PRIVACY NOTICE
Last updated: 23 May 2024
1. Who are we?
We are the Conservative and Unionist Party, commonly known as the Conservative Party (The Party), and we are registered as a political party with the Electoral Commission under registration PP52 and a registered data controller with the Information Commissioner’s Office (ICO) under registration number Z5909711.
Our objective is to promote our values and to elect Conservative candidates at every level of government across the United Kingdom, or when we campaign in referenda.
This is the privacy notice for the Conservative Party and not just for our website www.conservatives.com. We have specific privacy notices for other areas such as Human Resources and Staffing, Candidates, Complaints/Code of Conduct and Party Conference. We are happy to make this notice available in other accessible formats such as braille. If you wish to obtain a copy in an accessible format please contact our Data Protection Officer.
In this privacy notice we also refer to “the wider Conservative Party”. This includes, but is not limited to, local associations, areas and regions of the Party, known as ‘accounting units’ and listed on the Electoral Commission website, elected representatives, candidates, members, volunteers and party officers. These bodies may be data controllers in their own right or data processors acting on behalf of the Party. It is intended that the wider Party will adopt the principles enshrined in this notice.
This privacy notice has been created to demonstrate the Party’s commitment to the protection of your data and to be transparent in how we deal with it. This notice provides the information as required by Articles 13 and 14 UK GDPR.
The Party will process your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and related legislation.
This privacy notice was updated on 23rd May 2024.
From time to time we may make amendments to or update this privacy notice.
2. Contacting us about Data Protection
If you have any questions about this notice, or for more information about how we use your data, or if you would like to exercise any of your rights you can contact our Data Protection Officer at:
Data Protection Department, Conservative Campaign Headquarters, 4 Matthew Parker Street, London, SW1H 9HQ
E-mail: DataProtection@Conservatives.com.
Phone: +44 (0) 20 7984 8300.
3. How the law protects your data
How we use your data is protected by law and we are only permitted to process your data where we have an acceptable reason for doing so. The lawful reasons we process your data are:
- Processing is necessary for the performance of a task carried out in the public interest (public task – democratic engagement), or
- When it is our legal duty (legal obligation), or
- When you provide consent (consent), or
- To protect your vital interests (vital interests), or
- To fulfil a contract with you (contract), or
- When we have a legitimate interest (legitimate interest).
Some types of sensitive personal data are given extra protection under the law; information about your race, ethnicity, sexual orientation, sex life, religious or philosophical beliefs, criminal record, trade union membership and political opinion is “special category” data under data protection legislation and we will only process this data where we have a lawful reason to do so. The work of the Conservative Party, and the wider Conservative Party, is deemed to be of substantial public interest and therefore we are permitted to process special category personal data relating to your political opinion in so far as it is necessary for the purposes of our political activities.
Where we have identified “legitimate interest” as our lawful reason for processing your data we conduct a balancing test in order to determine whether our legitimate interests to process your data are overridden by your interests, rights and freedoms. For more information about our legitimate interest balancing tests please contact our Data Protection Officer.
4. How we use your information
We process data with the intention of using it primarily for the broad purpose of our political, campaigning and fundraising activities.
The tables below illustrate examples of how we commonly use your data, the typical categories of data that we might process and our justification and legal bases for doing so. Some data processing activities may not be covered in the tables below but we will seek to provide you with relevant information by another means (e.g. at the point of collecting your data).
