Data we hold comprises all data subjects whose personal data is collected by the Office of the Rt. Hon. Michael Gove MP, in line with the requirements of General Data Protection Regulation (GDPR) and the Data Protection Act 1998. Under GDPR personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The Rt. Hon. Michael Gove MP undertakes to ensure all constituents sharing their personal data have the opportunity to read our Privacy Notice.
The Rt. Hon. Michael Gove MP employs staff in his Parliamentary Office who will process data on his behalf. Collectively this is ‘the Office’ of the Rt. Hon. Michael Gove MP.
Who is the Data Controller?
The Data Controller is the Rt. Hon. Michael Gove, Member of Parliament for Surrey Heath.
What does the Office do?
The Office discharges the duties and functions of an elected Member of Parliament, for which it must process the personal data of our constituents.
As part of this work, the Office supports Mr Gove in the conducting of constituency casework, in responding to constituents’ policy queries, in responding to and engaging with local issues and activities.
How do we process data?
The Office is committed to ensuring that the information it collects and processes is appropriate for the purpose and undertakes to always act within the reasonable expectations of constituents and any other individuals about whom we hold personal data.
Under GDPR there are six lawful bases on which data can be processed.
The Office processes constituents’ data primarily under the lawful basis of public task.
In instances where this is not sufficient, especially with regard to special category data, we process personal data on the lawful basis of consent, and will contact the constituent to establish explicit consent.
We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Will we share your data with anyone else?
If you contacted Mr Gove about a personal or policy issue we may pass your personal data on to a third-party in the course of dealing with you, such as a local authority, government agencies, public bodies, health trusts, regulators, and so on.
Any UK or EEA third party that we share your data with is obliged to process your personal data securely and only use it for the basis on which it was originally intended, in compliance with General Data Protection Regulation and the Data Protection Act 1998.
Due to the two separate roles of Mr Gove, as Member of Parliament for Surrey Heath and as Secretary of State for Environment, Food and Rural Affairs, the Office receives some letters from non-constituents for Mr Gove in his role as Secretary of State. These are forwarded to the Department of Environment, Food and Rural Affairs. Once the data has been shared, the receiving office becomes the data controller for that data and will process the data in accordance with its data policy. All emails sent to Mr Gove’s parliamentary email address (firstname.lastname@example.org) receive an automated response.
Constituents’ data is processed by the Office in accordance according with its Data Protection Policy. The auto response advises non-constituents writing to Mr Gove in his role as Secretary of State, that they need to resend their email to email@example.com
For how long will you keep my personal data?
Unless specifically requested by you, our Office will hold your personal data for no longer than the duration of one parliamentary term or until you exercise your right to be forgotten, whichever is the shorter.
Periodically, our Office will also review personal data stored in files or on our case management database. Where your case has been designated as ‘closed’ and/or no recourse is likely to be needed to the personal data we hold about you, it will be destroyed or erased.
This data retention policy is in place as casework and policy queries are often revisited to provide the best service and representation for constituents, from who we may continue to receive correspondence regarding the same or related or connected issues.
Therefore, we feel it is necessary for an elected representative to hold personal data as long as a constituent is corresponding or is likely to correspond with that elected representative on any given issue or other issues connected or related to that issue.
What rights do I have to my personal data?
At any point while the Office is in possession of, or processing your personal data, as the data subject you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing data that we hold about you.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.
How can I contact somebody about my privacy?
If you have any questions or concerns about how your information is processed or about your rights under GDPR and the Data Protection Act 1998, you can get in touch with the Office by letter, email or telephone using the following details.
Please note that we will ask for identification should you choose to exercise any of the above rights in relation to personal data we hold.
- Email: firstname.lastname@example.org
- Telephone: 0207 219 6804
- Post: The Rt. Hon. Michael Gove MP, House of Commons, London, SW1A 0AA
In the event you wish to complain about how your personal data is being processed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in their capacity as the UK’s supervisory authority. The details for the ICO are as follows:
- Email: https://ico.org.uk/global/contact-us/email
- Telephone: 01625 545 745
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
- Website: https://ico.org.uk
All data is kept securely in the office premises. Data is logged and held electronically on our casework management database. Data is also held in Parliamentary Email accounts and in folders on a Parliamentary server. The casework management database can only be accessed by members of staff of the Rt. Hon. Michael Gove MP. Each staff member has their own Parliamentary username and password, and their own electronic identification for the casework management database. All computers are provided by the House of Commons Digital Service and require a username and password to access.
In some circumstances we maintain paper records. These are kept in Mr Gove’s offices which, when not in use, are locked.
|Michael Gove MP Data Protection Policy.pdf||178.2 KB|