The Office of Fergus Ewing – Privacy Notice
Fergus Ewing MSP and his office takes your privacy seriously. We aim to ensure that all processes in his office meet or exceed all relevant legal and regulatory requirements, including (from May 2018 onward) the EU General Data Protection Regulation/UK Data Protection Bill, EU Regulation 45/2001 and (prior to May 2018) the UK Data Protection Act.
Fergus Ewing has been registered with the Information Commissioner’s Office under registration reference: Z8676712
This privacy notice relates to the personal data processed by the Office of Fergus Ewing MSP.
Who is the Data Controller?
The Data Controller is Fergus Ewing, Member of Scottish Parliament for the constituency of Inverness and Nairn.
What does the office do?
The office carries out the duties and functions of an elected Member of Scottish Parliament. As part of this work, the office responds to enquiries from constituents and undertakes casework to answer these enquiries on behalf of constituents. To do this we must process individuals’ personal data.
On occasion Fergus Ewing MSP will send out letters about issues of local concern or to publicise surgeries and public meetings to constituents in a specific geographic area or community. This will be only ever be done using data from the full electoral roll which is provided to Fergus Ewing in his role as Member of Parliament. All letters will include details on how you can stop further communication done in this manner.
How do we process data?
The office processes constituents’ data under the lawful basis of “Public Task”. In instances where this lawful basis is not sufficient and explicit consent is required, Mr Ewing or a member of the office will contact you to establish your consent. The office is committed to ensuring that any information collected and used is appropriate for this purpose, and does not constitute an invasion of your privacy.
Will we share your data with anyone else?
If you have contacted the office about a personal or policy issue, we may pass your personal data on to a third-party in the course of assisting you, these third-parties include but are not limited to: local authorities, government agencies, public bodies, and regulators. We will clearly communicate to you any actions we are taking on your behalf.
Any third parties that we share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended. When they no longer need your data to fulfil this service, they ought to dispose of the details in adherence with their own procedures under all relevant data protection legislation.
In any case, we will not use your personal data in a way that goes beyond your reasonable expectations in contacting us.
How does this office use the personal data it collects?
Our Office will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date.
Under what circumstances will this office contact you?
If you raise a constituency case with us we will contact you to update you on the progress of any issue you have raised, until the issue is resolved. We undertake not to ask irrelevant or unnecessary questions and will only request and store data relevant to your case. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
How long will this office keep personal data?
Unless specifically requested by you, our office will hold your data for 5 years from last piece of correspondence sent or received.
Casework and policy queries are often revisited to provide the best service and representation for constituents, from whom we may continue to receive correspondence.
We are also required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific requirements and agreed practices.
What rights do you have to your personal data?
Under GDPR regulations you have the following rights in relation of your personal data held by the Office of Fergus Ewing MSP:
· Right of access – you have the right to request a copy of the information that we hold about you.
· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
· Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
· Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
· Right of portability – you have the right to have the data we hold about you transferred to another organisation.
· Right to object – you have the right to object to certain types of processing, such as direct marketing.
· Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
· Right to judicial review – if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.
What can I find out about the personal data that the Office of Fergus Ewing MSP holds about me?
In line with the above and at your request, we can confirm what information we hold about you and how it is processed. If we do hold personal data about you, you can request the following information:
· Our identity and the contact details.
• Contact details of the data protection officer.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of The Office of Fergus Ewing MSP or a third party, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority.
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
How can I contact somebody about my privacy?
You may contact our office by letter, email, telephone or in person using the details below. Please note that we will ask for identification should you choose to exercise any of the above rights in relation to personal data we hold, this is to ensure data is not disclosed to any unauthorised party.
The Office of Fergus Ewing MSP accepts the following forms of ID when information on your personal data is requested: Passport, Driving Licence or Birth Certificate. Our office may make take further steps or request further evidence to ensure data is only disclosed to the data subject.
Office of Fergus Ewing MSP
112 Church Street
Tel: 01463 713 004
In the event that you wish to make a complaint about how your personal data is being processed by Fergus Ewing’s office or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority.
The supervisory authority contact details:
Information Commissioner’s Office