4.1 Campaigning and Communications
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Canvassing Political Opinions
|
Electors
|
Name, Address, Electoral Roll Number, Telephone Number, Political Opinion, Contact Details, Marketing Preferences
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Communicating with you via post about our policies, campaigns, events, fundraising appeals and opportunities to get involved with the party
|
Electors, Members/Former Members, Donors, Volunteers
|
Name, Address, Electoral Roll Number, Profiled Data
|
Public Task (Democratic Engagement)
|
|
Communicating with you via electronic message or SMS about our policies, campaigns, events, fundraising appeals and opportunities to get involved with the party
|
Electors, Donors, Volunteers
|
Name, Address, Contact Details (email, phone, social media etc)
|
Consent
|
|
Sending you surveys and processing your responses
|
Electors
|
Name, Address, Electoral Roll Number, Political Opinion, National and Local Issue Positions, Incidental Special Category data, Contact Details (email, phone, social media etc), Marketing Preferences
|
Public Task (Democratic Engagement)
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
- Article 9(2)(a) UK GDPR - Explicit Consent for collection of incidental special category data
|
Conducting petitions and presenting the signatories to the specified recipient
|
Electors
|
Name, Postcode, Contact Details (email, phone, social media etc), Political Opinion, National and Local Issue Positions
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties
|
Conducting Online Surveys, Petitions, etc…
|
Electors
|
Name, Address, Electoral Roll Number, Political Opinion, National and Local Issue Positions, Incidental Special Category data, Contact Details (email, phone, social media etc), Marketing Preferences, IP Address
|
Public Task (Democratic Engagement)
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
- Article 9(2)(a) UK GDPR - Explicit Consent for collection of incidental special category data
|
Showing you adverts via social media platforms
|
Electors, Members/Former Members, Donors, Volunteers
|
Email Address
|
- Legitimate Interests
- Consent
|
|
Creating custom audiences for advertising on Social Media Platforms using existing supporters' details, profiled target audiences, and information from our cookies/pixels and using those audiences to create “lookalikes”
|
Electors, Members/Former Members, Donors, Volunteers, Supporters
|
Email Address, Address, Political Opinion
|
- Legitimate Interests
- Consent
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Registering for a campaign event(s) organised by CCHQ and administering the event
|
Electors, Members/Former Members, Supporters
|
Name, Address, Contact Details (email, phone, social media etc), Political Opinion
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Polling Day Activities – e.g. “Knocking up” on the doorstep or via phone and “Telling” at polling stations
|
Electors
|
Name, Address, Electoral Roll Number, Polling Day Activity
|
Public Task (Democratic Engagement)
|
|
Signing up to Volunteer for the party and us sharing your details with the wider party
|
Volunteers
|
Name, Address, Contact Details (email, phone, social media etc), volunteering preferences, Political Opinion
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Maintaining and administering a database to store Electoral Register data, canvassing data, membership data, survey responses etc – including operating a test environment
|
Members, Donors, Electors, Volunteers, Candidates, Elected representatives, Supporters, Officers and Staff
|
Name, Contact Details (email, phone, social media etc), Addresses, Political Opinion, Age, Voting History, Relationships, Electoral Roll Information, Issue Positions, Memberships, Donations, Survey Responses, User profile names, Hashed Passwords, IP addresses, User authentication, Usage data and usage history, Free text notes, Titles, Suffixes, Gender, First Language, Positions Held, Location Information, Profiled data, Records of data subject rights requests, constituent record history, Telling and Knocking Up Information.
|
- Public Task (Democratic Engagement)
- Legitimate Interests
- Legal Obligation (Compliance with Article 24 UK GDPR and S41 Political Parties, Elections and Referendums Act 2000)
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
- Article 9(2)(a) UK GDPR - Explicit Consent for collection of incidental special category data
|
Providing our VoteSource Canvasser Application for doorstep data collection
|
Members, Donors, Electors, Volunteers, Candidates, Elected representatives, Supporters, Officers and Staff
|
Name, Address, Electoral Roll Number, Polling District, Political Opinion, Voting History, Contact Details (email, phone, social media etc), Survey Responses, Membership History, Telling and Knocking Up Information, Username, Hashed Password, IP Address, Geolocation, Device information, Usage data and history
|
- Public Task (Democratic Engagement)
- Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
4.2 Membership and Donations
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Processing your application for membership and administration of your membership
|
Members
|
Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth, Payment Information
|
- Contract
- Legal Obligation (Compliance with Article 24 UK GDPR and S41 Political Parties, Elections and Referendums Act 2000
