This document outlines how Sir John Whittingdale processes and manages personal data and identifies the data controller. It explains the lawful basis for processing personal data, the information held and processed, how special category data is handled, and the process for Subject Access Requests.
The Data Controller is Sir John Whittingdale.
If you have any questions about this policy, require further information about how your data is used, or wish to exercise your rights, please contact Sir John Whittingdale using the contact details on this website.
Processing is carried out by consent, under the legitimate interests of Sir John Whittingdale, or where necessary in the public interest. These lawful bases support constituency casework, communication and democratic engagement, including campaigning and fundraising activity.
Data held includes information provided by you when contacting the office and correspondence with third parties where cases are taken up on your behalf. Electoral register data may also be used for electoral purposes where permitted by law.
Personal data is stored electronically and securely. Service providers are required to meet appropriate standards of security and compliance.
Special category personal data may be processed where necessary under the provisions of the Data Protection Act 2018 covering political representatives and democratic engagement.
Some service providers may be located outside the European Economic Area. Where data is transferred, safeguards are applied to ensure it is protected to equivalent standards.
Certain types of data, including electoral register data, are not transferred outside the EEA.
Personal data is held only for as long as necessary. Retention periods vary depending on the nature of the data, but typically do not exceed two election cycles. Data is reviewed regularly to determine whether it should be retained or securely disposed of.
Requests are handled in line with guidance from the Information Commissioner’s Office. Identity verification may be required and responses are issued within statutory timeframes.
Where you contact the office about an issue, information may be shared with relevant organisations such as local authorities, government departments, public bodies, health services or regulators in order to progress your enquiry. Third parties are required to use the information only for the purpose provided.
Data may also be shared where required by law, or with relevant political organisations where necessary to support democratic engagement and constituent assistance.
If you are unhappy with how your data has been processed, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns/
If you have questions about data held by this office, please make contact using the details provided on this website.
Proof of identity may be required when exercising your rights. This policy may be updated from time to time to reflect changes in legislation or working practices.