Data Protection and Privacy Policy:
This privacy policy sets forth how Robert Jenrick processes and manages personal data in his role as a political candidate in an election or as a Member of Parliament. Only his staff, under his direction will process personal data.
1. Data Controller
The Data Controller is Robert Jenrick of 29 London Road, Newark, NG24 1TN.
2. Contact
If you have any questions about this policy, require more information about how we use your data, or would like to exercise any of your rights contact Robert.Jenrick.MP@Parliament.uk.
3. Lawful basis for processing, source, sharing and security
All processing is carried out under one of the following lawful bases: By consent, under legitimate interest or public interest. These cover processing to conduct casework, campaigning and communication. Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement, and may be used for fundraising activity.
The Personal Data processed primarily comes from what you provided consensually to us, together with correspondence with third parties in response to any assistance given on your behalf. Some personal data may also arise from your participating in a survey or petition. If you do not wish for Robert’s team to contact you by telephone, please do not provide your number. Personal data obtained in this way may be combined with information from the Register of Electors that councils provide to authorised persons under the Representation of the People Act, and this will be used for electoral purposes.
To assist with some matters, or comply with legal obligations, your personal data may be passed on to a third-party in the course of dealing with your enquiry, such as local authorities, government agencies, public bodies, health trusts, police, regulators, and so on. Any third parties that we may share your data with are obliged to keep your details securely, and use them only for the basis upon which they were originally intended.
Unless otherwise specified, personal data may also be shared with Robert’s political party entities; such as his political party association, federation, branches, groups and affiliates in order to assist you or maintain contact with you in support of democratic engagement.
Your personal data is only used as outlined here and within your reasonable expectations based on the nature of the communication, recognising the need of politically related engagement in wider support of democratic engagement.
Personal data is stored electronically and securely.
4. Special category data
Special category data will be processed with your consent or under the lawful basis as is permitted in clauses 22, 23 and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.
5. Transferring your data outside of the European Economic Area
The EU GDPR adequacy decision means that data can continue to flow between the UK and the European Economic Area (EEA). Some service providers may be located outside of the EEA and therefore it may be necessary to transfer your personal data outside of the EEA. Where the transfer of your personal data is outside of the EEA, it will be subject to contractual terms to ensure that it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.
We will use one of the following safeguards to ensure this:
• Where the UK or European Commission has issued an adequacy decision determining that a non-EEA country or organisation ensures an adequate level of data protection, but always ensuring it meets UK requirements.
• A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the EEA.
6. Data retention policy
Personal data that is normally held for a maximum of two election cycles, but it is annually reviewed, to ensure it is not processed for longer than is necessary. If determined that personal data is no longer required, it will be put beyond use.
7. Subject Access Requests
We will request verification of the identity of any individual making a request, to ensure we protect the data subject’s personal data and only release information to those entitled to it. We may ask for further clarification to properly understand a request to enable a response within one calendar month, but the time for a reply only starts once we have confirmed it is a legitimate request that is clearly understood by us. In accordance with ICO guidelines, we keep a log of Subject Access Requests that contains details of the request, and personal data is part of that.
8. Data Rights
Data Subjects inter alia have the following rights:
• Right to be informed and of access – you have the right to request a copy of the information held about you.
• Right of rectification – you have a right to correct data held about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data held about you to be erased from our records.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: If we refuse your request under rights of access, we will provide you with a reason why. You may then have the right to complain to the Information Commissioner.
9. Making a complaint
If you are unhappy with the way that we have processed or handled your personal data, then you have a right to complain to the Information Commissioner’s Office (ICO). The contact details for the ICO are:
• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Telephone: 0303 123 1113
• Website: https://ico.org.uk/concerns/
We retain the right to update this policy at any time. Please periodically review these terms.