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Inviting you to renew your membership and/or re-join the party
|
Members/Former Members
|
Name, Contact Details (email, phone, social media etc), Address
|
Legitimate Interests
|
|
Sharing your membership details with your local Conservative Association
|
Members
|
Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth
|
Contract
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Communicating with you via electronic message about your membership, our policies, campaigns, events, fundraising appeals and opportunities to get involved with the party
|
Members/Former Members
|
Name, Address, Contact Details (email, phone, social media etc)
|
Contract
|
|
Conducting petitions and presenting the signatories to the specified recipient
|
Electors
|
Name, Postcode, Contact Details (email, phone, social media etc), Political Opinion, National and Local Issue Positions
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties
|
Administering Membership Suspensions and Expulsions
|
Members/Former Members, Complainants, Witnesses,
|
Name, Details of Suspension/Expulsion, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion - incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence
|
- Contract
- Public Interest/Legal Obligation (Compliance with the Equality Act 2010)
|
- Article 9(2)(g) "Substantial Public Interest" - DPA Schedule 1, Part 2, Paragraph 6 - "Statutory Etc and Government Purpose" - there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010
- Article 9 UK GDPR - Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
Process appeals against expulsion and suspension by Party Members
|
Members/Former Members, Complainants, Witnesses,
|
Name, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion - incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence
|
- Legitimate Interests
- Contract
- Public Interest/Legal Obligation (Compliance with the Equality Act 2010)
|
- Article 9(2)(g) "Substantial Public Interest" - DPA Schedule 1, Part 2, Paragraph 6 - "Statutory Etc and Government Purpose" - there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010
- Article 9 UK GDPR - Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
Processing your donation or loan and checking your eligibility to donate or loan sums of more than £500
|
Donors
|
Name, Address, Electoral Roll Number, Contact Details (email, phone, social media etc), Payment Information, Political Affiliation
|
- Public Task (Democratic Engagement)
- Legal Obligation – Compliance with Parts IV and 4A Political Parties, Elections and Referendums Act 2000
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Reporting donations and loans to the Electoral Commission
|
Donors
|
Name, Address, Donation Amount, Political Affiliation
|
Legal Obligation – Compliance with Parts IV and 4A Political Parties, Elections and Referendums Act 2000
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 6 Statutory and Government Purposes
|
Maintaining and administering a fundraising database
|
Members/Former Members, Donors
|
Name, Address, Political Opinion, Contact Details (email, phone, social media etc), Donation History, Biographical Information, Occupation, Correspondence, Family Connections, Marketing Preferences, Date of Birth
|
- Legitimate Interests
- Legal Obligation – Compliance with S41 Political Parties, Elections and Referendums Act 2000
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
4.3 Events
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Registering for an event(s) organised by CCHQ and administration of the event
|
Attendees
|
Name, Address, Contact Details (email, phone, social media etc), Dietary Requirements, Biographical Information, Payment Information
|
- Contract
- Legal Obligation (Compliance with Article 24 GDPR and S41 Political Parties, Elections and Referendums Act 2000
|
Article 9(2)(g) GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Providing you with information about the event(s) for which you have registered
|
Attendees
|
Name, Contact Details (email, phone, social media etc)
|
- Contract (for ticketed events)
- Legitimate Interests
|
|
Hosting Video Conferencing and Virtual Events
|
Electors, Members/Former Members, Donors, Volunteers, Elected Representatives
|
Name, Contact Details (email, phone, social media etc), IP Address, Political Opinion, Images and Recorded Images
|
Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
4.4 Research, Due Diligence and Press
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Political research using publicly available sources
|
Elected Representatives, Political Staff, Candidates, Members, Activists, Donors, Electors, Members of the public
|
Name, Publicly available information (e.g. occupation, social media posts, other internet posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc)
|
Legitimate Interests
|
- Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc.
|
Due diligence of prospective members, potential appointees, donors and volunteers using publicly available sources
|
Members, Donors, Supporters, Volunteers, Potential Appointees
|
Name, Publicly available information (e.g. occupation, social media posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc)
|
Legitimate Interests
|
- Article 9(2)(d) UK GDPR – processing is carried out in the course of its legitimate activities with appropriate safeguards
- Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc.
