Data Protection Policy

Jill Evans MEP

Data Protection Policy(from May 25th 2018)

The Data Controller is Jill Evans MEP.

Lawful Basis

I am a Data Controller as a Member of the European Parliament.

My lawful basis for collecting and storing data is individual informed consent. 

Consent

Every individual on my database will give specific consent to the storage of their data by responding positively to an email message asking for consent and  informing them of their rights to opt-out freely, request their data,  or have their data deleted.

The details of those that do not reply or those that reply in the negative before the new regulation takes effect are deleted from the database. Those that do not reply or reply in the negative under GDPR do not have their data stored at all.

A record of all consent given by each individual will be stored on NationBuilder for future reference. Consent can be withdrawn at any time by the individual.

Data Storage

I use NationBuilder software to store data, which adheres to the principles of the EU-US Privacy Shield Framework and is listed the US Department of Commerce as complying with the European Commission’s Directive on Data Protection.

I hold the following information:

  • Documentation relating to constituency casework. This is information constituents have provided to me when requesting my assistance. It is accessible by my office staff.
  • Email documentation relating to constituency casework. This is information constituents have provided to me when requesting my assistance. It is accessible with my office staff.
  • Names and addresses on NationBuilder of constituents who have contacted me on a wide variety of issues, mainly by email. This is shared with the Head of Office in my Rhondda office.
  • Names and addresses on NationBuilder of organisations and public bodies that I contact. This is shared with the Head of Office in my Rhondda office.
  • Names and addresses on NationBuilder of Plaid Cymru members. This is shared with the Head of Office in my Rhondda office.
  • The time limit for constituents’ data held is the duration of my mandate as an MEP.  

Subject Access Requests

If a constituent requests access to personal data, the following steps will be taken:

  • The request will be passed to me within 48 hours.
  • I will examine the request and verify whether or not data is being stored in any form regarding that individual.
  • If so, the request of the individual will be implemented. If not, a response will be provided outlining what steps have been taken to check the data I hold to verify this.
  • A record of the request will be kept.

Visitor Groups

I occasionally handle data of visitors who pre-register with the European Parliament security. Their full name, passport number, date of birth, and nationality are sent to us by email. After registration, this information is deleted.  

For external groups sponsored by Jill Evans MEP that visit the European Parliament, these details are handled by the Parliament services, and as such, are not processed or handled by us in any way.

Awareness

My five members of staff have a copy of this policy and we have discussed it in detail to ensure everyone understands the requirements.

Supervisory authority

The supervisory authority will be ICO in the UK.

Information Commissioner’s Office – Wales
2nd Floor, Churchill House
Churchill Way
Cardiff
CF10 2HH

Tel: 029 2067 8400
wales@ico.org.uk