Canterbury Constituency Conservative Association
For details of our GDPR policy, please scroll down.
Who we are:
We are the Canterbury Conservative Association, and we are a part of the Conservative and Unionist Party, commonly known as the Conservative Party (The Party). As such we are a part of the “wider Conservative family” referred to in the Privacy Notice published on the national party’s website, and this Privacy Notice should be read in conjunction with that, available at www.conservatives.com/privacy and we process data and comply with the standards as set out in that policy.
We undertake our own local campaigning and fundraising activities, and for these we are the data controller. For membership matters and some campaigning we are a data processor acting on behalf of the Party.
Contacting us about Data Protection:
If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights you can contact us at:
Canterbury Constituency Conservatives
58-60 Wincheap, Canterbury CT1 – 3RS
The association will process your data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
For further information about the information we collect, our legal basis for processing it, and who we share it with, please go to www.conservatives.com/privacy
How we protect your data:
The security of your data is paramount to us, and as such we ensure that appropriate technical and organisational measures are in place to protect it. We constantly review our measures to ensure that your data is protected from any threats that may emerge.
Your rights over your data
Right of access to your data
You have the right to request a copy of your personal information that we hold. This is commonly known as a Subject Access Request.
We follow the ICO’s “Subject Access Code of Practice” when dealing with requests for access to personal data. You can read this code by visiting https://ico.org.uk/media/for-organisations/documents/2014223/subject-access-code-of-practice.pdf
Right of rectification of your data
You have the right to request that inaccurate or incomplete information that we hold about you is corrected.
Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records. When we do so, we keep the bare minimum of your information in order to continue to respect your wishes when your personal data is next provided to us by a local authority, which is at least annually.
Right to restriction of processing
You have the right to request that we restrict the processing of your data where you are contesting the accuracy of the data or when the data has been unlawfully processed.
Right to data portability
You have the right to have the data we hold about you transferred to a third party organisation and you can ask that we provide it in a machine readable format.
Right to object
You have a right to opt out of your data being used for direct marketing.
If we process your data on the basis of “legitimate interests” or “a task carried out in the public interest” then you have the right to object to us using your data in that way. This right is not absolute and we may continue to process your data if we can demonstrate compelling legitimate grounds for the processing.
Automated individual decision-making, including profiling
We may use computer software to make decisions about you or to create a profile about you. You have the right not to be subject to such a decision or to that profiling where it creates legal effects concerning you or where it significantly affects you.
Making a complaint
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to our Party Headquarters:
Conservative Campaign Headquarters
4 Matthew Parker Street
020 7984 8005.
If you are not satisfied with the outcome of this, you may contact the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.
The contact details for the Information Commissioner’s Office are:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
- Telephone: 0303 123 1113
GDPR Legitimate Interests Assessment
Canterbury Constituency Conservative Association has two lawful reasons for processing individuals’ data:
- Public task: it is necessary for us to process individuals’ data to promote voter participation in local, county, national and other elections and referenda.
- Legitimate interest: it is necessary to process individuals’ data garnered from public records (e.g. the electoral roll) to encourage voter participation in all relevant elections.
Conservative Party Members have also given their express permission to be contacted by groups within the Conservative Party.
Statement of Canterbury Constituency Conservative Association’s Data Protection measures and Legitimate Interest Assessment:
reviewed the purposes of our processing activities and selected the most appropriate lawful basis (or bases) for each activity.
checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
documented our decision on which lawful basis applies to help us demonstrate compliance.
included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
We do not:
process special category data.
process criminal offence data.
offer online services directly to children.
use pre-ticked boxes or any other type of default consent.
penalise individuals who wish to withdraw consent.
Requesting, recording and managing consent
We have checked if consent is the most appropriate lawful basis for processing.
We have made the request for consent prominent and separate from our terms and conditions.
We ask people to positively opt in.
We use clear, plain language that is easy to understand.
We specify why we want the data and what we are going to do with it.
We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.
We name our organisation and any third party controllers who will be relying on the consent.
We tell individuals they can withdraw their consent.
We ensure that individuals can refuse to consent without detriment.
We avoid making consent a precondition of a service.
We keep a record of when and how we got consent from the individual.
We keep a record of exactly what they were told at the time.
We regularly review consents to check that the relationship, the processing and the purposes have not changed.
We have processes in place to refresh consent at appropriate intervals, including any parental consents.
We consider using privacy dashboards or other preference-management tools as a matter of good practice.
We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
We act on withdrawals of consent as soon as we can.
The management team of the Canterbury Constituency Conservative Association made the decision that processing is necessary for us to perform a task in the public interest at a special meeting on 4th May 2018.
We hold personal data (including names, postal and email addresses, telephone numbers, and bank details) relating to individual members who have given us their consent to process this data. We also have access to data on individual voters provided through the electoral roll. This data is accessed by officials and members of the Conservative Party for the purpose of political campaigning.
We have procedures in place to detect, report and investigate a personal data breach and we have carried out an information audit.
J Gilbey is designated as having responsibility for our data protection compliance and they have the right to attend all meetings of the Canterbury Constituency Conservative Association management team and executive council.
Approved by the Canterbury Constituency Conservative Association on 24May18.
Amy Baker is the Designated Data Protection Officer