Beckenham & Penge Conservatives Logo

Beckenham & Penge Conservatives

Data Protection & Privacy Policy

This document outlines how Beckenham & Penge Conservatives Association processes and manages personal data and:

• Identifies the data controller.
• Explains the lawful basis for processing personal data.
• Outlines the personal data held and processed.
• Outlines the scope of the special category personal data held and processed.
• Outlines the process of Subject Access Requests. 

1. Data Controller

The Data Controller is Tom Capon

2. Contacting the Data Controller

If you have any questions about this policy, require more information about how we use your data or would like to exercise any of your rights contact Tom Capon.

3. Basis for processing

All processing is carried out by consent or the legitimate interest of Local Councillors, Thomas Turrell AM, or public interest.  These cover processing to conduct casework, campaigning and communication.  

Where processed under the lawful basis of a task carried out in the public interest, it is to support or promote democratic engagement.  This includes fundraising activities to support democratic engagement.

4. Data sources

Data is provided by you when you contact us and in communications with third parties regarding cases taken up on your behalf.

We may also hold data you provide when we contact you, for instance, if we ask you to participate in a survey or petition.

Please provide only the information that will be used to contact you. We automatically perform a database lookup upon any form submission to include electoral boundary data. The Register of Electors, which councils provide to authorized personnel under the Representation of the People Act, is also utilized for electoral purposes.

5. Data Security 

Personal data is stored electronically and securely. We ensure that our service providers comply with the same high standards we do, and we store our data on the servers in the UK.

6. Special category data

Special category data will be processed under the lawful basis indicated in section 3, as is permitted in clauses 22, 23 and 24 of Schedule 1 of the Data Protection Act, covering political parties and elected representatives.  

7. Transferring your data outside of the European Economic Area

The EU GDPR adequacy decision means that data can continue to flow between the UK and the European Economic Area (EEA). Some service providers are located outside of the EEA. Therefore, we may have to transfer your data outside of the EEA. Where the transfer of your data outside of the EEA takes place we will ensure it is protected in the same way as if the data was inside the EEA, and it only occurs with your consent.

We will use one of the following safeguards to ensure this:

  • When the European Commission has issued an adequacy decision stating that a non-EEA country or organization provides an adequate level of data protection, a contract is established with the data recipient.
  • This contract requires them to protect the data according to the same standards as those upheld within the EEA.


Legally it is not permitted to transfer certain types of data, such as Electoral Register Data, outside of the EEA, and we honour that obligation.

8. Data retention policy

Personal data will be retained only for as long as necessary. Certain types of data may be kept for longer durations, but generally, the maximum retention period is two election cycles. We will review the data we hold at the end of each election cycle to decide whether it should be retained or disposed of. Additionally, we adhere to the ICO’s guidelines regarding petitions.

9. Subject Access Requests

We will request verification of the identity of any individual making a request, ask for further clarification and details if needed and respond within one calendar month once we have confirmed it is a legitimate request. Under ICO guidelines, we keep a log of Subject Access Requests that contains details of the request, including that which can identify you personally, indefinitely.

Data subjects have the right to the following:

• To be told whether any personal data is being processed
• To describe the personal data, the reasons it is being processed and whether it will be given to other organisations or people.
• To be given a copy of the information comprising the data and details of the source of the data where this is available.

10. Will we share your data with anyone else?

If you have reached out to us regarding a personal or policy issue, your data may be shared with third parties as part of addressing your enquiry. This may include local authorities, government agencies, public bodies, health trusts, regulators, and others. Any third parties with whom we share your data are required to keep your information secure and to use it only for the purpose for which it was originally intended.

We may need to share your data with a third party, such as the police if required by law.

Unless otherwise specified, data may also be shared with entities of Political Party associations, federations, branches, groups and affiliates to assist you or maintain contact with you in support of democratic engagement.

Casework and other submissions from the Contact form are sent directly to their destination. The nature of casework and other enquiries are not retained on the website. Your name and contact details submitted via the contact form are only retained on the website if you give consent to join the email subscriptions list. Anonymised data from the Contact form is retained for benchmarking purposes.

Your data is only used as outlined here and within your reasonable expectations based on the nature of the communication, and recognising the need for politically related engagement in wider support of democratic engagement.

11. Data Rights

At any point, you have the following rights:

• Right of access – you have the right to request a copy of the information held about you.
• Right of rectification – you have a right to correct any data held about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data held about you to be erased from our records.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.

12. Making a complaint

If you are unhappy with how we have processed or handled your data you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the ICO are:

• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Telephone: 0303 123 1113
• Website: https://ico.org.uk/concerns/

If you have any questions regarding the data we hold, please use the contact form available on this website.

Please note that proof of identity is required should you wish to exercise any of the above rights about your data.

We retain the right to update this policy at any time. If there are changes that significantly impact your rights, we will contact you in advance.

17th February 2025