Our policy for handling personal data
Because we collect personal information from people and then decide how to use that information, for the purposes of the UK GDPR we are what is called a ‘Data Controller’.
For the purposes of this policy:
‘Clients’ includes natural persons who have engaged us to provide services to them in their personal capacity or on behalf of a company, partnership, charity, trust, estate, agency, department, corporate body of any description or any other group or organisation;
‘Subscribers’ includes natural persons that have signed up to receive our marketing communications and briefings;
‘Suppliers’ includes persons and organisations with whom we have a relationship, contractual or otherwise, where we pay you for the provision of services into Randall’s, and;
‘Staff’ means anyone who is employed on any basis to provide our services to Clients or Subscribers
This policy does not form part of any contract that you may have with the company. It is provided for information purposes only as required by law.
We adhere to the requirements as set out in the UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018 and believe in the principles of:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Who we are and what we do
Randall’s Monitoring Ltd is a political and parliamentary information monitoring service providing online services, by email and website. In order to provide these information services we are the Data Controller of certain data that the ICO has classified as Personal Data.
We operate a contact management service, Touchbase, into which clients may post their own information as the Data Controller. Randall’s role is as a Data Processor in so far as we store the information but cannot access it.
Our contact details
- Our registered company address is St George’s House, 14 George Street, Huntingdon, Cambridgeshire, PE29 3GH
- Our operational address is 27 Birchfield Close, Addlestone, Surrey KT15 1QZ
- Our company registration number is 06358470
- Our ICO registration number is Z184390X.
- Our telephone number is 020 7235 2999.
The type of personal information we collect
We collect personal data, which is information that relates to an identified or identifiable individual. It includes names and email addresses of subscribers to our publications or personal details held in relation to our work for our clients, as well as identifiers such as an IP address or a cookie identifier.
In terms of our Clients and Subscribers, we hold all or some of the following data:
- IP addresses
- Cookie identifiers
- Company email address
- Job title
- Employer’s postal address
- Telephone numbers
- Schedule of interests
- Company name
- Email correspondence between us and you
In terms of our Suppliers, we hold the following data:
- Company address
- Email address
- Postal address
- Telephone number
- Work-related email correspondence between us and you
In terms of our Staff, we hold the following data which includes Sensitive data:
- Email address (personal and work)
- Home address
- Date of birth
- Next of kin information including contact details
- Health-related information
- Telephone number
- Correspondence between us and you including references supplied by us or requested by us
In terms of Parliamentarians (which includes Assembly Members from Westminster, Scotland, Wales, Northern Ireland and the Greater London Assembly), we hold the following data:
- Biographical and contact details, sourced primarily from Parliament.uk data APIs but may be supplemented from other publicly available sources
- Links to publicly available press articles
- Copies of public record speeches, press releases and Hansard/Official Report contributions
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, some of our website features may not function correctly as a result.
How we get the personal information and why we have it
Randall’s holds personal information to:
- Correctly supply Subscribers with our services;
- Supply Subscribers with access to relevant and up to date information on Parliamentarians, and;
- Safely, fairly and lawfully employ Staff to provide our services
To the extent it is reasonable and appropriate to do so, Randall’s checks that all the personal information being recorded on our own systems is accurate.
We may provide links to websites of other organisations, in order to provide our Subscribers with further information and primary source access for personal information. This privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org. As a Client, we will not be able to provide you with our services if we do not have the personal information specified above.
- We have a contractual obligation. As a Client or as a Supplier, we will not be able to provide you with our services or enter into a contract with you for supply or receipt of services if we do not have the personal information specified above.
- We have a legal obligation. This relates primarily to our Staff and to meeting our legal obligations to you.
- We have a legitimate interest. This relates to Parliamentarians as defined above and our legitimate interest is in the Parliamentary and political role of Parliamentarians.
How we store your personal information
Your information is securely stored online using password -protected services, with up-to-date software security. The bulk of our client data is stored in a Microsoft 365 environment to which only directly employed Staff have access. All access is audited, and password controlled.
Our paper records are limited to those required by statute, covering invoicing and contractual information. These are securely stored.
We keep your personal information for no longer than is necessary. We will then dispose your information by deleting from our systems if electronic or shredding if held in paper format. All data on clients will be erased from our systems within two months of the end of a contract. All staffing data will be erased within two years of the end of an employment contract. If you have supplied your personal data in order to obtain a copy of a briefing from our Insights page, we will store that data for no more than six months.
With regards to data relating to Parliamentarians, this is kept as an archive in our online systems but deleted when the person involved no longer has a public role.
We will only retain any information if a business need exists. It is not kept longer than is necessary for the purpose for which is was collected.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com / 020 7235 2999 if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org / 020 7235 2999.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
August 2023 Revision