Privacy Notice

Office of Gordon McKee MP
This document outlines how Gordon McKee MP processes and manages personal data and:

• Identifies the data controller.
• Explains the lawful basis for processing personal data.
• Outlines the personal data held and processed.
• Outlines the scope of special category personal data held and processed.
• Outlines the process of Subject Access Requests.

Data Controller

The Data Controller is Gordon McKee MP.

Contact

If you have any questions about this policy, how we use your data, or would like to exercise any of your rights, contact Gordon McKee MP.

Lawful Basis for Processing

All processing is carried out by consent or under the legitimate interest of Gordon McKee MP, or public interest. This includes processing for casework, campaigning, and communication. Public interest processing supports or promotes democratic engagement, including fundraising activity.

Data Sources

We hold data you provide when contacting us, and from third parties we engage with on your behalf. We also use the Register of Electors provided under the Representation of the People Act for electoral purposes. If you do not wish to be contacted by phone, please do not provide your number.

Data Security

Personal data is stored securely in the UK. Our service providers meet the same high standards of data protection.

Special Category Data

Special category data is processed under the lawful bases in section 3, as permitted in clauses 22–24 of Schedule 1 of the Data Protection Act. These relate to political parties and elected representatives.

Transferring Your Data Outside the EEA

Some service providers may be outside the EEA. If so, your data will be protected through one of the following safeguards:

• An adequacy decision by the European Commission.
• A contract ensuring EEA-level protection standards.
• Compliance with the EU-US Privacy Shield.

Electoral Register Data is never transferred outside the EEA.

Data Retention Policy

Personal data is kept no longer than necessary, typically no more than two election cycles. Data is reviewed each cycle to determine if it should be maintained or deleted.

Subject Access Requests

Requests are handled in line with ICO guidance:

• We verify your identity and may ask for clarification.
• We respond within 28 calendar days once confirmed as legitimate.
• You have the right to know if data is processed, what it is, why it's processed, and who receives it.

Sharing Your Data

In responding to your enquiries, your data may be shared with third parties such as local authorities, public bodies, regulators or government agencies. These third parties are obligated to use your data only for its intended purpose and to keep it secure.

We may also share data with Political Party associations or affiliates to support democratic engagement. We will share data with law enforcement if legally required.

Your Data Rights

You have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Ask to delete your data (“right to be forgotten”).
• Objection: Object to certain processing like direct marketing.
• Automated processing: Object to decisions made by algorithms.
• Judicial review: If a request is refused, you can challenge the decision.

Complaints

If you're unhappy with how we handled your data, contact the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/concerns/

Proof of identity is required to exercise data rights.