We are the Luton Federation for the Conservative and Unionist Party, commonly known as the Conservative Party (The Party) and we are Registered as a political party with the Electoral Commission under registration PP52 and a Registered Data Controller with the Information Commissioner’s Office (ICO) under registration number ##Update with data controller number##
The Party will process your data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Contacting us about Data Protection:
If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights you can contact our Data Protection Officer at:
Beech Hill Conservative Club
You may contact us by e-mail at email@example.com
You may call us at +44 01582 729511.
What information do we collect?
The types of personal information that we may collect about you include:
- Date of birth
- Contact Details (e.g. address, email address, telephone number, mobile number, social media)
- Communication Preferences
- Direct Marketing Preferences
- Electoral Register Data
- Demographic data
- Financial transaction data
- Opinions on topical issues
- Issues that you raise with us
- Family connections
- IP address, cookies and other technical information that you may share when you interact with our website
- Commercially available data – such as consumer, lifestyle, household and behavioural data
- Publicly available data
We may also collect special categories of information such as:
- Political Opinions
- Voting intentions
- Racial or ethnic origin
- Religious views
How we collect data
We collect data about you in the following ways:
Provided by you (Directly):
- In person, when you speak to one of our representatives or volunteers
- Through a telephone call, either where you call us or we call you
- On paper, such as if you return a printed survey or a reply slip on a leaflet
- Digitally, such as if you fill in a form on a website or interact with the Party online via our website or social media platforms
- When you offer or ask about volunteering, or take part in party activities
- When you enter into a transaction with the Party, such as donating, joining, purchasing a product or paying for an event
- When you consent to receiving marketing emails etc
- When you attend a conference or campaign event
Third Party Sources (Indirectly):
- When data is shared with us from the wider Conservative Party
- Indirectly from publicly accessible sources or other public records, including the full electoral register to which the Party is legally entitled
- On social media platforms, where you have made the information public, or you have made the information available in a social media forum run by the Party
- From commercial organisations with whom we have a contract guaranteeing full data protection compliance.
- CCTV, if you visit Luton Conservative Party Headquarters
The Party is legally entitled to, and receives, the electoral registration records of all electors in the United Kingdom by Councils across the United Kingdom as per The Representation of the People (England and Wales) (Amendment) Regulations 2002 and the Representation of the People Regulations 2001 in Scotland.
We collect data with the intention of using it primarily for political activities.
The Conservative Party uses the data that we collect about you in order to build a picture of you and the United Kingdom electorate. We use automated means to analyse this variety of data and collate it (sometimes referred to as “profiling”). For example we may combine electoral register data, commercially available modelled consumer data and publicly available data from the land registry in order to make a prediction about your lifestyle and habits. We do this in order to:
- understand the matters and issues that are likely to be of relevance and significance to you and better inform our future policies if our predictions are incorrect,
- decide whether we send you our campaigning materials,
- select what campaigning material we send to you and which messages we put on it,
- evaluate whether we think you are likely to vote and for whom you will likely vote for during an election or a referendum,
We have determined that this kind of automation and profiling does not create legal or significant effects for you. Nor does it affect the legal rights that you have over your data.
How we use your information and why we are allowed to use it:
How your data is used is protected by law and we only use your data where we have an acceptable reason for doing so. The reasons we process your data are:
- In pursuit of an activity that supports or promotes democratic engagement (Public Interest), or
- When it is our legal duty (legal obligation), or
- When you provide consent (consent), or
- In order to fulfil a contract with you (contract), or
- When we have a legitimate interest (legitimate interest).
The law restricts the processing of what is termed “special categories of personal data”. The work of the Conservative Party, and the wider Conservative Party, is deemed to be of substantial public interest and therefore we are permitted to process special categories of personal data relating to your political opinions and voting intentions.
The table below lists examples of how we use your data and our justification and legal basis for it.
Legal Basis and justification
Canvass Political Support
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interest to identify Conservative supporters
Send you messages about our campaigns and policies, including via social media adverts
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interest to inform the electorate about what the Conservative Party is doing
Contact you about issues or queries that you have told us about
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interests to engage with the electorate
Process and record voting intentions and political opinions
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interest to understand the electorate and identify Conservative supporters
Send you surveys and process your responses
In pursuit of an activity that supports or promotes democratic engagement
Process your application for membership and administration of your membership
Contractual necessity and our legitimate interest in engaging with our membership base
Send you information by post about fundraising activities to support the Party
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interests to raise funds for the Party.
