Graeme Dey MSP Data Protection Privacy Notice - GDPR Comes Into Force On 25th May

This the Privacy Notice of the office of Graeme Dey MSP

This privacy notice explains how my office collects and uses personal information about individuals.

My office address and contact details are

Address: 282-284 High Street, Arbroath, DD11 1JF

Email: graeme.dey.msp@parliament.scot

Phone: 01241 873058

Notification:

I am registered as a data controller with the UK Information Commissioner and the reference number is Z2828947.

How I use your personal data:

I process any personal data under the requirements of the General Data Protection Regulation (EU) 2016/679 (the GDPR) and the Data Protection Act 2018.

What is personal data?                  

Personal data is any information from which a living individual can be identified.

I will hold all personal data securely, I will only use it for the purposes it was collected or acquired for and I will only pass it on to third parties with your consent or according to a legal obligation.

Further information about the data protection legislation and your rights is available here:

https://ico.org.uk/your-data-matters/

Purposes and categories of processing personal data:

I collect and use personal data to fulfil the following functions and associated activities of my office;

  • to engage with constituents and organisations which operate in my constituency;
  • to manage and support my staff and to maintain supplier relationships;

If you contact me with an enquiry or a complaint, I will normally need to store your contact details to deal with your inquiry or complaint.  This is considered to be “normal category data” under the GDPR.

Other personal data you may provide to me may include details about your personal and family life, social circumstances and business activities, your employment and education details, financial information or information about your housing situation etc. Depending on what views, issues or experiences you wish to discuss with me, you may be sharing “special category” data with me. For example, this could include details about race or ethnic origin, political or religious views, sex life or sexual orientation, trade union membership, physical or mental health, genetic or biometric data or any criminal offences.

The legal basis for processing personal data:

Depending on the circumstances, the legal basis for processing personal data in my office may include:

  • Consent of the data subject (the person who the personal data relates to.)
  • Complying with legal obligations
  • Protecting vital Interests of individuals
  • Pursuing legitimate Interests
  • Acting in the public interest [includes democratic engagement activities]
  • The processing is necessary for the performance of a contract

Categories of processing activities and corresponding legal basis:

Processing of personal data means anything from collecting, storing, using to sharing and deleting (see link above for more information).

In relation to children, I may process personal data in the following ways:

Processing activity

How long I retain the data

Legal Basis

Purpose

Personnel files

One year after termination of contract.

Contract

To undertake required duties of MSP as an employer.

Casework

1 year after case file closed.

Special category data is dealt with on the basis of an elected representative responding to a request from an individual.

Public Interest or consent

Engagement of constituents with MSP and MSP taking forward issues of importance to constituents.

Enquiries not from constituents

Retained for one month after reply, if necessary, sent.

 

Public Interest

Responding to enquiries.

Electoral Roll

Updated annually.

Public Interest-democratic engagement

To allow MSP to communicate with constituents on issues of importance to constituency.

Photographs with individuals other than Graeme

One year.

Consent

To allow for MSP to communicate activities undertaken as part of duties as parliamentarian.

Meetings if not part of casework

Retained for one year.

Public Interest

To allow for the scheduling of meetings.

Complaints

One year.

Public Interest

To allow MSP to respond to complaints and maintain record.

Letters of congratulations

One month

Public Interest

To allow MSP to highlight issues of importance to constituency.

Subject Access Requests

One year

Legal Obligation

To allow office to respond and keep record.

Breaches

One year

Legal Obligation

To allow office to respond and keep record.

Job applications

Those unsuccessful, will be deleted one month after appointment of candidate.

Consent

To allow office to undertake recruitment.

