1. Data Controller
The Data Controller is The Conservative Group for Europe.
If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights please email firstname.lastname@example.org or write to The Conservative Group for Europe, PO Box 46, Presteigne LD7 9AP.
3. Lawful basis for processing
All processing is carried out by consent or under the legitimate interest of The Conservative Group for Europe. These cover processing for campaigning and communication. Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement. This includes fundraising activity in order to support democratic engagement.
4. Data sources
Data held is that provided by you when you contact us.
How we collect your information:
We collect your personal information when you complete our membership application form, register as a supporter, registerto attend our events or make an enquiry to the CGE. The information we collect includes your title, name, address, email address, landline telephone and mobile numbers, date of birth if applying for membership of the Young Conservative Group for Europe (YCGE) and, when provided, details of Conservative Party membership, name of Association, any office held within the Conservative Party or local Association including if an individual is standing as a candidate or is an elected representative.
How we use your information:
We use your personal information related to your membership, participation and/or interest in the CGE.
5. Data Security
Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standard that we do and are in the UK.
6. Special category data
Special category data will be processed under the lawful basis indicated in section 3, as is permitted in clauses 22, 23 and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.
7. Transferring your data outside of the European Economic Area
Some service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where the transfer of your data outside of the EEA takes place we will make sure that it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.
We will use one of the following safeguards to ensure this:
• Where the European Commission has issued an adequacy decision determining that a non-EEA country or organisation ensures an adequate level of data protection.
• A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the EEA.
• The transfer is to an organisation that complies with the EU-US Privacy Shield.
8. Data retention policy
We only store your personal information for the duration of your membership and then for a period of one year after your membership ends (unless required by law to hold it longer). If you have registered as a supporter, we store your personal information for a period of two years beginning from the date you registered. We retain the names of past members and attendee lists in the CGE archive. The names of those present at formal meetings are retained in the minute records indefinitely. We hold the names and contacts collected when non members attend events/meetings for a year.
9. Subject Access Requests
Subject Access Requests are dealt with in line with the guidance given by the Information Commissioner’s Office (ICO):
• We will request verification of the identity of any individual making a request, and ask for further clarification and details if needed.
• We will respond within 28 calendar days once we have confirmed it is a legitimate request.
• Data subjects have the right to the following:
o To be told whether any personal data is being processed
o To be given a description of the personal data, the reasons it is being processed and whether it will be given to another organisations or people.
o To be given a copy of the information comprising the data, and given details of the source of the data where this is available.
10. Will we share your data with anyone else?
We do not sell your personal information and we do not share it with anyone outside of CGE without your prior consent unless required by law; in connection with any legal proceedings or prospective legal proceedings; in order to establish or to exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk). We only use your personal information to contact you about CGE membership, notices of activities and research/policy opportunities in which you may wish to participate. However, at times we are required to share names of registered attendees of our meetings and events with venues to meet their security requirements. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended.
11. Updating information:
It is important that the personal information we hold about you is accurate. Please let us know if your personal information changes or needs to be updated by emailing email@example.com
12. Data Rights
At any point you have the following rights:
• Right of access – you have the right to request a copy of the information held about you.
• Right of rectification – you have a right to correct data held about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data held about you to be erased from our records.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.
13. Making a complaint
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the ICO are:
• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Telephone: 0303 123 1113
• Website: https://ico.org.uk/concerns/
If you have any questions about the data held please contact The Conservative Group for Europe via the contact information on this website.
Please note that proof of identity is required should you choose to exercise any of the above rights in relation to personal data.