Process your donation and checking your eligibility to donate
We have a legitimate interest to process your donation and a legal duty to check your eligibility to donate amounts of more than £500
Assess suitability of prospective members and donors using publicly available sources
We have a legitimate interest to ensure that our members and donors will not bring the Party into disrepute
Send you electronic messages about our campaigns
When you sign up to receive emails from the Conservative Party you are providing us with your consent to process your data for these purposes
Identifying potential supporters using commercially available modelled data
In pursuit of an activity that supports or promotes democratic engagement and our legitimate interests to identify Conservative supporters
Conduct anonymised market research
We have a legitimate interest to get a sense of general political opinion across the UK
Our legitimate interests:
Our objective is to promote our values and to elect Conservative candidates at every level of government across the United Kingdom, or when we campaign in referenda. In order to do this we rely upon the support of our members, donors, volunteers and supporters. We rely on being able to communicate and engage with the United Kingdom Electorate and those eligible to vote.
As a member: If you join the Party we have a legitimate interest in processing your data and contacting you about all aspects of your membership including information about your entitlements as a member and about Party events; either by post or by electronic means. The party is run by its members and therefore we have a legitimate interest in member engagement and retention. If you do not renew your membership with the Party we will continue to send you information about the Conservative Party, including information on how to rejoin, for a reasonable period after your membership lapses. We also have a legitimate interest to retain your data after your membership lapses, as well as a legal duty to keep a record of the financial transaction.
As a donor: If you donate money to the Party then we have a legitimate interest in processing and retaining your information and to send you marketing about our fundraising activities; either by post or by electronic means. We justify this because our activities are funded by donations. For donations over certain thresholds we also have a legal obligation to report it to our regulator, the Electoral Commission, who will publish certain details on their website.
As a volunteer: If you volunteer for the Party or enquire about volunteering for the Party, and are not a member, we have a legitimate interest in processing and retaining your information and contacting you about volunteering opportunities. We justify this because of the vital function that volunteers perform both during and outside of elections.
If you attend an event: If you attend one of our events such as Party conference or one of our social events, and are not a member of the Party, we have a legitimate interest in retaining your information and to send you marketing about future similar events which we think might be of interest to you; either by post or by electronic means. We have a legitimate interest in inviting people to our events in order to raise vital funds for the Party and have determined that attendees would expect to receive such communications from us.
Much of the work of the Party is conducted by the wider Conservative Party. For this reason we have a legitimate interest in sharing certain personal information with the wider Party when it is necessary for our campaigns or activities.
Whilst a lot of our political activities are considered to be tasks carried out in the public interest, we also have a legitimate interest to carry out these tasks. We justify this due to our defined objective as a political party.
You will always have the opportunity to opt out of receiving any messages from the Conservative Party or to exercise any of your legal rights.
We are committed to respecting your rights over your data and in some circumstances we will have a legitimate interest to continue to process your data even where you have exercised one of your rights. For example if you request that we stop processing your data for purposes of direct marketing then we justify keeping a record of this request in order to ensure that your wishes are respected.
Data Processed with your Consent
Where we use consent as our legal basis for processing your data, or process special categories of your data on the basis of your explicit consent, you have the right to withdraw your consent at any time. This does not affect our right to process your data before you decide to withdraw your consent.
Who we share your data with:
We will never sell your data but sometimes it is necessary to share your information, either within the wider Conservative Party, or with our service providers and data processors. Data is only ever shared where we have a justification and when the law allows us to do so.
We share data with:
- The wider Conservative Party
- Business associates and professional advisers
- Service providers
- Financial organisations – such as credit card payment providers
- Political organisations
- Elected representatives
- Regulatory bodies
- Market researchers
- Healthcare and welfare organisations
- Law enforcement agencies
Where we use a service provider to process your data on our behalf we will ensure that this processing is governed by a legally enforceable contract which sets out their responsibilities for protecting your data and your rights.
Where we share data with the wider Conservative Party we ensure that the recipient of the data signs an undertaking that they will use the data only for the purposes for which it was provided and will take necessary measures to ensure its security. Members of the wider Party receive training on data protection.
Transferring your data outside of the European Economic Area
Some of our service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where we do transfer your data outside of the EEA we will make sure that it is protected in the same way as if the data was inside the EEA.
We will use one of the following safeguards to ensure this:
- Where the European Commission has issued an adequacy decision determining that a non-EEA country or organisation ensures an adequate level of data protection.
- A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the EEA.
- The transfer is to an organisation that complies with the EU-US Privacy Shield.
We are not permitted to transfer Electoral Register Data outside of the EEA.
How long we retain your data for
We constantly review the data that we hold and regularly review its relevance and our need to hold onto it. Whilst we do not set finite periods for data retention we use several factors to determine whether we need to hold onto the data. Factors we take into consideration are:
- Retention periods as required by law – for example the Conservative Party is under a statutory duty to retain financial information for a period of 6 years,
- The purpose for which the data was provided or obtained,
- Our legitimate interests in holding onto your data,
- Whether holding onto your data will infringe your rights over your data,
- Legal and regulatory obligations that may require reference to your data,
Log Files and Statistics
How we protect your data:
The security of your data is paramount to the Party and as such we ensure that appropriate technical and organisational measures are in place to protect it. We constantly review our measures to ensure that your data is protected from any threats that may emerge.
Your rights over your data
Right of access to your data
You have the right to request a copy of your personal information that we hold. This is commonly known as a Subject Access Request.
We follow the ICO’s “Subject Access Code of Practice” when dealing with requests for access to personal data. You can read this code by visiting https://ico.org.uk/media/for-organisations/documents/2014223/subject-access-code-of-practice.pdf
Right of rectification of your data
You have the right to request that inaccurate or incomplete information that we hold about you is corrected.
Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records. When we do so, we keep the bare minimum of your information in order to continue to respect your wishes when your personal data is next provided to us by a local authority, which is at least annually.
Right to restriction of processing
You have the right to request that we restrict the processing of your data where you are contesting the accuracy of the data or when the data has been unlawfully processed.
Right to data portability
You have the right to have the data we hold about you transferred to a third party organisation and you can ask that we provide it in a machine readable format.
Right to object
You have a right to opt out of your data being used for direct marketing.
If we process your data on the basis of “legitimate interests” or “a task carried out in the public interest” then you have the right to object to us using your data in that way. This right is not absolute and we may continue to process your data if we can demonstrate compelling legitimate grounds for the processing.
Automated individual decision-making, including profiling
We may use computer software to make decisions about you or to create a profile about you. You have the right not to be subject to such a decision or to that profiling where it creates legal effects concerning you or where it significantly affects you.
Making a complaint
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.
The contact details for the Information Commissioner’s Office are:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
- Telephone: 0303 123 1113
- Website: https://ico.org.uk/concerns/
What are subject access requests?
Individuals have the right to access the personal data and supplementary information we hold about them. This allows them to be aware of, and verify the lawfulness of, you processing this data.
An individual is only entitled to their own personal information.
Under the General Data Protection Regulation (GDPR), we:
- must provide the information free of charge
- must comply within 1 month
- should provide the information in a commonly used electronic format, if the request was made electronically
Subject Access Requests
Who deals with subject access requests?
The Luton Federation’s Data Protection Officer will deal with all subject access requests received. This is based on advice from the Information Commissioner’s Office’s guidance.
How we will respond to subject access requests
On receiving a request, our Data Protection Officer will contact the individual via phone to confirm the request was made. We will then verify the identity of the person making a request using ‘reasonable means’. Generally, this means we will ask for two forms of identification.
In most cases, we will provide the information within 1 month, and free of charge. If the request is complex or numerous, we can comply within 3 months, but we will inform the individual of this within 1 month and explain why the extension is necessary.
If the request is made electronically, we will provide the information in a commonly used electronic format.
We recognise that holidays and weekends are counted in the response time and if we receive a request in the holidays, we will still respond within the same time frame.
In the event that we must access for ID to be provided, the one month timeframe will commence on receipt of the identification.
‘Unfounded or excessive’ requests
If the request is unfounded or excessive, we will either:
- charge a reasonable fee for you to comply, based on the administrative cost of providing the information
- refuse to respond
- comply within 3 months, rather than the usual deadline of 1 month; however, we will always inform the individual of this and will explain why
Usually, ‘unfounded or excessive’ means that the request is repetitive, or asks for further copies of the same information.
Refusing a request
When we refuse a request, we will:
- respond to them within 1 month
- explain why we are refusing the request
- inform the individual that they have the right to complain to the Information Commisioner's Office
Making a Subject access request
To request a Subject Access Request a request must be made in writing (via email or post).
Beech Hill Conservative Club
You may contact us by e-mail at firstname.lastname@example.org
Please include the following information:
- Your full name
- Your correspondence address
- Your relationship with our organisation
- Your contact telephone number
- Your contact email address
Please also provide details of the information you are requesting. To help us locate specific information you are requesting, please be as precise as possible.