Pauline McNeill  For the Glasgow Region

Privacy Policy

Pauline McNeill MSP Data Protection Privacy Notice
This the Privacy Notice of the Office of Pauline McNeill MSP.
This privacy notice explains how my office collects and uses personal information about individuals.
It is effective from 25 May 2018.

My office address and contact details are:
Address: M1.14, The Scottish Parliament, Edinburgh, EH99 1SP
Email: pauline.mcneill.msp@parliament.scot
Phone: 0131 348 6475

Notification:
I am registered as a data controller with the UK Information Commissioner and my reference number is: REQUIRED

How I use your personal data:
I process any personal data under the requirements of the General Data Protection Regulation (EU) 2016/679 (the GDPR), the Data Protection Act 1998 and any Act that replaces the Data Protection Act.
The UK Parliament are currently considering a Bill that is intended to replace the Data Protection Act 1998 and is here referred to as the Data Protection Bill (DPB). The GDPR comes into force on 25 May 2018 which means that its provisions will apply from that date. In this document I am using GDPR terminology and requirements. If you have any questions about how the Data Protection Act 1998 applies to this process for the time period leading up to the 25 May 2018, please contact us using the details above.

What is personal data?
Personal data is any information from which a living individual can be identified.
I will hold all personal data securely, I will only use it for the purposes it was collected or acquired for and I will only pass it on to third parties with your consent or according to a legal obligation.
Further information about the data protection legislation and your rights is available here:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Purposes and categories of processing personal data:
I collect and use personal data to fulfil the following functions and associated activities of my office;
to carry out casework on behalf of my constituents;
to tend to local and national issues and campaigns I am involved in, including the use of casework data to inform national or local trends;
to invite constituents to public meetings;
to manage and support my staff and to maintain supplier relationships;
to process expenses, accounts and associated records.
If you contact me with an inquiry or a complaint, I will normally need to store your contact details to deal with your inquiry or complaint. This is considered to be “normal category data” under the GDPR.
Other personal data you may provide to me may include details about your personal and family life, social circumstances and business activities, your employment and education details, financial information or information about your housing situation etc. Depending on what views, issues or experiences you wish to discuss with me, you may be sharing “special category” data with me. For example, this could include details about race or ethnic origin, political or religious views, sex life or sexual orientation, trade union membership, physical or mental health, genetic or biometric data or any criminal offences.

The legal basis for processing personal data:
Data protection law states that I must have a legal basis for handling your personal data. The permitted legal bases can be found in the GDPR and the DPB.
Depending on the circumstances, the legal basis for processing personal data in my office may include:
Consent of the data subject (the person who the personal data relates to.)
Complying with legal obligations
Protecting vital interests of individuals
Pursuing legitimate interests
Acting in the public interest, including democratic engagement activities
The processing is necessary for the performance of a contract
Categories of processing activities and corresponding legal basis:
Processing of personal data means anything from collecting, storing, using to sharing and deleting (see link above for more information).
I process personal data in the following ways:
Processing activity
The legal basis
How long I retain the data
How the data may be shared
Receiving, storing and responding to general enquiries by letter, email or in person
The processing is necessary for the performance of a task carried out in the public interest or for the purpose of a legitimate interest (Art 6(1)(e) or 6(1)(f) GDPR). Or, for special category data:

The processing is necessary for reasons of substantial public interest (Art 9(2)(g) GDPR and DPB Sch 1, para 23).
The task is the engagement of constituents with their elected parliamentary representative. The accessibility of elected representatives is in the public interest.
Furthermore, the data will always be received with the consent of the person who has made the query, either through an online form, email, written or other form of consent.
I will retain information for as long as I am a sitting MSP.
Please refer to Sharing of personal data below.
Receiving, storing and responding to complaints by letter, email or in person

Receiving and storing data in relation to a personal issue or problem raised by a constituent (casework)

Analysis of contact from constituents in order to understand trends by area and over time of different issues and concerns, and use of this analysis
The processing is necessary for the performance of a task carried out in the public interest or for the purpose of a legitimate interest (Art 6(1)(e) or 6(1)(f) GDPR). Or, for special category data:

The processing is necessary for reasons of substantial public interest (Art 9(2)(g) GDPR and DPB Sch 1, para 23).
The task is the analysis and subsequent use of that analysis to inform and assist me to perform my role as policy-maker and local representative.
I will retain information for as long as I am a sitting MSP.
Please refer to Sharing of personal data below.
Collect and use data for the purpose of sending out newsletters with information about surgeries, office contact details and upcoming events and campaigns
The processing is necessary for the performance of a task carried out in the public interest (Art 6(1)(e) GDPR).

