Data Protection and Privacy Policy
This document outlines how Alex Chalk processes and manages personal data and:
​
• Identifies the data controller.
• Explains the lawful basis for processing personal data.
• Outlines the personal data held and processed.
• Outlines the scope of the special category personal data held and processed.
• Outlines the process of Subject Access Requests.
​
1. Data Controller
The Data Controller is Alex Chalk.
​
2. Contact
If you have any questions about this policy, need more information about how we use your data, or would like to exercise any of your rights, please contact Alex Chalk.
​
3. Lawful basis for processing
All processing is carried out by consent or under the legitimate interest of Alex Chalk, or public interest. This covers processing for casework, campaigning, and communication. Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement, including fundraising activity for such purposes.
​
4. Data sources
Data held is provided by you when you contact us and through correspondence with third parties in response to cases taken up on your behalf. We may also hold data you provide when we contact you—such as participating in a survey or petition. If you do not wish for us to contact you by telephone, please do not provide this information. We perform a database lookup automatically upon any form submission to include electoral boundary data. The Register of Electors provided by councils to authorised persons under the Representation of the People Act is also used for electoral purposes.
​
5. Data Security
Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standards, and we store our data on servers located in the UK.
​
6. Special category data
Special category data will be processed under the lawful basis indicated in section 3, as permitted in clauses 22, 23, and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.
​
7. Transferring your data outside of the European Economic Area
The EU GDPR adequacy decision allows data to continue flowing between the UK and the European Economic Area (EEA). Some service providers are located outside of the EEA, so it may be necessary to transfer your personal data outside of the EEA. Where such a transfer takes place, we will ensure it is protected in the same way as if the data were inside the EEA and only occurs with your consent.
We will use one of the following safeguards to ensure this:
• An adequacy decision issued by the European Commission determining that a non-EEA country or organisation ensures an adequate level of data protection.
• A contract with the recipient of the data obliging them to protect the data to EEA standards.
It is not legally permitted to transfer certain types of data, such as Electoral Register Data, outside of the EEA, and we honour that obligation.
​
8. Data retention policy
Personal data will be held no longer than necessary. Some types of data may be held longer than others, typically for a maximum of two election cycles. We review the data held each election cycle to determine whether it should be maintained or put beyond use. We also comply with ICO's guidelines regarding petitions.
​
9. Subject Access Requests
We will verify the identity of any individual making a request, ask for further details if needed, and respond within one calendar month once we confirm it is a legitimate request. In accordance with ICO guidelines, we keep a log of Subject Access Requests with details, including identifiable information, indefinitely.
​
Data subjects have the right to:
• Be informed whether any personal data is being processed.
• Be given a description of the personal data, the reasons for its processing, and whether it will be shared with other organisations or people.
• Receive a copy of the information comprising the data and details of its source, where available.
​
10. Will we share your data with anyone else?
If you contact us about a personal or policy issue, your data may be shared with a third party, such as local authorities, government agencies, public bodies, health trusts, regulators, etc., while dealing with your enquiry. Any third parties we share your data with are required to keep your details securely and use them only for the intended purpose.
​
We may also need to share your data with third parties, such as the police, if required by law.
​
Unless otherwise specified, data may be shared with entities of political party associations, federations, branches, groups, and affiliates to assist you or maintain contact with you in support of democratic engagement.
​
Casework and other submissions via the Contact form are sent directly to their destination. The nature of casework and other enquiries is not retained on the website, but this information is available for a limited period on servers for access only in the event of a police investigation. Your name and contact details submitted via the Contact form are only retained on the website if you grant consent to join the email subscriptions list. Anonymised data from the Contact form is retained for benchmarking purposes.
Your personal data is used only as outlined here and within your reasonable expectations based on the nature of the communication, while recognising the need for political engagement in supporting democratic processes.
​
11. Data Rights
You have the following rights at any time:
• Right of access – to request a copy of the information held about you.
• Right of rectification – to correct data held about you that is inaccurate or incomplete.
• Right to be forgotten – to request data held about you be erased, under certain conditions.
• Right to object – to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – and to avoid being subject to the legal effects of automated processing or profiling.
• Right to judicial review – if our office refuses your request under rights of access, we will provide a reason. You have the right to complain.
​
12. Making a complaint
If you are unhappy with how your data has been processed, you can complain to the Information Commissioner’s Office (ICO), the supervisory body authorised under the Data Protection Act 2018 to regulate personal data handling within the UK. The ICO’s contact details are:
​
• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Telephone: 0303 123 1113
• Website: https://ico.org.uk/concerns/
​
If you have any questions about the data held, please contact Alex Chalk via the contact information on this website.
Please note that proof of identity is required to exercise any of the above rights regarding personal data.
​
We retain the right to update this policy at any time. If there are significant changes affecting your rights, we will notify you in advance.