 

Sharing of personal data:

I sometimes may be required to share the personal information I hold with other individuals or organisations including for example:

  • healthcare, social and welfare organisations
  • local and central government bodies
  • educators and examining bodies
  • statutory law enforcement agencies
  • investigating bodies
  • elected representatives and other holders of public office
  • financial organisations
  • crime prevention agencies and the police
  • The Scottish Parliament
  • Private companies (in order to take forward issues)
  • Third sector organisations

The legal basis for sharing data with these organisations may be that

  • the sharing is necessary for complying with a legal obligation to which I am subject (Art 6(1)(c) GDPR;
  • the sharing is necessary in order to protect the vital interests of the data subject or of another person (Art 6(1)(d); or
  • the sharing is necessary for the performance of a task carried out in the public interest or substantial public interest (Art 6(1)(e) or Art 9(2)(g) GDPR.

I may seek your prior express consent to share your personal data with any of the following:

  • employment and recruitment agencies
  • press and the media
  • family, associates and representatives of the person whose personal data I am processing
  • enquirers
  • subjects of complaints
  • political parties

The consequences of my not processing personal data are:                                            

  • Where I am processing personal data for the performance of a contract, the consequence of not processing the personal data is that I may not be able to fulfil my obligations under that contract.
  • Where I am processing personal data in accordance with a statutory obligation, the consequence of not processing personal data may be that I am liable to regulatory fines for non-compliance with that statutory duty.

Automated data processing:

I do not use automated processing techniques to process your data.

Sharing or processing personal data outside the European Economic Area:

Please note that sending personal data outside the EEA includes using online services (email distribution, survey software etc.) that are based outside the EEA.

I do not share or process personal data in locations outside the EEA.

Retention of personal data:

I keep personal data for the period that is necessary to carry out casework on behalf of my constituents, work on issues and campaigns I am involved in, and to support my staff and maintain supplier information, expenses, accounts and associated records.

Using my website

My website uses cookies to gather information about how visitors use my website to help me improve its performance, and secondly, to improve the visitor experience when using the website by delivering pages more quickly or remembering user settings.  Additionally, videos on the website may use cookies created by third-party providers such as Flash or YouTube.   

The information i collect is anonymous - it cannot be used to identify you personally.  Further information on the way that I use cookies and how you can set your browser to control cookies is available in my cookie policy here.

Your rights

The GDPR sets out the rights which individuals have in relation to personal information held about them by data controllers. These rights are listed below, although whether you will be able to exercise each of these rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place (see the individual privacy notices listed above for further details in relation to specific processing activities).

Access to your information – You have the right to request a copy of the personal information about you that I hold. 

Correcting your information – I want to make sure that your personal information is accurate, complete and up to date and you may ask me to correct any personal information about you that you believe does not meet these standards.

Deletion of your information – You have the right to ask me to delete personal information about you where:

  • You consider that I no longer need the information for the purposes for which it was obtained.
  • I am using that information with your consent and you have withdrawn your consent.
  • You have validly objected to my use of your personal information –my use of your personal information is contrary to law or our other legal obligations.

 

Objecting to how we may use your information – You have the right at any time to require me to stop using your personal information for direct marketing purposes (advertising).  In addition, where I use your personal information to perform tasks carried out in the public interest then, if you ask me to, I will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information – in some cases, you may ask me to restrict how I  use your personal information.  This right might apply, for example, where I am checking that the personal information about you that I hold is correct or assessing the validity of any objection you have made to my use of your information.  The right might also apply where this is no longer a basis for using your personal information but you don't want me to delete the data.  Where this right to validly exercised, I may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent using your information – Where I use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact me using the contact details provided above.

Changes to my privacy statement

I keep this privacy statement under regular review and will place any updates on this website.  Paper copies of the privacy statement may also be obtained using the contact information above.

This privacy statement was last updated on 25 May 2018.

Contact information and further advice

Please use one of the contact details at the top of this privacy notice marking the contact for the attention of the Data Protection Officer.

Complaints

I seek to resolve directly all complaints about how I handle personal information. These should be sent to the office using one of the contact details noted on the privacy notice addressed to the Data Protection Officer. You also have the right to lodge a complaint with the Information Commissioner’s Office:

Online: https://ico.org.uk/global/contact-us/email/

By phone: 0303 123 1113

By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF