DATA PROTECTION POLICY
This document outlines how the Office of Rory Stewart MP processes and manages personal data. It:
Data Controller and Data Protection Officer
The Data Controller is Rory Stewart MP, and the Data Protection Officer is Catherine Anderson, Chief of Staff to Rory Stewart MP.
2. Lawful basis for processing
Casework is processed primarily under the lawful basis of public task, with exceptional cases processed under the lawful basis of consent.
Personal data contained in the non-political Rory Stewart MP Mailing List is processed under the lawful basis of public task. It has a limited privacy impact.
We undertake to always act within the reasonable expectations of our constituents and any other individuals about whom we hold personal data.
3. Data we hold
As of 1st April 2018, the office holds information on approximately 20,000 constituents.
We now operate a paperless office, therefore all of our personal data is stored electronically and securely on our computer system.
The Office uses a CMS (Content Management System) application, Caseworker, to help with the management of constituent casework records. This information predominantly includes but is not limited to:
Policy casework is stored in a folder system on Gmail. This information predominantly includes but is not limited to:
The Office also maintains a mailing list of around 5,000 subscribers to the Rory Stewart MP Mailing List. These subscribers receive Rory’s newsletters and updates. Personal data we hold in this regard includes:
4. Special category data we hold
The office may also hold special category data for a smaller number of data subjects. This data will be processed under the lawful basis indicated in point two, as is permitted in clauses 23 and 24 of schedule 1 of the Data Protection Act. The data may include:
5. Data retention policy
Our office will hold personal data for as long as is necessary for the purposes of casework. Casework and policy queries are often revisited to provide the best service and representation for constituents, from whom we may continue to receive correspondence.
6. Subject Access Requests
We will comply to Subject Access Requests in line with the guidance given by the Information Commissioners Office (ICO).
7. Privacy notice
Our office will undertake to ensure all constituents sharing their personal data can have the opportunity to read our privacy notice. We will: