Data Protection Privacy Notice

The office of Derek Mackay, Member of the Scottish Parliament for Renfrewshire North & West – Privacy Notice

This privacy notice relates to the personal data processed by the office of Derek Mackay MSP – hereby known within this document as “the office”.

Derek Mackay MSP is registered as a data controller with the UK Information Commissioner and the reference number is: Z284286X   

Address and contact details are: 

Address: 37 Hairst Street, Renfrew, PA4 8QU


Phone: 0141 885 2076

What does the office do?

The office carries out the duties and functions of an elected Member of the Scottish Parliament. As part of this work, the office responds to enquiries from constituents and undertakes casework to answer these enquiries on behalf of constituents. To do this we must process individuals’ personal data.

How do we process data?

The office processes constituents’ data under the lawful basis of “Public Task”. In instances where this lawful basis is not sufficient and explicit consent is required, Mr Mackay or a member of the office will contact you to establish your consent. The office is committed to ensuring that any information collected and used is appropriate for this purpose, and does not constitute an invasion of your privacy.

Will we share your data with anyone else?

If you have contacted the office about a personal or policy issue, we may pass your personal data on to a third-party in the course of assisting you, these third-parties include but are not limited to: local authorities, government agencies, public bodies, and regulators. We will clearly communicate to you any actions we are taking on your behalf.

Any third parties that we share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended. When they no longer need your data to fulfil this service, they ought to dispose of the details in adherence with their own procedures under all relevant data protection legislation.

In any case, we will not use your personal data in a way that goes beyond your reasonable expectations in contacting us.

How does the office use the personal data it collects?

The office will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date.

Under what circumstances will the office contact you?

If you raise a constituency case with us we will contact you to update you on the progress of any issue you have raised, until the issue is resolved. We undertake not to ask irrelevant or unnecessary questions and will only request and store data relevant to your case. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

On occasion the office will send out letters or surveys about issues of local concern or to publicise surgeries to constituents in a specific geographic area or community. This will be only ever be done using data from the full electoral roll which is provided to Derek Mackay in his role as Member of the Scottish Parliament. All letters will include details on how you can stop further communication done in this manner.

How long will the office keep personal data?

Unless specifically requested by you, the office will process personal data for as long as your constituent case is active and will store the personal data after your case is closed for 5 years from the last piece of correspondence sent or received. If it is thought the case may reopen in the future, data will be retained for 6 years from the last piece of correspondence sent or received.

Data received in response to surveys issued by Derek Mackay MSP in his role as Member of the Scottish Parliament will be stored for 2 years from the date of receipt. Information on this will always be provided in each survey issued. Any additional enquires raised in a survey response which is deemed to be constituency casework will be stored as per the above information.

What rights do you have to your personal data?

Under GDPR regulations you have the following rights in relation of your personal data held by the office of Derek Mackay MSP

  • Right of access– you have the right to request a copy of the information that we hold about you.
  • Right of rectification– you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten– in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing– where certain conditions apply to have a right to restrict the processing.
  • Right of portability– you have the right to have the data we hold about you transferred to another organisation.
  • Right to object– you have the right to object to certain types of processing, such as direct marketing.
  • Right to object to automated processing, including profiling– you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review– if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain.

What can I find out about the personal data that the office holds about me?

In line with the above and at your request, the office can confirm what information is held about you and how it is processed. If the office does hold personal data about you, you can request the following information:

  • Our identity and the contact details.
  • Contact details of the data protection officer.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of the office of Derek Mackay MSP or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

How can I contact somebody about my privacy?

You may contact the office by letter or email, using the details above. Please note that the office will ask for identification should you choose to exercise any of the above rights in relation to personal data held, this is to ensure data is not disclosed to any unauthorised party.

The office accepts the following forms of ID when information on your personal data is requested:

Passport, Driving Licence or Birth Certificate. The office may make take further steps or request further evidence to ensure data is only disclosed to the data subject.


In the event that you wish to make a complaint about how your personal data is being processed by the office of Derek Mackay MSP or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority.

The supervisory authority contact details:

Information Commissioner’s Office

Wycliffe House

Water Lane



This privacy statement was last updated on 25 May 2018.