|
Communication with media organisations
|
Elected Representatives, Political Staff, Candidates, Members, Activists, Donors
|
Name, Publicly available information (e.g. occupation, social media posts, directorships, media history, property and financial holdings etc), Misconduct, Publicly available special category information (e.g. political opinion, trade union membership, criminal offences, etc)
|
Legitimate Interests
|
- Article 9(2)(e) UK GDPR – Personal data manifestly made public by the data subject
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc.
|
4.5 Contacting us or visiting one of our offices
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Contacting us by email, post, via one of our website “contact us” forms or telephone and CCHQ processing and keeping a record of your correspondence
|
Electors, Members of the public
|
Name, Contact Details (email, phone, social media etc), Correspondence, Political Opinion, Incidental Special Category Data, IP Address (on our website)
|
Legitimate Interests
|
- Article 9(2)(a) UK GDPR - Explicit Consent for processing of incidental special category data
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Managing security and your safety when you visit one of our offices
|
Visitors
|
Name, Time and date of visit, Person you are visiting, Log of your movements within our offices, CCTV Images, Thermal Image (as part of our Covid secure precautions), Details of accidents and/or security incidents
|
- Legal Obligation (Compliance with Articles 24 and 32 UK GDPR, Health and Safety at Work Act 1974)
- Legitimate Interests
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 1, Paragraph 1 Employment, Social Security and Social Protection
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
Reporting accidents and/or security incidents to relevant healthcare organisation or law enforcement authority
|
Visitors
|
Name, Details of accidents and/or security incidents
|
- Legal Obligation (Compliance with Reporting of Injuries, Diseases and Dangerous Occurrences Regulations)
- Legitimate Interests
- Vital Interests
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 1, Paragraph 1 Employment, Social Security and Social Protection
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
4.6 Visiting our online shop or using our online services
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Processing your purchase, delivering your order and administering your transaction
|
Customers
|
Name, Contact Details (email, phone, social media etc), Address, Payment Details, IP Address
|
Contract
|
|
Creating a user account
|
Customers
|
Name, Contact Details (email, phone, social media etc), Address, Payment Details, IP Address
|
Contract
|
|
Downloading and using one of our mobile applications (e.g. share2win)
|
Elected Representatives, Political Staff, Candidates, Members, Activists, Donors, Electors, Members of the public
|
Name, Contact details, identifiers, user content, usage data, diagnostics, political opinion
|
Contract
|
- Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Sending us a message and us responding to you
|
Customers
|
Name, Contact Details (email, phone, social media etc), Correspondence
|
Legitimate Interests
|
|
Keeping a record of your transaction for accounting purposes
|
Customers
|
Name, Contact Details (email, phone, social media etc), Address, Payment Details
|
Legal Obligation (Compliance with S.41 Political Parties, Elections and Referendums Act 2000)
|
|
4.7 Voluntary Party Management, Engagement and Outreach
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Providing advice, training and support on matters relating to the Constitution and the Voluntary Party
|
Association Officers, Association Staff, Staff, Members, Activists, Volunteers
|
Name, Contact Details (email, phone, social media etc), Correspondence
|
Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Communication with Party Officers at Board, Regional and Association Level and Party Members
|
Party Officers, Members
|
NameName, Contact Details (email, phone, social media etc), Correspondence, Political Opinion, Incidental Special Category Data, Volunteering Interests, Events Interests
|
Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Providing advice and support on the selection of local government candidates
|
Association Officers, Association Staff, Candidates
|
Name, Position, Contact Details (email, phone, social media etc), Correspondence, Candidate CV’s, Political Opinion
|
Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Providing advice and support on local disciplinary issues
|
Association Officers, Association Staff, Members, Activists
|
Name, Details of Disciplinary Case, Correspondence
|
Legitimate Interests
|
|
Managing Young Conservative Groups
|
Members, Students
|
Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Managing Affiliated Groups
