Privacy Policy.

The Data Controller is Ben Fletcher.

If you have any questions about this policy or for more information about how we use your data or would like to exercise any of your rights, please contact the campaign team at campaign@ben4mayor.com.

All processing is carried out by consent or either under the legitimate interest of Ben Fletcher, or public interest. These cover processing to conduct casework, campaigning and communication. Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement. This includes fundraising activity in order to support democratic engagement.

Data held is that provided by you when you contact us and correspondence with third parties in response to cases taken up on your behalf.

We may also hold data that you provide when we contact you – for instance, if we ask you to participate in a survey or petition. If you do not wish for us to contact you by telephone please do not provide this information. We perform a database lookup automatically upon any form submission to include electoral boundary data. The Register of Electors that councils provide to authorised persons under the Representation of the People Act is also used for electoral purposes.

Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standard that we do, and we store our data on secure servers in the UK.

Special category data will be processed under the lawful basis indicated in section 3, as is permitted in clauses 22, 23 and 24 of schedule 1 of the Data Protection Act, covering political parties and elected representatives.

The EU GDPR adequacy decision means that data can continue to flow between the UK and the European Economic Area (EEA). Some service providers are located outside of the EEA and therefore it may be necessary to transfer your personal data outside of the EEA. Where the transfer of your data outside of the EEA takes place we will make sure that it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.

• Where the European Commission has issued an adequacy decision determining that a non-EEA country or organisation ensures an adequate level of data protection.
• A contract is put in place with the recipient of the data obliging them to protect the data to the same standards as the EEA.

Legally it is not permitted to transfer certain types of data, such as Electoral Register Data, outside of the EEA, and we honour that obligation.

Personal data will be held for no longer than necessary. Some types of data may be held for longer than others. Typically the maximum retention is two election cycles. Review of the data held will occur in each election cycle to determine whether it should be maintained or put beyond use. We also comply with the ICO's expectation guidelines relating to petitions.

We will request verification of the identity of any individual making a request, ask for further clarification and details if needed and respond within one calendar month once we have confirmed it is a legitimate request.

If you have contacted us about a personal or policy issue, your data may be passed on to a third-party in the course of dealing with your enquiry, such as local authorities, government agencies, public bodies, health trusts, regulators, and so on. We may need to share your data with a third party, such as the police, if required to do so by law.

Unless otherwise specified, data may also be shared with entities of Political Party associations, federations, branches, groups and affiliates in order to assist you or maintain contact with you in support of democratic engagement.

• Right of access – you have the right to request a copy of the information held about you.
• Right of rectification – you have a right to correct data held about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data held about you to be erased from our records.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.

If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.