This document outlines how Josh Coldspring-White processes and manages personal data and:
I am one of three local councillors for the Hayes & Coney Hall ward in the London Borough of Bromley.
I belong to the Conservative and Unionist Party, commonly known as the Conservative Party (The Party), and are registered as a political party with the Electoral Commission under registration PP52 and a registered data controller with the Information Commissioner’s Office (ICO) under registration number Z5909711.
This is my privacy notice for the Hayes & Coney Hall ward . The Data Controller is Josh Coldspring-White
This privacy notice has been created to demonstrate my commitment to the protection of your data and to be transparent in how I deal with it. This notice provides the information as required by Articles 13 and 14 UK GDPR.
I will process my data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and related legislation.
This privacy notice was updated on 22nd December 2023.
From time to time I may make amendments to or update this privacy notice.
If you have any questions about this notice, or for more information about how I use my data, or if you would like to exercise any of your rights you can contact me at:
c/o Members Room, Bromley Civic Centre, Stockwell Close, Bromley BR1 3UH
E-mail: click here
Phone: +44 (0) 7468 885 964.
How I use my data is protected by law and I am only permitted to process your data where I have an acceptable reason for doing so. The lawful reasons I process my data are:
Some types of sensitive personal data are given extra protection under the law; information about race, ethnicity, sexual orientation, sex life, religious or philosophical beliefs, criminal record, trade union membership and political opinion are “special category” data under data protection legislation and I will only process this data where I have a lawful reason to do so. The work of the Conservative Party is deemed to be of substantial public interest and therefore I are permitted to process special category personal data relating to your political opinion in so far as it is necessary for the purposes of my political activities.
Where I have identified “legitimate interest” as my lawful reason for processing your data I conduct a balancing test in order to determine whether my legitimate interests to process your data are overridden by your interests, rights and freedoms. For more information about my legitimate interest balancing tests please contact me.
I process data with the intention of using it primarily for the broad purpose of my political, campaigning and fundraising activities.
The tables below illustrate examples of how I commonly use your data, the typical categories of data that I might process and my justification and legal bases for doing so.
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Canvassing Political Opinions | Electors | Name, Address, Electoral Roll Number, Telephone Number, Political Opinion, Contact Details, Marketing Preferences | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Communicating with you via post about my policies, campaigns, events, fundraising appeals and opportunities to get involved with the party | Electors, Members/Former Members, Donors, Volunteers | Name, Address, Electoral Roll Number, Profiled Data | Public Task (Democratic Engagement) | |
Communicating with you via electronic message or SMS about my policies, campaigns, events, fundraising appeals and opportunities to get involved with the party | Electors, Donors, Volunteers | Name, Address, Contact Details (email, phone, social media etc) | Consent | |
Sending you surveys and processing my responses | Electors | Name, Address, Electoral Roll Number, Political Opinion, National and Local Issue Positions, Incidental Special Category data, Contact Details (email, phone, social media etc), Marketing Preferences | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. Article 9(2)(a) UK GDPR – Explicit Consent for collection of incidental special category data |
Conducting petitions and presenting the signatories to the specified recipient | Electors | Name, Postcode, Contact Details (email, phone, social media etc), Political Opinion, National and Local Issue Positions | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties |
Conducting Online Surveys | Electors | Name, Address, Electoral Roll Number, Political Opinion, National and Local Issue Positions, Incidental Special Category data, Contact Details (email, phone, social media etc), Marketing Preferences | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. Article 9(2)(a) UK GDPR – Explicit Consent for collection of incidental special category data |
Showing you adverts via social media platforms | Electors, Members/Former Members, Donors, Volunteers | Email Address | Legitimate Interests Consent | |
Creating custom audiences for advertising on Social Media Platforms using existing supporters’ details, profiled target audiences, and information from my cookies/pixels and using those audiences to create “lookalikes” | Electors, Members/Former Members, Donors, Volunteers, Supporters | Email Address, Address, Political Opinion | Legitimate Interests Consent | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Registering for a campaign event(s) organised by CCHQ and administering the event | Electors, Members/Former Members, Supporters | Name, Address, Contact Details (email, phone, social media etc), Political Opinion | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Polling Day Activities – e.g. “Knocking up” on the doorstep or via phone and “Telling” at polling stations | Electors | Name, Address, Electoral Roll Number, Polling Day Activity | Public Task (Democratic Engagement) | |
Signing up to Volunteer for the party and us sharing my details with the wider party | Volunteers | Name, Address, Contact Details (email, phone, social media etc), volunteering preferences, Political Opinion | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Maintaining and administering a database to store Electoral Register data, canvassing data, membership data, survey responses etc – including operating a test environment | Members, Donors, Electors, Volunteers, Candidates, Elected representatives, Supporters, Officers and Staff | Name, Contact Details (email, phone, social media etc), Addresses, Political Opinion, Age, Voting History, Relationships, Electoral Roll Information, Issue Positions, Memberships, Donations, Survey Responses, User profile names, Hashed Passwords, IP addresses, User authentication, Usage data and usage history, Free text notes, Titles, Suffixes, Gender, First Language, Positions Held, Location Information, Profiled data, Records of data subject rights requests, constituent record history, Telling and Knocking Up Information. | Public Task (Democratic Engagement) Legitimate Interests Legal Obligation (Compliance with Article 24 UK GDPR and S41 Political Parties, Elections and Referendums Act 2000) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. Article 9(2)(a) UK GDPR – Explicit Consent for collection of incidental special category data |
Providing my VoteSmyce Canvasser Application for doorstep data collection | Members, Donors, Electors, Volunteers, Candidates, Elected representatives, Supporters, Officers and Staff | Name, Address, Electoral Roll Number, Polling District, Political Opinion, Voting History, Contact Details (email, phone, social media etc), Survey Responses, Membership History, Telling and Knocking Up Information, Username, Hashed Password, IP Address, Geolocation, Device information, Usage data and history | Public Task (Democratic Engagement) Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Processing my application for membership and administration of my membership | Members | Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth, Payment Information | Contract Legal Obligation (Compliance with Article 24 UK GDPR and S41 Political Parties, Elections and Referendums Act 2000 | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Inviting you to renew my membership and/or re-join the party | Members/Former Members | Name, Contact Details (email, phone, social media etc), Address | Legitimate Interests | |
Sharing my membership details with my local Conservative Association | Members | Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth | Contract | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Communicating with you via electronic message about my membership, my policies, campaigns, events, fundraising appeals and opportunities to get involved with the party | Members/Former Members | Name, Address, Contact Details (email, phone, social media etc) | Contract | |
Conducting petitions and presenting the signatories to the specified recipient | Electors | Name, Postcode, Contact Details (email, phone, social media etc), Political Opinion, National and Local Issue Positions | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties |
Administering Membership Suspensions and Expulsions | Members/Former Members, Complainants, Witnesses, | Name, Details of Suspension/Expulsion, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion – incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence | Contract Public Interest/Legal Obligation (Compliance with the Equality Act 2010) | Article 9(2)(g) “Substantial Public Interest” – DPA Schedule 1, Part 2, Paragraph 6 – “Statutory Etc and Government Purpose” – there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010 Article 9 UK GDPR – Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts Article 10 UK GDPR – meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts |
Process appeals against expulsion and suspension by Party Members | Members/Former Members, Complainants, Witnesses, | Name, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion – incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence | Legitimate Interests Contract Public Interest/Legal Obligation (Compliance with the Equality Act 2010) | Article 9(2)(g) “Substantial Public Interest” – DPA Schedule 1, Part 2, Paragraph 6 – “Statutory Etc and Government Purpose” – there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010 Article 9 UK GDPR – Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts Article 10 UK GDPR – meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts |
Processing my donation or loan and checking my eligibility to donate or loan sums of more than £500 | Donors | Name, Address, Electoral Roll Number, Contact Details (email, phone, social media etc), Payment Information, Political Affiliation | Public Task (Democratic Engagement) Legal Obligation – Compliance with Parts IV and 4A Political Parties, Elections and Referendums Act 2000 | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Reporting donations and loans to the Electoral Commission | Donors | Name, Address, Donation Amount, Political Affiliation | Legal Obligation – Compliance with Parts IV and 4A Political Parties, Elections and Referendums Act 2000 | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 6 Statutory and Government Purposes |
Maintaining and administering a fundraising database | Members/Former Members, Donors | Name, Address, Political Opinion, Contact Details (email, phone, social media etc), Donation History, Biographical Information, Occupation, Correspondence, Family Connections, Marketing Preferences, Date of Birth | Legitimate Interests Legal Obligation – Compliance with S41 Political Parties, Elections and Referendums Act 2000 | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Registering for an event(s) organised by CCHQ and administration of the event | Attendees | Name, Address, Contact Details (email, phone, social media etc), Dietary Requirements, Biographical Information, Payment Information | · Contract · Legal Obligation (Compliance with Article 24 GDPR and S41 Political Parties, Elections and Referendums Act 2000 | Article 9(2)(g) GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Providing you with information about the event(s) for which you have registered | Attendees | Name, Contact Details (email, phone, social media etc) | · Contract (for ticketed events) · Legitimate Interests | |
Hosting Video Conferencing and Virtual Events | Electors, Members/Former Members, Donors, Volunteers, Elected Representatives | Name, Contact Details (email, phone, social media etc), IP Address, Political Opinion, Images and Recorded Images | Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Political research using publicly available smyces | Elected Representatives, Political Staff, Candidates, Members, Activists, Donors | Name, Publicly available information (e.g. occupation, social media posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc) | Legitimate Interests | · Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject · Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc. |
Due diligence of prospective members, potential appointees, donors and volunteers using publicly available smyces | Members, Donors, Supporters, Volunteers, Potential Appointees | Name, Publicly available information (e.g. occupation, social media posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc) | Legitimate Interests | · Article 9(2)(d) UK GDPR – processing is carried out in the cmyse of its legitimate activities with appropriate safeguards · Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject · Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc. |
Communication with media organisations | Elected Representatives, Political Staff, Candidates, Members, Activists, Donors | Name, Publicly available information (e.g. occupation, social media posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc) | Legitimate Interests | · Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject · Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc. |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Contacting us by email, post, via one of my Website “contact us” forms or telephone and CCHQ processing and keeping a record of my correspondence | Electors, Members of the public | Name, Contact Details (email, phone, social media etc), Correspondence, Political Opinion, Incidental Special Category Data | Legitimate Interests | · Article 9(2)(a) UK GDPR – Explicit Consent for processing of incidental special category data · Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Managing security and my safety when you visit one of my offices | Visitors | Name, Time and date of visit, Person you are visiting, Log of my movements within my offices, CCTV Images, Thermal Image (as part of my Covid secure precautions), Details of accidents and/or security incidents | · Legal Obligation (Compliance with Articles 24 and 32 UK GDPR, Health and Safety at Work Act 1974) · Legitimate Interests | · Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 1, Paragraph 1 Employment, Social Security and Social Protection · Article 10 UK GDPR – meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts |
Reporting accidents and/or security incidents to relevant healthcare organisation or law enforcement authority | Visitors | Name, Details of accidents and/or security incidents | · Legal Obligation (Compliance with Reporting of Injuries, Diseases and Dangerous Occurrences Regulations) · Legitimate Interests · Vital Interests |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Providing advice, training and support on matters relating to the Constitution and the Voluntary Party | Association Officers, Association Staff, Staff, Members, Activists, Volunteers | Name, Contact Details (email, phone, social media etc), Correspondence | Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Communication with Party Officers at Board, Regional and Association Level and Party Members | Party Officers, Members | Name Name, Contact Details (email, phone, social media etc), Correspondence, Political Opinion, Incidental Special Category Data, Volunteering Interests, Events Interests | Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Providing advice and support on the selection of local government candidates | Association Officers, Association Staff, Candidates | Name, Position, Contact Details (email, phone, social media etc), Correspondence, Candidate CV’s, Political Opinion | Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Providing advice and support on local disciplinary issues | Association Officers, Association Staff, Members, Activists | Name, Details of Disciplinary Case, Correspondence | Legitimate Interests | |
Managing Young Conservative Groups | Members, Students | Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Managing Affiliated Groups | Members | Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Managing Affiliated Groups | Members | Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Managing External Relationships | Members, Community Stakeholders, Candidates, Elected Representatives, Business Owners | Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Providing support to Local Councillors and the Conservative Councillors’ Association | Elected Representatives | Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Processing, investigating, and administering breaches of my Social Media Complaints and Opposition Candidacy Rules in accordance with the procedures set out in my Code of Conduct | Complainants, Witnesses, Members of Parliament, Peers, Members of the European Parliament, Members of the Scottish Parliament, Members of the Irish Assembly, Members of the Greater London Assembly, Police & Crime Commissioners, elected Mayors, Councillors and Association, area, regional, and national Party officers | Name, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion – incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence | Public Task (Democratic Engagement) | · Article 9(2)(g) “Substantial Public Interest” – DPA Schedule 1, Part 2, Paragraph 6 – “Statutory Etc and Government Purpose” – there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010 · Article 9 UK GDPR – Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts · Article 10 UK GDPR – meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 – Preventing or detecting unlawful acts |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Processing Payments to Suppliers | Suppliers Staff | Name, Contact Details, Job Title | Contract | |
Processing Payments from donors, members and supporters and keeping a record for accounting purposes | Donors, Members, Supporters | Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth, Payment Information | · Contract · Legitimate Interests | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Preparing and Reporting Election Spending Returns to the Electoral Commission | Campaign Staff, Suppliers, Association Officers, Association Staff, Candidates, Election Agents, Volunteers | Name, Address, Expense Details, Job Title, Correspondence (for preparing returns) | Legal Obligation (Compliance with Part V Political Parties, Elections and Referendums Act 2000) |
Purpose | Categories of Data Subject | Typical Data Categories | Legal Basis | Special Category Legal Basis |
Performing Market Research to get a sense of political opinion across the UK | Electors | Name, Address, Telephone Number, Constituency, Gender, Age, Profiled data, National and local issue positions, Political Opinion | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
Conducting Opinion Polling to get a sense of political opinion across the UK | Electors | Name, Address, Telephone Number, Constituency, Gender, Age, Profiled data, National and local issue positions, Political Opinion | Public Task (Democratic Engagement) | Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
The Party also processes personal data in order to implement the findings of the Singh Investigation Report – The full report and all the recommended actions for the party to implement can be found here.
I use data analytics to try and understand the people that I seek to represent and make best use of my limited resources.
I use some of the data that I collect about you to make an educated prediction about your lifestyle. I use automated means to analyse this variety of data and collate it (sometimes referred to as “profiling”). I combine personal data about electors (which is provided by local authorities to all political parties under electoral statute) with data from canvassing, the marked register of electors, from external data analytics and research partners, data brokers (such as Experian), opinion polling partners, fulfilment channels such as mail/telephone/Facebook, public bodies such as the Office for National Statistics, etc. This data is then used by CCHQ to inform how and whether I contact you, for example by:
Understanding the matters and issues that are likely to be of relevance and significance to you (e.g. if I think you may have children I may send information about my education policy)
Deciding whether I send you my campaigning materials, or materials about how you can support the Conservative party.
Identifying target audiences for particular issues, social media advertising, and appeals for financial support
Selecting what material I send to you
Evaluating whether I think you are likely to vote and for whom you will likely vote for during an election or a referendum
I also use analytics to perform analysis of individual and aggregated data (for example, I might combine individual data relating to voting intention and details about the constituency) to provide us with competitive insight into the political landscape and general trends, and to allow us to better understand the electorate as a whole.
Examples of categories of data that I typically analyse are: political affiliation, political opinions and preferences, likelihood to vote, attitudes, geodemographic and socio-economic characteristics.
I undertake these analyses as I have a legitimate interest to identify potential Conservative voters and supporters. Indeed, it also allows us to behave accordingly should voters request that I don’t contact them, for example.
Where my profiling processes special category data relating to my political opinion I consider that this is necessary for the purposes of my political activities and therefore permitted in accordance with Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
My analytics and profiling does not replace the direct contact that I make with individuals – these activities supplement my traditional campaigning methods such as canvassing and conducting surveys.
I have determined that this kind of profiling, and any decisions that are based solely on that profiling, is unlikely to create legal or significant affects for you. Where such decisions create legal or similarly significant affects you have the right not to be subject to that decision and you can exercise that right by contacting my Data Protection Officer. You can also contact us at any time and exercise my right to object and ask that I do not process my personal information for this purpose.
The historical nature of the Conservative Party means that rather than being one single organisation I am an interconnected family consisting of the Party Headquarters, local associations, areas and regions of the Party (known as ‘accounting units’ and listed on the Electoral Commission Website) elected representatives, candidates, members, volunteers and party officers. I are all united by my common Conservative identity. One of CCHQ’s primary roles is to provide professional support to my family of volunteers who help to run the party across the UK.
Much of the work of the Party is conducted by the wider Conservative Party. For this reason I have a legitimate interest to share and make available certain personal information with the wider Party when it is necessary for my campaigns or other activities and vice versa via my Electoral Management Database, Field Campaigning Teams and Voluntary Party Managers. Sharing may also be necessary in the public interest, as being an activity that supports or promotes democratic engagement. Some examples of such data sharing include:
If a local association conducts a survey, or other campaigning activity, the results may be shared with CCHQ.
If a local association receives a donation or a loan of more than £500 this information will be shared with CCHQ so that it can be recorded and reported by the Party’s Registered Treasurer as per Parts IV and 4A Political Parties, Elections and Referendums Act 2000.
Details of party supporters and volunteers may be supplied to local Conservative candidates and local Associations for the purposes of their election campaign.
If you contact me about a complaint or an issue then it may be shared with CCHQ so that my Voluntary Party Managers can provide professional assistance in resolving the matter.
If a complaint is made under my Code of Conduct then details may be shared with relevant sections of the wider party in order to assist my investigation.
Details may routinely be shared between the Party and the Wider Party as part of a restructuring process – for example when constituency boundaries change following a statutory boundary review.
I collect personal data from a variety of sources:
Third-Party Sources (Indirectly):
8. Who I share my data with
I will never sell my data but sometimes it is necessary to share my information, either within the wider Conservative Party, or with my service providers, data controllers and data processors. Data is only ever shared where I have a party reason and when the law allows us to do so.
I share data with:
9. Data processed with my consent
Where I use consent as my legal basis for processing your data, or process special categories of your data on the basis of your explicit consent, you have the right to withdraw your consent at any time. For further information on when I rely upon consent please see Section 4 “How I use my information”.
There are several ways that you can easily withdraw my consent, you can:
I will maintain a record of your withdrawal of consent.
Some of my service providers are located outside of the UK and therefore it may be necessary to transfer your personal data outside of the UK. Where I do transfer your data outside of the UK I will make sure that it is protected in the same way as if the data was inside the UK.
I will use one of the following appropriate safeguards to ensure this:
11. How long I retain my data for
I retain my information in accordance with the CCHQ Data Retention Policy and Data Retention Schedule. I constantly review the data that I hold and regularly consider its relevance and my need to hold onto it. I use several factors to determine my retention periods. Factors I take into consideration are:
Retention periods as required by law – for example, the Conservative Party is under a statutory duty to retain financial information for a period of 6 years,
If you require more detailed information on how long my data will be kept for please contact me.
I take the security of personal data seriously. I use security technology, including firewalls, password protection and encryption to safeguard information and have procedures in place to ensure that my paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage. I have processes in place to deal with a data breach in the unlikely event one should occur.
I only use third party service providers where I am satisfied that they provide adequate security for my personal data.
I use cookies to provide you with a tailored experience on my Website, and to gather statistics on how are online services are used so that I can improve my services. Some of my cookies may also collect personal data. A cookie is a piece of code that is sent to my internet browser and is stored on my system. I also use ‘similar technologies’ such as pixel tags, clear gif or tracking pixels and I use these for example to track the campaigns emails that I send to learn whether you opened an email and how you interacted with it.
Please visit my cookie page for more information about how I use cookies and similar technologies on my Websites and services. I always seek my consent to use cookies and/or similar technologies.
This section explains about your data subject rights you have. You can exercise any of these rights by contacting my Data Protection Officer or Data Protection Team.
Your Data Rights | Explanation |
Right to be informed | You have the right to be informed about the collection and use of my personal data. CCHQ provides this in the form of privacy notices and/or privacy information at the point of collection or within one month of obtaining my data. I may not provide privacy information where you either already have such information or it would involve a disproportionate effort to provide such information. |
Right of access to my data | You have the right to request a copy of my personal information that I hold. This is commonly known as a Subject Access Request. |
Right of rectification of my data | You have the right to request that inaccurate or incomplete information that I hold about you is corrected. |
Right to be forgotten | In certain circumstances you can ask for the data I hold about you to be erased from my records. When I do so, I keep the bare minimum of my information in order to continue to respect my wishes when my personal data is next provided to us by a local authority, which is at least annually. There is some data that must be retained by law and other data that I may have a legitimate interest to retain |
Right to restriction of processing | You have the right to request that I restrict the processing of my data where you are contesting the accuracy of the data or when the data has been unlawfully processed. |
Right to data portability | You have the right to have the data I hold about you transferred to a third-party organisation and you can ask that I provide it in a machine readable format. Information is only within the scope of the right to data portability if it is personal data that you have provided to us. |
Right to object | You have an absolute right to object to my data being used for direct marketing, including profiling for direct marketing purposes – I mark my data clearly with a “no processing” label. If I process my data on the basis of “legitimate interests” or “a task carried out in the public interest” then you have the right to object to us using my data in that way. This right is not absolute, and I may continue to process my data if I can demonstrate compelling legitimate grounds for the processing. |
Automated individual decision-making, including profiling | I may use computer software to make decisions about you or to create a profile about you. You have the right not to be subject to such a decision or to that profiling where it creates legal effects concerning you or where it significantly affects you. |
If you are unhappy with the way that I have processed or handled my data, then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.
The contact details for the Information Commissioner’s Office are:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
22nd December 2023