|
Members
|
Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Managing Affiliated Groups
|
Members
|
Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Managing External Relationships
|
Members, Community Stakeholders, Candidates, Elected Representatives, Business Owners
|
Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Providing support to Local Councillors and the Conservative Councillors’ Association
|
Elected Representatives
|
Name, Contact Details (email, phone, social media etc), Occupation, Region of Residence, Political Opinion, Correspondence
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
4.8 Code of Conduct and The Social Media Complaints and Opposition Candidacy Rules
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Processing, investigating, and administering breaches of our Code of Conduct in accordance with the procedures set out in our Code of Conduct
|
Complainants, Witnesses, Members of Parliament, Peers, Members of the European Parliament, Members of the Scottish Parliament, Members of the Welsh Assembly, Members of the Greater London Assembly, Police & Crime Commissioners, elected Mayors, Councillors and Association, area, regional, and national Party officers
|
Name, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion - incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence
|
Public Task (Democratic Engagement)
|
- Article 9(2)(g) "Substantial Public Interest" - DPA Schedule 1, Part 2, Paragraph 6 - "Statutory Etc and Government Purpose" - there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010
- Article 9 UK GDPR - Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
Processing, investigating, and administering breaches of our Social Media Complaints and Opposition Candidacy Rules in accordance with the procedures set out in our Code of Conduct
|
Complainants, Witnesses, Members of Parliament, Peers, Members of the European Parliament, Members of the Scottish Parliament, Members of the Welsh Assembly, Members of the Greater London Assembly, Police & Crime Commissioners, elected Mayors, Councillors and Association, area, regional, and national Party officers
|
Name, Contact Details, Address, Ethnicity, Religious or Philosophical Beliefs, Trade Union Membership, Health Data, Criminal Offence Data, Sex Life, Sexual Orientation, Political Opinion - incl Membership of a political party, Age, Social Media Activity (Public and Private), Personal Communications Data, Details of Complaint, Complaint Resolution, Witness Evidence
|
Public Task (Democratic Engagement)
|
- Article 9(2)(g) "Substantial Public Interest" - DPA Schedule 1, Part 2, Paragraph 6 - "Statutory Etc and Government Purpose" - there is a substantial public interest to ensure that engagement with politics complies with the Equality Act 2010
- Article 9 UK GDPR - Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
- Article 10 UK GDPR - meet a condition of Schedule 1 DPA 2018; Schedule 1, Part 2 Paragraph 10 - Preventing or detecting unlawful acts
|
4.9 Finance
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Processing Payments to Suppliers
|
Suppliers Staff
|
Name, Contact Details, Job Title
|
Contract
|
|
Processing Payments from donors, members and supporters and keeping a record for accounting purposes
|
Donors, Members, Supporters
|
Name, Address, Political Affiliation, Contact Details (email, phone, social media etc), Date of Birth, Payment Information
|
- Contract
- Legitimate Interests
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Preparing and Reporting Election Spending Returns to the Electoral Commission
|
Campaign Staff, Suppliers, Association Officers, Association Staff, Candidates, Election Agents, Volunteers
|
Name, Address, Expense Details, Job Title, Correspondence (for preparing returns)
|
Legal Obligation (Compliance with Part V Political Parties, Elections and Referendums Act 2000)
|
|
4.10 Market Research and Opinion Polling
Purpose |
Categories of Data Subject |
Typical Data Categories |
Legal Basis |
Special Category Legal Basis |
---|
Performing Market Research to get a sense of political opinion across the UK
|
Electors
|
Name, Address, Telephone Number, Constituency, Gender, Age, Profiled data, National and local issue positions, Political Opinion
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
|
Conducting Opinion Polling to get a sense of political opinion across the UK
|
Electors
|
Name, Address, Telephone Number, Constituency, Gender, Age, Profiled data, National and local issue positions, Political Opinion
|
Public Task (Democratic Engagement)
|
Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties. |
The Party also processes personal data in order to implement the findings of the Singh Investigation Report – The full report and all the recommended actions for the party to implement can be found here.