The task is informing the public about issues that will be of interest to them.
The data will be collected using explicit opt-in consent.
I will retain information for as long as I am a sitting MSP.
Please refer to Sharing of personal data below.
Take, store and use photos and videos in connection with my engagements and events I attend in my capacity as a MSP.
The processing is necessary for the performance of a task carried out in the public interest or for the purpose of a legitimate interest (Art 6(1)(e) GDPR or Art 6(1)(f) GDPR).

Furthermore, consent will always be obtained from the person photographed or videoed.
I will retain information for as long as I am a sitting MSP.
Please refer to Sharing of personal data below.
*Engage with constituents using surveys – letter, form, online
The processing is necessary for the performance of a task carried out in the public interest (Art 6(1)(e) GDPR).
I will retain information for as long as I am a sitting MSP.
Please refer to Sharing of personal data below.

Sharing of personal data:
I sometimes may be required to share the personal information I hold with other individuals or organisations including for example:
healthcare, social and welfare organisations
local and central government bodies
educators and examining bodies
statutory law enforcement agencies
investigating bodies
elected representatives and other holders of public office
financial organisations
crime prevention agencies and the police

The legal basis for sharing data with these organisations may be that
the sharing is necessary for complying with a legal obligation to which I am subject (Art 6(1)(c) GDPR;
the sharing is necessary in order to protect the vital interests of the data subject or of another person (Art 6(1)(d); or
the sharing is necessary for the performance of a task carried out in the public interest or substantial public interest (Art 6(1)(e) or Art 9(2)(g) GDPR.

I may seek your prior express consent to share your personal data with any of the following:
employment and recruitment agencies
press and the media
family, associates and representatives of the person whose personal data I am processing
enquirers
subjects of complaints
political parties
charitable parties
The consequences of my not processing personal data are:
Where I am processing personal data for the performance of a contract, the consequence of not processing the personal data is that I may not be able to fulfil my obligations under that contract.
Where I am processing personal data in accordance with a statutory obligation, the consequence of not processing personal data may be that I am liable to regulatory fines for non-compliance with that statutory duty.

Automated data processing:
I do not use automated processing techniques to process your data.

Sharing or processing personal data outside the European Economic Area:
I do not share or process personal data in locations outside the EEA.

Retention of personal data:
I retain personal data for the period that is necessary to carry out casework on behalf of my constituents, work on issues and campaigns I am involved in, and to support my staff and maintain supplier information, expenses, accounts and associated records.

Using my website:
My website may use cookies to gather information about how visitors use my website to help me improve its performance, and secondly, to improve the visitor experience when using the website by delivering pages more quickly or remembering user settings. Additionally, videos on the website may use cookies created by third-party providers such as Flash or YouTube.
The information I collect is anonymous – it cannot be used to identify you personally. Further information on the way that I use cookies and how you can set your browser to control cookies is available in my cookie policy, available at ‘cookie settings’ at www.paulinemcneillmsp.scot

Cookies
The Internet pages of www.paulinemcneillmsp.scot may use cookies. Cookies are text files that are stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the dats subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.
Through the use of cookies, www.paulinemcneillmsp.scot can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Your rights
The GDPR sets out the rights which individuals have in relation to personal information held about them by data controllers. These rights are listed below, although whether you will be able to exercise each of these rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place (see the individual privacy notices listed above for further details in relation to specific processing activities).
Access to your information – You have the right to request a copy of the personal information about you that I hold.
Correcting your information – I want to make sure that your personal information is accurate, complete and up to date and you may me to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask me to delete personal information about you where:
You consider that I no longer require the information for the purposes for which it was obtained.
I am using that information with your consent and you have withdrawn your consent.
You have validly objected to my use of your personal information –my use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to require me to stop using your personal information for direct marketing purposes. In addition, where I use your personal information to perform tasks carried out in the public interest then, if you ask me to, I will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – in some cases, you may ask me to restrict how I use your personal information. This right might apply, for example, where I am checking the accuracy of personal information about you that I hold or assessing the validity of any objection you have made to my use of your information. The right might also apply where this is no longer a basis for using your personal information but you don’t want me to delete the data. Where this right to validly exercised, I may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent using your information – Where I use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact me using the contact details provided above or at my constituency office below

CONSTITUENCY OFFICE
Suite 1-11 Bellahouston Business Park
423 Paisley Road West
Glasgow
G51 1PZ

Telephone: 0141 465 9932
FAX: +1 800 889 9898
E-mail: info@paulinemcneillmsp.scot

Changes to my privacy statement
I keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information above.
This privacy statement was last updated on 31th May 2018.

Complaints
I seek to resolve directly all complaints about how I handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office:
Online: https://ico.org.uk/global/contact-us/email/
By phone: 0303 123 1113
By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Text
Copyright Pauline McNeill for the Glasgow Region
The cost of this website has been met out of parliamentary funds. Complaints about this website content should be sent by email to sp.info@scottish.parliament.uk.
The parliament is not responsible for the content of other internet sites that this site may link to
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram