under the legitimate interest of Redditch County Conservative Association, or public interest.
These cover processing to conduct casework, campaigning and communication, and democratic engagement campaigns.
Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement. This includes fundraising activity in order to support democratic engagement.
Data held is that provided by you when you contact us and correspondence with third parties in response to cases taken up on your behalf. If you do not wish for us to contact you by telephone please do not provide this information.
The Register of Electors that councils provide to authorised persons under the Representation of the People Act is also used for electoral purposes.
Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standard that we do, and are in the UK.
Special category data will be processed under the lawful basis indicated in section 3, as is permitted in clauses 22, 23 and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.
Some service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where the transfer of your data outside of the EEA takes place we will make sure that it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.
We will use one of the following safeguards to ensure this:
Legally it is not permitted to transfer certain types of data, such as Electoral Register Data, outside of the EEA, and we honour that obligation.
Personal data will be held for no longer than necessary. Some types of data may be held for longer than others. Typically the maximum retention is two election cycles. Review of the data held will occur in each election cycle to determine whether it should be maintained or put beyond use.
Subject Access Requests are dealt with in line with the guidance given by the Information Commissioner’s Office (ICO):
If you have contacted us about a personal or policy issue, your data may be passed on to a third-party in the course of dealing with your enquiry, such as local authorities, government agencies, public bodies, health trusts, regulators, and so on. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended.
We may need to share your data with a third party, such as the police, if required to do so by law.
Data may also be shared with entities of Political Party associations, federations, branches, groups and affiliates in order to assist you or maintain contact with you in support of democratic engagement. This includes Conservative Party Headquarters (CCHQ) and Conservative Party candidates for election.
Your personal data is only used as outlined here and within your reasonable expectations based on the nature of the communication, and recognising the need of politically related engagement in wider support of democratic engagement.
At any point you have the following rights:
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the ICO are:
If you have any questions about the data held please contact the Association via the contact information on this website.
Please note that proof of identity is required should you choose to exercise any of the above rights in relation to personal data.
We retain the right to update this policy at any time. If there are changes that significantly impact your rights, we will contact you in advance if we hold contact details for you.