5. Data Analytics and Profiling
Like many organisations the Conservative Party uses data analytics to try and understand the people that we seek to represent and make best use of our limited resources. The Conservative Party uses some of the data that we collect about you to make an educated prediction about your lifestyle. We use automated means to analyse this variety of data and collate it (sometimes referred to as “profiling”). We combine personal data about electors (which is provided by local authorities to all political parties under electoral statute) with data from canvassing, the marked register of electors, from external data analytics and research partners, data brokers (such as Experian), opinion polling partners, fulfilment channels such as mail/telephone/Facebook, public bodies such as the Office for National Statistics, etc. This data is then used by CCHQ to inform how and whether we contact you, for example by:
- Understanding the matters and issues that are likely to be of relevance and significance to you (e.g. if we think you may have children we may send information about our education policy)
- Deciding whether we send you our campaigning materials, or materials about how you can support the Conservative party.
- Identifying target audiences for particular issues, social media advertising, and appeals for financial support
- Selecting what material we send to you
- Evaluating whether we think you are likely to vote and for whom you will likely vote for during an election or a referendum
We also use analytics to perform analysis of individual and aggregated data (for example, we might combine individual data relating to voting intention and details about the constituency) to provide us with competitive insight into the political landscape and general trends, and to allow us to better understand the electorate as a whole.
Examples of categories of data that we typically analyse are: political affiliation, political opinions and preferences, likelihood to vote, attitudes, geodemographic and socioeconomic characteristics.
We undertake these analyses as we have a legitimate interest to identify potential Conservative voters and supporters. Indeed, it also allows us to behave accordingly should voters request that we don’t contact them, for example. Where our profiling processes special category data relating to your political opinion we consider that this is necessary for the purposes of our political activities and therefore permitted in accordance with Article 9(2)(g) UK GDPR – substantial public interest – DPA 2018, Schedule 1, Part 2, Paragraph 22 Political Parties.
Our analytics and profiling does not replace the direct contact that we make with individuals – these activities supplement our traditional campaigning methods such as canvassing and conducting surveys.
We have determined that this kind of profiling, and any decisions that are based solely on that profiling, is unlikely to create legal or significant affects for you. Where such decisions create legal or similarly significant affects you have the right not to be subject to that decision and you can exercise that right by contacting our Data Protection Officer. You can also contact us at any time and exercise your right to object and ask that we do not process your personal information for this purpose.
6. Our Relationship with the wider Conservative Party
The historical nature of the Conservative Party means that rather than being one single organisation we are an interconnected family consisting of the Party Headquarters, local associations, areas and regions of the Party (known as ‘accounting units’ and listed on the Electoral Commission website) elected representatives, candidates, members, volunteers and party officers. We are all united by our common Conservative identity. One of CCHQ’s primary roles is to provide professional support to our family of volunteers who help to run the party across the UK.
Much of the work of the Party is conducted by the wider Conservative Party. For this reason we have a legitimate interest to share and make available certain personal information with the wider Party when it is necessary for our campaigns or other activities and vice versa via our Electoral Management Database, Field Campaigning Teams and Voluntary Party Managers. Sharing may also be necessary in the public interest, as being an activity that supports or promotes democratic engagement. Some examples of such data sharing include:
- If you join the Conservative party via CCHQ we will provide your information to your local association.
- If a local association conducts a survey, or other campaigning activity, the results may be shared with CCHQ.
- If a local association receives a donation or a loan of more than £500 this information will be shared with CCHQ so that it can be recorded and reported by the Party’s Registered Treasurer as per Parts IV and 4A Political Parties, Elections and Referendums Act 2000.
- Details of party supporters and volunteers may be supplied to local Conservative candidates and local Associations for the purposes of their election campaign.
- If you contact a local association about a complaint or an issue then it may be shared with CCHQ so that our Voluntary Party Managers can provide professional assistance in resolving the matter.
- If a complaint is made under our Code of Conduct then details may be shared with relevant sections of the wider party in order to assist our investigation.
- Details may routinely be shared between the Party and the Wider Party as part of a restructuring process – for example when constituency boundaries change following a statutory boundary review.
