Data Protection Policy

Rory Stewart is no longer a Member of Parliament.

This document outlines how the Office of Rory Stewart MP processed and managed personal data during Mr Stewart’s time as MP.

This document outlines how the Office of Rory Stewart MP processes and manages personal data. It:

  • identifies our data controller and designated data protection officer;
  • provides our lawful basis for processing personal data;
  • outlines the scope of personal data we hold and process;
  • outlines the scope of the special category personal data we hold and process;
  • describes and justifies our data retention policy;
  • shows how we intend to respond to Subject Access Requests; and
  • contains a copy of our privacy notice.


Data Controller and Data Protection Officer

The Data Controller is Rory Stewart MP, and the Data Protection Officer is Catherine Anderson, Chief of Staff to Rory Stewart MP.

2. Lawful basis for processing

Casework is processed primarily under the lawful basis of public task, with exceptional cases processed under the lawful basis of consent.

Personal data contained in the non-political Rory Stewart MP Mailing List is processed under the lawful basis of public task. It has a limited privacy impact.

We undertake to always act within the reasonable expectations of our constituents and any other individuals about whom we hold personal data.

3. Data we hold

As of 1st April 2018, the office holds information on approximately 20,000 constituents.

We now operate a paperless office, therefore all of our personal data is stored electronically and securely on our computer system.

Casework

The Office uses a CMS (Content Management System) application, Caseworker, to help with the management of constituent casework records. This information predominantly includes but is not limited to:

  • Names, addresses and email addresses.
  • Telephone numbers.
  • National Insurance Numbers, Passport Numbers.
  • Special category data, outlined in point 4.

Policy

Policy casework is stored in a folder system on Gmail. This information predominantly includes but is not limited to:

  • Names, addresses and email addresses.
  • Telephone numbers.
  • Special category data on political beliefs.

Mailing lists

The Office also maintains a mailing list of around 5,000 subscribers to the Rory Stewart MP Mailing List. These subscribers receive Rory’s newsletters and updates. Personal data we hold in this regard includes:

  • Names, addresses and email addresses.

4. Special category data we hold

The office may also hold special category data for a smaller number of data subjects. This data will be processed under the lawful basis indicated in point two, as is permitted in clauses 23 and 24 of schedule 1 of the Data Protection Act. The data may include:

  • Political opinions
  • Religious beliefs
  • Trade union activities
  • Sexual orientation
  • Race and ethnic origin
  • Details of criminal offenses
  • Physical and mental health

5. Data retention policy

Our office will hold personal data for as long as is necessary for the purposes of casework. Casework and policy queries are often revisited to provide the best service and representation for constituents, from whom we may continue to receive correspondence.

6. Subject Access Requests

We will comply to Subject Access Requests in line with the guidance given by the Information Commissioners Office (ICO).

  • We will respond as quickly as possible, within 30 calendar days.
  • We will request verification of the identity of any individual making a request, and ask for further clarification and details if needed.
  • Data subjects have the right to the following:
  • To be told whether any personal data is being processed
  • To be given a description of the personal data, the reasons it is being processed and whether it will be given to other organisations or people.
  • To be given a copy of the information comprising the data, and given details of the source of the data where this is available.

7. Privacy notice

Our office will undertake to ensure all constituents sharing their personal data can have the opportunity to read our privacy notice. We will:

  • Publish our privacy notice on Rory’s website, www.rorystewart.co.uk
  • Add a link to our privacy notice to staff email signatures, and to Rory’s email signature.
  • Add a link to our privacy notice on Rory’s auto-response on Gmail.
  • Direct constituents who contact us via letter and telephone to our privacy notice online, or supply them with a paper copy if needed.
  • Modify our voicemail messages to include information about how constituents can read our privacy notice.