It is our legal statement that discloses the different ways the Money Free Party can potentially gather, use, disclose, store, release and manage your “personal data” (*Note 1). We consider personal data to be anything we are given or obtain, that can be used to identify you as an individual. In particular it could be any of the information we collect as detailed under the “Data Collected” heading below.
Note 1. UK legislation defines “Personal Data” as any information relating to an identifiable natural person; ie one who can be identified directly or indirectly in particular by reference to a name, identification number, location date, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person
General Note. Since April 2019, organisations that only process personal data for elected / prospective representative functions (eg: Members of Parliament, county, district, parish and London borough councillors, mayors) are exempt from paying a Data Protection Fee to the ICO, unless they process personal data for purposes other than the exercise of their functions as a elected / prospective representative. Regardless, however, the Money Free Party will adhere to the principles of the GDPR and the prospective representative will be deemed the Data Controller.
In the interests of clarity and understanding at various points in this policy we have provided working examples of the topic or regulation being documented.
1. Terms and Conditions at www.moneyfreeparty.uk/terms-and-conditions.
2. Our Cookies Policy at www.moneyfreeparty.uk/cookies.
Definitions and Interpretation
Data: all information that you submit to the Money Free Party via this Website, email or e-marketing. This definition incorporates the definitions provided in the Data Protection Laws.
Data Controller: the person/organisation that decides how and why to collect and use your data. This is the Money Free Party UK. The controller makes sure that the processing of your data complies with data protection law.
Cookies: details of cookies used by this Website are set out separately in our Cookies policy on this website at www.moneyfreeparty.uk/cookies.
UK and EU Cookie Law: the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
Data Protection Laws: any applicable law relating to the processing of personal Data, including the GDPR, and any national implementing laws, regulations and secondary legislation, whilst the GDPR is effective in the UK. (For the curious see at the foot of this page a history of relevant significant legislation).
GDPR: General Data Protection Regulation (EU) 2016/679, May 2018.
The Money Free Party, we, us, Money Free Party, www.themoneyfreeparty.uk: The Money Free Party, a Political Party registered on 27 March 2017 with the Electoral Commission, number PP6387, whose registered address is at 81 Tranmere Avenue, Bristol, BS10 7JH. Our administration address is Battle Road Tewkesbury Gloucestershire.
User, you: any third party that accesses the Website and is not employed by the Money Free Party and/or acting in the course of their employment or engaged as a consultant or otherwise providing services to the Money Free Party and accessing the Website in connection with the provision of such services.
Website: the website that you are currently viewing www.themoneyfreeparty.uk and any sub-domains.
and Unless the context requires a different interpretation:
– singular includes the plural and vice versa
– reference to a person includes firms, companies, government entities, trusts and partnerships
– “including” means “including without limitation”
– reference to any statutory provision includes any modification or amendment of it
Scope of this Policy
– date of birth
– contact Information such as email addresses and telephone numbers
– PayPal user name for those making donations and/or payments
– banking details for those making any payments by cheque
– demographic information such as postcode, address, preferences and interests
– IP address (automatically collected)
– web browser type and version (automatically collected)
– operating system (automatically collected)
– URLs (Uniform Resource Locator / web address) a referring site, your activity on this Website, and the site you exit to (automatically collected)
Sources of Data Collection
We collect Data in the following ways. It is:
– given to us by you.
– received from other sources / third parties.
– collected automatically.
How we Collect Your Data
– contact us through the Website, by telephone, post, e-mail or through any other means.
– register with us and set up an account to receive our products or services or become a party member.
– complete surveys/polls that we use for research purposes (you are not obliged to respond to them).
– enter a competition or promotion through our website or a social media channel.
– make payments to us, through this Website, PayPal or otherwise.
– elect to receive marketing communications from us.
– automatically collect data when you use the website.
– WordPress Security applications that record ip addresses and location of internet service provider.
– Google Analytics for visitor demographics, referring history, web pages visited, outbound links.
– Data received from publicly available third parties sources like Google.
– Data from connected websites.
– information about your visit to help us make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you visit and the way you use and interact with its content.
Particular examples of data collected
The headings above provide details of the types of data we collect and generally where we collect it. But how in practice does that occur and what methods do the Money Free Party use? Below are examples of the main processes.
EXAMPLE 2: If you upload images to the website, any file with embedded location data (EXIF GPS) may reveal personal details about you. Any visitor to our website could download and extract any location data from those images.
EXAMPLE 3: When you fill in a contact form we will collect and store those details. For instance you may have provided your name, email address and telephone number.
EXAMPLE 4: Whilst visiting our website, security software logs your time of arrival and the referring page, your depature time, the pages you visited, ip address, ip location, device details, browser type and signin name (if you are registered / member of site).
Our Use of Your Data
– internal record keeping and security.
– improvement of our products / services.
– email of marketing materials, events, products that may be of interest to you.
– contact for market research purposes, using email, telephone, or postal mail.
– to customise or update the Website.
– to process your application for party membership.
– to meet regulatory requirements of the Electoral Commission.
We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see “Your rights” below).
Email and Internet Marketing
To deliver direct marketing via e-mail to you, we need your consent. This can be whether via an opt-in or soft-opt-in:
– soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (eg: you contact us to ask for more details about a product/service/membership). Under this type of consent, we will assume your consent has been given – unless you specifically request to opt-out.
– explicit opt-in consent is required for all other types of Electronic Marketing. Here you need to take positive and affirmative action when consenting. This generally is by marking a tick box that you consent.
You have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed “Your rights” below.
Who we share Data with
a. any of our connected organisations or affiliates – for sales and marketing purposes and to ensure the proper administration of our website and organisation.
b. our employees, agents, volunteers and/or professional advisors – to obtain advice, for security and compliance reasons, when processing membership applications, when accepting donations.
c. third party service providers who provide services to us which require the processing of personal data – to help third party service providers (eg: Youtube, Facebook) in receipt of any shared data to perform functions on our behalf to help ensure the website runs smoothly.
d. third party payment providers who process payments made over the Website – to enable third party payment providers to process user payments and any refunds.
e. relevant authorities – to facilitate the detection of crime or the collection of taxes or duties and to meet any compliance, accounting or regulatory requirements of the electoral commission.
f. visitor comments may be checked through a 3rd party automated spam detection service.
Keeping Your Data secure
We use measures to safeguard your Data, for example:
– access to your online party membership account and/or forum is controlled by a password and a user name unique to you.
– we use software to monitor unusual website activity and ban IP addresses attempting unauthorised logins
– we store and backup your Data on secure servers
– we use security applications to prevent access to your data
If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us at firstname.lastname@example.org. Helpful information about how you can protect your data and devices against fraud, identity theft, viruses and other online issues can be obtained from www.getsafeonline.org, which is supported by HM Government.
Data breach procedures we have in place
Security breaches and loss of personal data are regrettably common occurrences, caused by human error and malicious intent. No set of security measures are infallible to a breach. However, the Money Free Party UK does its utmost to comply with, and exceed the requirements of UK personal privacy law. We have a robust and systematic process for responding to any such event. We will:
- be open and sincere and if applicable admit fault and responsibility.
- if necessary bring in 3rd party IT professionals
- document the the fault as laid out here and immediately report the incident to the designated data supervisor. Reports will contain the fullest details possible.
- task an initial assessment to mitigate and if applicable, describe solutions for affected users; we believe few people will care what caused the situation, but will care about what we are doing to put it right.
- record event in a central log, which will be monitored to track any types and frequently recurring issues
- inform the Information Commissioners Office (ICO) within 72 hours if a breach is “….likely to result in a high risk of adversely affecting individuals’ rights and freedoms”.
- the breach, if not exempt, will be notified to the individual(s) concerned.
- effect education and training to prevent issues happening in future.
EXAMPLE 1: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. The metadata will contain some personal details that you provided when you uploaded the comment eg: email address.
EXAMPLE 2: For users that register on our website, become party members, participate or use the forum, we store the personal information they provide indefinitely in their user profile. All users can see, edit, or delete their own personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is manifestly unfounded or excessive. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
You have the following rights in relation to your Data:
Right to access – the right to request copies of data we hold about you and/or that we modify, update or delete such data.
Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.
Right to erase – the right to request that we delete or remove your Data from our systems.
Right to restrict – the right to “block” us from using your Data or restrict the way in which we can use it.
Right to data portability – the right to request that we move, copy or transfer your Data.
Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.
Complaints and Enquiries
To make enquiries, make a complaint, exercise any of your rights, or withdraw your consent to the processing of your Data, please contact us at: email@example.com. If you are not satisfied with our response, you may be able to refer any data complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk.
Transfers outside the European Economic Area (EEA)
Data which we collect from you could possibly be stored, processed and transferred to countries outside of the EEA. This could occur if our servers or backup servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA. We will only transfer Data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data.
Links to other websites
Changes of ownership and control
Automated decision making / profiling of user data
General Points to Note
- Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
- This Agreement will be governed by and interpreted according to the law, and exclusive jurisdiction of the courts of, England and Wales.
Policy Completed and Dated
1st January 2021
The GDPR Seven key data protection principles
which the Money Free Party UK pledges to adhere to
Lawfulness, fairness, transparency
We make sure our data collection practices are compliant and transparent.
We have an understanding of the GDPR and the rules for data collection.
We collect personal data only for a specific purpose and state what that purpose is.
We use data for only as long as necessary to complete that purpose.
We only process personal data that we need to achieve its processing purpose.
This helps us to limit personal information exposure in the event of a data breach.
And It makes it easier to keep data accurate and up to date.
In accordance with GDPR rights, we take every reasonable step to erase or rectify data that is inaccurate or incomplete and we do this within 30 days of notification.
We delete personal data when it’s no longer necessary.
For example, if a Party Member cancels their membership we delete all their data.
Integrity and confidentiality (Security)
We process information in a manner that ensures appropriate security of personal data.
We have in place protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We encrypt and/or anonymise personal data where possible.
We are responsible for and able to demonstrate compliance with Item 1 above.
The UKs constitution does not have a right to privacy for individuals, however the European Convention (EC) on Human Rights has been incorporated into The Human Rights Act 1998 (Convention Right Article 8 deals with Privacy). Common Law does not provide a right to privacy.
History of Principal Privacy Regulation affecting UK
1972 Younger Report establishes 10 Principles for handling personal data
1978 Lindop Report on data Protection examined data held on computer systems
1984 Data Protection Act
1998 Data Protection Act (to meet requirements of EU Data Protection Directive 95/46/EC)
2001 Information Commissioner’s Office (ICO) established
2003 Privacy and Electronic Communications (EC Directive) Regulations 2003 PECR
2009 Data Protection (EC Directive) Regulation
2011 Privacy and Electronic Communications (EC Directive) Regulations 2011 PECR
2018 General Data Protection Regulation (GDPR) (Regulation 2016/679 EU)
2018 UK Data Protection Act 25 May 2018