PRIVACY POLICY

What is a Privacy Policy?

It is our legal statement that discloses the different ways the Money Free Party can potentially gather, use, disclose, store, release and manage your “personal data” (*Note 1). We consider personal data to be anything we are given or obtain, that can be used to identify you as an individual. In particular it could be any of the information we collect as detailed under the “Data Collected” heading below.

Note 1.  UK legislation defines “Personal Data” as any information relating to an identifiable natural person; ie one who can be identified directly or indirectly in particular by reference to a name, identification number, location date, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person
General Note.  Since April 2019, organisations that only process personal data for elected / prospective representative functions (eg: Members of Parliament, county, district, parish and London borough councillors, mayors) are exempt from paying a Data Protection Fee to the ICO, unless they process personal data for purposes other than the exercise of their functions as a elected / prospective representative. Regardless, however, the Money Free Party will adhere to the principles of the GDPR and the prospective representative will be deemed the Data Controller. 

Introduction

This privacy policy is between you as the User of this Website and the Money Free Party. The Money Free Party takes privacy of your personal information seriously.  We believe in transparency and are committed to being upfront about our practices and how we keep your personal data safe. We wish to build upon the fundamental principles of the UK’s data protection regime of fairness, accuracy, security and respect for the rights of the individuals whose data we process. 

In the interests of clarity and understanding at various points in this policy we have provided working examples of the topic or regulation being documented.

This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website. There is a degree of overlap in the laws relating to cookies and those about the processing of personal data. For readability and understanding we have decided to provide separate Cookie and Privacy Policies; in that respect please read this policy in addition to our:

1. Terms and Conditions at    www.moneyfreeparty.uk/terms-and-conditions.
2. Our Cookies Policy at    www.moneyfreeparty.uk/cookies.

Definitions and Interpretation

In this privacy policy, the following definitions are used:

Data: all information that you submit to the Money Free Party via this Website, email or e-marketing. This definition incorporates the definitions provided in the Data Protection Laws.

Data Controller:  the person/organisation that decides how and why to collect and use your data. This is the Money Free Party UK. The controller makes sure that the processing of your data complies with data protection law. 

Cookies:  details of cookies used by this Website are set out separately in our Cookies policy on this website at www.moneyfreeparty.uk/cookies.

UK and EU Cookie Law:  the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. 

Data Protection Laws:  any applicable law relating to the processing of personal Data, including the GDPR, and any national implementing laws, regulations and secondary legislation, whilst the GDPR is effective in the UK. (For the curious see at the foot of this page a history of relevant significant legislation).

GDPR:  General Data Protection Regulation (EU) 2016/679, May 2018.

The Money Free Party, we, us, Money Free Party, www.themoneyfreeparty.uk:   The Money Free Party, a Political Party registered on 27 March 2017 with the Electoral Commission, number PP6387, whose registered address is at 81 Tranmere Avenue, Bristol, BS10 7JH. Our administration address is Battle Road Tewkesbury Gloucestershire.

User, you:  any third party that accesses the Website and is not employed by the Money Free Party and/or acting in the course of their employment or engaged as a consultant or otherwise providing services to the Money Free Party and accessing the Website in connection with the provision of such services.

Website:  the website that you are currently viewing www.themoneyfreeparty.uk and any sub-domains.

and Unless the context requires a different interpretation:

–  singular includes the plural and vice versa
–  reference to a person includes firms, companies, government entities, trusts and partnerships
–  “including” means “including without limitation”
–   reference to any statutory provision includes any modification or amendment of it
–  the headings and sub-headings do not form part of this privacy policy

Scope of this Policy

This privacy policy applies to the Money Free Party and Users of this Website. It does not extend to any websites accessed from this Website including any links we may provide to our social media websites or any other links whatsoever external to this website.

Data Collected

We may in accordance with this Privacy Policy, collect the following Data, which includes personal Data, from you:

– name
– date of birth
– gender
– contact Information such as email addresses and telephone numbers
– PayPal user name for those making donations and/or payments
– banking details for those making any payments by cheque
– demographic information such as postcode, address, preferences and interests
– IP address (automatically collected)
– web browser type and version (automatically collected)
– operating system (automatically collected)
– URLs (Uniform Resource Locator / web address) a referring site, your activity on this Website, and the site you exit to (automatically collected)

Sources of Data Collection

We collect Data in the following ways. It is:

– given to us by you.
– received from other sources / third parties.
– collected automatically.

How we Collect Your Data

Data given to us by you is collected in accordance with this privacy policy, for example when you:

– contact us through the Website, by telephone, post, e-mail or through any other means.
– register with us and set up an account to receive our products or services or become a party member.
– complete surveys/polls that we use for research purposes (you are not obliged to respond to them).
– enter a competition or promotion through our website or a social media channel.
– make payments to us, through this Website, PayPal or otherwise.
– elect to receive marketing communications from us.
– automatically collect data when you use the website.