7. Where we collect personal data from
We collect personal data from a variety of sources:
Provided by you (Directly):
- In person when you speak to one of our representatives or volunteers
- Through a telephone call, either where you call us, or we call you
- On paper, such as if you return a printed survey, a petition, a reply slip on a leaflet or if you write to us
- Digitally, such as if you fill in a form on a website or interact with the Party online via our websites or social media platforms
- When you consent to our use of cookies and similar technologies (such as our Facebook Pixel)
- When you offer or ask about volunteering, or take part in party activities
- When you enter into a transaction with the Party, such as becoming a member, donating, purchasing a product from our online shop or paying to attend an event
- When you consent to receiving electronic marketing (we never buy in email addresses)
- When you attend an event
Third-Party Sources (Indirectly):
- When data is shared with us from the wider Conservative Party
- The full electoral register and marked registers to which the Party is legally entitled as per The Representation of the People (England and Wales) (Amendment) Regulations 2002 and the Representation of the People Regulations 2001 in Scotland. We receive an updated version of these from local authorities every time an update is published, which is usually every month.
- Social media platforms and other technology providers (for instance, when you click on one of our Facebook ads or watch one of our Instagram or Youtube videos)
- Publicly available information such as media history, news reports, web searches etc
- Public records or sources such as Companies House, Land Registry etc
- CCTV, if you visit Conservative Party Headquarters or one of our regional offices
- Data brokers and data analytics companies – such as Experian
- Royal Mail
- Telephone Preference Service
- Market research organisations
- Due diligence and screening organisations
8. Who we share your data with
We will never sell your data but sometimes it is necessary to share your information, either within the wider Conservative Party, or with our service providers, data controllers and data processors. Data is only ever shared where we have a party reason and when the law allows us to do so.
We share data with:
- The wider Conservative Party
- Affiliate organisations – such as National Conservative Draws Society or various Conservative “Friends of “ organisations
- Business associates and professional advisers – for example opinion pollsters or political strategists
- Suppliers and sub-contractors – for example printing and delivery suppliers
- Service providers and sub-contractors – for example an Email Marketing Platform or a Cloud Storage provider
- Organisations providing services for events
- Social media platforms and other technology providers
- Data analytics companies
- Due diligence and screening organisations
- Financial service organisations – such card payment providers
- Political organisations
- Elected representatives
- Media Organisations
- Regulatory bodies – such as the Electoral Commission or the Information Commissioner’s Office
- Market researchers
- Healthcare and welfare organisations
- Law enforcement authorities – for the purposes of prevention of crime
- Government authorities
- Third-parties with whom you have requested we share your data
Where we use a third-party data processor, in other words an organisation that processes data on our behalf and under our instruction, we ensure that this processing is governed by a legally enforceable data processing agreement which sets out their responsibilities for protecting your data and your rights. Where we share data with a third party controller, an organisation that determines how data will be processed, we ensure that this is governed by a Controller to Controller data sharing agreement.
Where we share data with the wider Conservative Party we ensure that the recipient of the data agrees to a terms and conditions that they will use the data only for the purposes for which it was provided and will take necessary measures to ensure its security. Members of the wider Party receive training on data protection.
9. Data processed with your consent
Where we use consent as our legal basis for processing your data, or process special categories of your data on the basis of your explicit consent, you have the right to withdraw your consent at any time. For further information on when we rely upon consent please see Section 4 “How we use your information”.
There are several ways that you can easily withdraw your consent, you can:
- Go to www.conservatives.com/contact and select “Stop Mailings”,
- Contact our Data Protection team directly either by post, email or telephone,
- Press the “Unsubscribe” option contained within our Email communications to you,
- Let one of our representatives know that you wish to withdraw your consent
We will maintain a record of your withdrawal of consent.
10. Transferring your data outside of the United Kingdom
Some of our service providers are located outside of the UK and therefore it may be necessary to transfer your personal data outside of the UK. Where we do transfer your data outside of the UK we will make sure that it is protected in the same way as if the data was inside the UK.
We will use one of the following appropriate safeguards to ensure this:
- Where the UK has issued an adequacy regulation determining that a third country or organisation ensures an adequate level of data protection.
- A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the UK.
If we are unable to rely on one of the appropriate safeguards when transferring data outside the UK, we may rely on a derogation for specific situations under Article 49 UK GDPR in order to transfer your data outside of the UK. This may be necessary for example to fulfil a contract that we have made with your or if you give us permission to do so.
You can get more information about the protection given to your data when it is transferred outside of the UK or to a third country or an organisation to which an adequacy decision has not been issued by contacting our Data Protection Officer using the contact information detailed in this notice.
11. How long we retain your data for
We retain your information in accordance with the CCHQ Data Retention Policy and Data Retention Schedule. We constantly review the data that we hold and regularly consider its relevance and our need to hold onto it. We use several factors to determine our retention periods. Factors we take into consideration are:
- Retention periods as required by law – for example, the Conservative Party is under a statutory duty to retain financial information for a period of 6 years,
- The purpose for which the data was provided or obtained,
- Our documented business requirement for holding onto your data,
- Whether holding onto your data will infringe your rights over your data,
- Legal and regulatory obligations that may require reference to your data,
If you require more detailed information on how long your data will be kept for please contact our Data Protection Officer.
12. How we protect your data
We take the security of personal data seriously. We use security technology, including firewalls, password protection and encryption to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage. We have processes in place to deal with a data breach in the unlikely event one should occur.
We only use third party service providers where we are satisfied that they provide adequate security for your personal data.
13. Cookies and similar technologies
We use cookies to provide you with a tailored experience on our website, as well as on other online platforms that we operate on, and to gather statistics on how are online services are used so that we can improve our services. Some of our cookies may also collect personal data. A cookie is a piece of code that is sent to your internet browser and is stored on your system. We also use ‘similar technologies’ such as web beacons, pixel tags, clear gifs or tracking pixels and we use these for example to track the campaigns emails that we send to learn whether you opened an email and how you interacted with it.
Please visit our cookie page for more information about how we use cookies and similar technologies on our websites and services. We always seek your consent to use cookies and/or similar technologies.
14. Your data rights
This section explains about your data subject rights you have. You can exercise any of these rights by contacting our Data Protection Officer or Data Protection Team.
Your Data Rights |
Explanation |
---|
Right to be informed
|
You have the right to be informed about the collection and use of your personal data. CCHQ provides this in the form of privacy notices and/or privacy information at the point of collection or within one month of obtaining your data.
We may not provide privacy information where you either already have such information or it would involve a disproportionate effort to provide such information.
|
Right of access to your data
|
You have the right to request a copy of your personal information that we hold. This is commonly known as a Subject Access Request.
|
Right of rectification of your data
|
You have the right to request that inaccurate or incomplete information that we hold about you is corrected.
|
Right to be forgotten
|
In certain circumstances you can ask for the data we hold about you to be erased from our records. When we do so, we keep the bare minimum of your information in order to continue to respect your wishes when your personal data is next provided to us by a local authority, which is at least annually. There is some data that must be retained by law and other data that we may have a legitimate interest to retain
|
Right to restriction of processing
|
You have the right to request that we restrict the processing of your data where you are contesting the accuracy of the data or when the data has been unlawfully processed.
|
Right to data portability
|
You have the right to have the data we hold about you transferred to a third-party organisation and you can ask that we provide it in a machine readable format.
Information is only within the scope of the right to data portability if it is personal data that you have provided to us.
|
Right to object
|
You have an absolute right to object to your data being used for direct marketing, including profiling for direct marketing purposes – we mark your data clearly with a “no processing” label.
If we process your data on the basis of “legitimate interests” or “a task carried out in the public interest” then you have the right to object to us using your data in that way. This right is not absolute, and we may continue to process your data if we can demonstrate compelling legitimate grounds for the processing.
|
Automated individual decision-making, including profiling
|
We may use computer software to make decisions about you or to create a profile about you. You have the right not to be subject to such a decision or to that profiling where it creates legal effects concerning you or where it significantly affects you.
|
15. Making a complaint
If you are unhappy with the way that we have processed or handled your data, then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.
The contact details for the Information Commissioner’s Office are:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
- Telephone: 0303 123 1113
- Website: https://ico.org.uk/make-a-complaint/