This document outlines how Rachel Maclean MP for Redditch County Constituency processes and manages personal data and:
• Identifies the data controller.
• Explains the lawful basis for processing personal data.
• Outlines the personal data held and processed.
• Outlines the scope of the special category personal data held and processed.
• Outlines the process of Subject Access Requests.
1. Data Controller
The Data Controller is Rachel Maclean MP for Redditch County
If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights contact Rachel Maclean MP.
3. Lawful basis for processing
All processing is carried out by consent or either under the legitimate interest of Rachel Maclean MP, or public interest. These cover processing to conduct casework, campaigning and communication. Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement. This includes fundraising activity in order to support democratic engagement.
4. Data sources
Data held is that provided by you when you contact us and correspondence with third parties in response to cases taken up on your behalf. The Register of Electors that councils provide to authorised persons under the Representation of the People Act is also used for electoral purposes.
5. Data Security
Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standard that we do, and are in the UK.
6. Special category data
Special category data will be processed under the lawful basis indicated in section 3, as is permitted in clauses 22, 23 and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.
7. Transferring your data outside of the European Economic Area
Some service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where the transfer of your data outside of the EEA takes place we will make sure that it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.
We will use one of the following safeguards to ensure this:
• Where the European Commission has issued an adequacy decision determining that a non-EEA country or organisation ensures an adequate level of data protection.
• A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the EEA.
• The transfer is to an organisation that complies with the EU-US Privacy Shield.
Legally it is not permitted to transfer certain types of data, such as Electoral Register Data, outside of the EEA, and we honour that obligation.
8. Data retention policy
Personal data will be held for no longer than necessary. Some types of data may be held for longer than others. Typically the maximum retention is two election cycles. Review of the data held will occur in each election cycle to determine whether it should be maintained or put beyond use.
If you leave a comment on this website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
9. Subject Access Requests
Subject Access Requests are dealt with in line with the guidance given by the Information Commissioner’s Office (ICO):
• We will request verification of the identity of any individual making a request, and ask for further clarification and details if needed.
• We will respond within 28 calendar days once we have confirmed it is a legitimate request.
• Data subjects have the right to the following:
o To be told whether any personal data is being processed
o To be given a description of the personal data, the reasons it is being processed and whether it will be given to another organisations or people.
o To be given a copy of the information comprising the data, and given details of the source of the data where this is available.
10. Will we share your data with anyone else?
If you have contacted us about a personal or policy issue, your data may be passed on to a third-party in the course of dealing with your enquiry, such as local authorities, government agencies, public bodies, health trusts, regulators, and so on. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended.
We may need to share your data with a third party, such as the police, if required to do so by law.
Visitor comments may be checked through an automated spam detection service.
Data may also be shared with entities of Political Party associations, federations, branches, groups and affiliates in order to assist you or maintain contact with you in support of democratic engagement.
Your personal data is only used as outlined here and within your reasonable expectations based on the nature of the communication, and recognising the need of politically related engagement in wider support of democratic engagement.
11. Data Rights
At any point you have the following rights:
• Right of access – you have the right to request a copy of the information held about you.
• Right of rectification – you have a right to correct data held about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data held about you to be erased from our records.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.
12. Making a complaint
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the ICO are:
If you have any questions about the data held please contact Rachel Maclean MP via the contact information on this website.
Please note that proof of identity is required should you choose to exercise any of the above rights in relation to personal data.
We retain the right to update this policy at any time. If there are changes that significantly impact your rights, we will contact you in advance where we hold contact details for you.
This website uses a number of cookies to help customise your experience.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded Content from other Websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Akismet: We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).