Data received from other sources / third parties in accordance with this privacy policy can be from:

– WordPress Security applications that record ip addresses and location of internet service provider.
– Google Analytics for visitor demographics, referring history, web pages visited, outbound links.
– Data received from publicly available third parties sources like Google.
– Data from connected websites.

Data collected automatically, in accordance with this privacy policy, when you visit this Website, for example:

– information about your visit to help us make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you visit and the way you use and interact with its content.
– through use of cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see our Cookies Policy page.

Particular examples of data collected

The headings above provide details of the types of data we collect and generally where we collect it. But how in practice does that occur and what methods do the Money Free Party use? Below are examples of the main processes.

EXAMPLE 1: If you leave a comment on the site we collect the data shown in the comments form, your IP address and browser user agent string. We do this automatically to help with spam detection. In addition, an anonymised string created from your email address (also called a hash) is provided to the Gravatar service to see if you are using it. (Gravatar’s Privacy Policy is here: https://automattic.com/privacy). After approval of your comment, your profile picture is visible to the public in the context of your comment. Gravatar stands for Globally Recognised Avatar and is a web service that allows a personal online avatar to be associated with an email address.

EXAMPLE 2: If you upload images to the website, any file with embedded location data (EXIF GPS) may reveal personal details about you. Any visitor to our website could download and extract any location data from those images.

EXAMPLE 3: When you fill in a contact form we will collect and store those details. For instance you may have provided your name, email address and telephone number.

EXAMPLE 4: Whilst visiting our website, security software logs your time of arrival and the referring page, your depature time, the pages you visited, ip address, ip location, device details, browser type and signin name (if you are registered / member of site).

Our Use of Your Data

Data we collect may be required by us in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us in accordance with this Privacy Policy, for the following reasons:

– internal record keeping and security.
– improvement of our products / services.
– email of marketing materials, events, products that may be of interest to you.
– contact for market research purposes, using email, telephone, or postal mail.
– to customise or update the Website.
– to process your application for party membership.
– to meet regulatory requirements of the Electoral Commission.

We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see “Your rights” below).

Email and Internet Marketing 

To deliver direct marketing via e-mail to you, we need your consent. This can be whether via an opt-in or soft-opt-in:

soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (eg: you contact us to ask for more details about a product/service/membership). Under this type of consent, we will assume your consent has been given – unless you specifically request to opt-out.

explicit opt-in consent is required for all other types of Electronic Marketing. Here you need to take positive and affirmative action when consenting. This generally is by marking a tick box that you consent.

You have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed “Your rights” below.

Who we share Data with

We may share your Data in accordance with this Privacy Policy with the following groups of people.

a. any of our connected organisations or affiliates – for sales and marketing purposes and to ensure the proper administration of our website and organisation.

b. our employees, agents, volunteers and/or professional advisors – to obtain advice, for security and compliance reasons, when processing membership applications, when accepting donations.

c. third party service providers who provide services to us which require the processing of personal data – to help third party service providers (eg: Youtube, Facebook) in receipt of any shared data to perform functions on our behalf to help ensure the website runs smoothly.

d. third party payment providers who process payments made over the Website – to enable third party payment providers to process user payments and any refunds.

e. relevant authorities – to facilitate the detection of crime or the collection of taxes or duties and to meet any compliance, accounting or regulatory requirements of the electoral commission.

f. visitor comments may be checked through a 3rd party automated spam detection service.

Keeping Your Data secure

We use measures to safeguard your Data, for example:

– access to your online party membership account and/or forum is controlled by a password and a user name unique to you.  
– we use software to monitor unusual website activity and ban IP addresses attempting unauthorised logins
– we store and backup your Data on secure servers
– we use security applications to prevent access to your data

If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us at secretary@moneyfreeparty.uk. Helpful information about how you can protect your data and devices against fraud, identity theft, viruses and other online issues can be obtained from www.getsafeonline.org, which is supported by HM Government.

Data breach procedures we have in place

Security breaches and loss of personal data are regrettably common occurrences, caused by human error and malicious intent. No set of security measures are infallible to a breach. However, the Money Free Party UK does its utmost to comply with, and exceed the requirements of UK personal privacy law. We have a robust and systematic process for responding to any such event. We will:

  1. be open and sincere and if applicable admit fault and responsibility.
  2. if necessary bring in 3rd party IT professionals
  3. document the the fault as laid out here and immediately report the incident to the designated data supervisor. Reports will contain the fullest details possible.
  4. task an initial assessment to mitigate and if applicable, describe solutions for affected users; we believe few people will care what caused the situation, but will care about what we are doing to put it right.
  5. record event in a central log, which will be monitored to track any types and frequently recurring issues
  6. inform the Information Commissioners Office (ICO) within 72 hours if a breach is “….likely to result in a high risk of adversely affecting individuals’ rights and freedoms”.
  7. the breach, if not exempt, will be notified to the individual(s) concerned.
  8. effect education and training to prevent issues happening in future.

