Jill Evans MEP
Data Protection Policy(from May 25th 2018)
The Data Controller is Jill Evans MEP.
I am a Data Controller as a Member of the European Parliament.
My lawful basis for collecting and storing data is individual informed consent.
Every individual on my database will give specific consent to the storage of their data by responding positively to an email message asking for consent and informing them of their rights to opt-out freely, request their data, or have their data deleted.
The details of those that do not reply or those that reply in the negative before the new regulation takes effect are deleted from the database. Those that do not reply or reply in the negative under GDPR do not have their data stored at all.
A record of all consent given by each individual will be stored on NationBuilder for future reference. Consent can be withdrawn at any time by the individual.
I use NationBuilder software to store data, which adheres to the principles of the EU-US Privacy Shield Framework and is listed the US Department of Commerce as complying with the European Commission’s Directive on Data Protection.
I hold the following information:
- Documentation relating to constituency casework. This is information constituents have provided to me when requesting my assistance. It is accessible by my office staff.
- Email documentation relating to constituency casework. This is information constituents have provided to me when requesting my assistance. It is accessible with my office staff.
- Names and addresses on NationBuilder of constituents who have contacted me on a wide variety of issues, mainly by email. This is shared with the Head of Office in my Rhondda office.
- Names and addresses on NationBuilder of organisations and public bodies that I contact. This is shared with the Head of Office in my Rhondda office.
- Names and addresses on NationBuilder of Plaid Cymru members. This is shared with the Head of Office in my Rhondda office.
- The time limit for constituents’ data held is the duration of my mandate as an MEP.
Subject Access Requests
If a constituent requests access to personal data, the following steps will be taken:
- The request will be passed to me within 48 hours.
- I will examine the request and verify whether or not data is being stored in any form regarding that individual.
- If so, the request of the individual will be implemented. If not, a response will be provided outlining what steps have been taken to check the data I hold to verify this.
- A record of the request will be kept.
I occasionally handle data of visitors who pre-register with the European Parliament security. Their full name, passport number, date of birth, and nationality are sent to us by email. After registration, this information is deleted.
For external groups sponsored by Jill Evans MEP that visit the European Parliament, these details are handled by the Parliament services, and as such, are not processed or handled by us in any way.
My five members of staff have a copy of this policy and we have discussed it in detail to ensure everyone understands the requirements.
The supervisory authority will be ICO in the UK.
Information Commissioner’s Office – Wales
2nd Floor, Churchill House
Tel: 029 2067 8400