Data Retention

Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

EXAMPLE 1: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. The metadata will contain some personal details that you provided when you uploaded the comment eg: email address.

EXAMPLE 2: For users that register on our website, become party members, participate or use the forum, we store the personal information they provide indefinitely in their user profile. All users can see, edit, or delete their own personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Your Rights

If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is manifestly unfounded or excessive. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

You have the following rights in relation to your Data:

Right to access – the right to request copies of data we hold about you and/or that we modify, update or delete such data.

Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.

Right to erase – the right to request that we delete or remove your Data from our systems.

Right to restrict – the right to “block” us from using your Data or restrict the way in which we can use it.

Right to data portability – the right to request that we move, copy or transfer your Data.

Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.

Complaints and Enquiries

To make enquiries, make a complaint, exercise any of your rights, or withdraw your consent to the processing of your Data, please contact us at: secretary@moneyfreeparty.uk. If you are not satisfied with our response, you may be able to refer any data complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk.

Transfers outside the European Economic Area (EEA)

Data which we collect from you could possibly be stored, processed and transferred to countries outside of the EEA. This could occur if our servers or backup servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA. We will only transfer Data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data.

Links to other websites

This Website provide links to, and embedded content from other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. Please read the privacy policy or statement of other websites prior to using them.

Changes of ownership and control

The Money Free Party may expand or reduce its activities. This may involve the sale and/or transfer of control of all or part of the Money Free Party. Data provided by Users / Members will, where it is relevant to any part of our activities, be transferred to the new owner or newly controlling party and they will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

Automated decision making / profiling of user data

 We do not aggregate data, make automated decisions, use algorithims or any profiling systems to make decisions or predictions about individuals.

General Points to Note

  • You may not transfer any of your rights under this privacy policy to any other person.
  • We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.
  • If any court or recognised authority finds that any provision of this privacy policy is invalid, illegal or unenforceable, that provision will be deemed to be deleted; the validity and enforceability of any other provisions in this policy will not be affected.
  • Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
  • This Agreement will be governed by and interpreted according to the law, and exclusive jurisdiction of the courts of, England and Wales.

Changes to this privacy policy

The Money Free Party reserves the right to change this privacy policy as we may believe necessary or as may be required by law. Any changes will be posted on the Website and you are deemed to have accepted them on your first use of the Website following the alterations.

Contact Us

You may contact The Money Free Party regarding this Privacy Policy by email at secretary@moneyfreeparty.uk.

Thanks to

This privacy policy was created using help from Rocket Lawyer www.rocketlawyer.com, internet free sources, legal forums, a man called Gerry and a friendly local Solicitor.

Policy Completed and Dated

1st January 2021

Our Privacy Policy Pledge

The GDPR Seven key data protection principles
which the Money Free Party UK pledges to adhere to


Lawfulness, fairness, transparency
We make sure our data collection practices are compliant and transparent.
We have an understanding of the GDPR and the rules for data collection.
We have a clear privacy policy detailing types of data collected and the reasons.

Purpose Limitation
We collect personal data only for a specific purpose and state what that purpose is.
We use data for only as long as necessary to complete that purpose.

Data Minimisation
We only process personal data that we need to achieve its processing purpose.
This helps us to limit personal information exposure in the event of a data breach.
And It makes it easier to keep data accurate and up to date.

Accuracy
In accordance with GDPR rights, we take every reasonable step to erase or rectify data that is inaccurate or incomplete and we do this within 30 days of notification.

Storage Limitation
We delete personal data when it’s no longer necessary.
For example, if a Party Member cancels their membership we delete all their data.

Integrity and confidentiality (Security)
We process information in a manner that ensures appropriate security of personal data.
We have in place protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We encrypt and/or anonymise personal data where possible.

Accountability
We are responsible for and able to demonstrate compliance with Item 1 above.

History of UK Privacy Policy Regulation

The UKs constitution does not have a right to privacy for individuals, however the European Convention (EC) on Human Rights has been incorporated into The Human Rights Act 1998 (Convention Right Article 8 deals with Privacy). Common Law does not provide a right to privacy.

History of Principal Privacy Regulation affecting UK

1972    Younger Report establishes 10 Principles for handling personal data
1978    Lindop Report on data Protection examined data held on computer systems
1984    Data Protection Act
1998    Data Protection Act (to meet requirements of EU Data Protection Directive 95/46/EC)
2001    Information Commissioner’s Office (ICO) established
2003    Privacy and Electronic Communications (EC Directive) Regulations 2003 PECR
2009    Data Protection (EC Directive) Regulation
2011    Privacy and Electronic Communications (EC Directive) Regulations 2011 PECR
2018    General Data Protection Regulation (GDPR) (Regulation 2016/679 EU)
2018    UK Data Protection Act 25 May 2018