Introduction Co-operative Party Ltd (known as The Co-operative Party) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in each way you may interact with us. The Co-operative Party is registered with the Information Commissioner’s Office (ICO) for data protection purposes (registration number IP030027). For all uses of personal data you read about in this privacy notice, we are the data controller. It is sometimes the case that our local Co-operative Party offices and MPs have their own ICO registration and separate Privacy Notice. Both are separate data controllers to The Co-operative Party, and we encourage you to read their privacy notice to understand how they use your personal data. This notice does not form part of any contract with you, and we may update this notice at any time. If you have any questions about any aspect of any of the privacy notice you can contact us by emailing us at mail@party.coop. How to use this privacy notice The way you interact with us will determine what personal data we collect, how we collect it, why we collect it and how long we keep it. We have categorised these as: The General Electorate (anyone on the electoral register in the UK) Website Visitors (this includes other digital locations we control such as our social media locations, surveys, polls, questionnaires etc. and often lead to interacting with us in other ways) Co-operative Party Member Co-operative Party Supporter Job applicants (see the separate privacy notice by clicking the link) Suppliers to the Co-operative Party Event or Office Visitor Research Press What personal data do we collect? If you are part of the General Electorate, this means you are on the UK electoral register, and we collect and use the following personal data: Title, first name, last name, preferred name(s), email address, post code, home address (and old home addresses), telephone number(s), date of birth, gender. Polling number, polling district, ballot box number, polling place name, road group, polling place address, polling place post code, local authority. Political opinion, voting intention and, if gathered, scales from 1-10 of voting intention for The Co-operative and Labour Party and other political parties where 10 is most likely to vote in that direction. Notes about you collected during our campaign-based interactions with you. Campaigns we have been running where your information was used within the campaign and whether you interacted with us. Any communications we have with you which may be over email, telephone or face to face. Any personal data you volunteer in any free text fields in any paper-based or digital polls, surveys, questionnaire or webforms that are captured at the national, local, branch or ward level by any part of the Labour Party where you have provided enough information to be able to identify you. Depending on how you may have interacted with any physical or digital locations managed by The Co-operative or Labour Party, we may collect publicly available information on websites inc. Companies House, Land Registry, news and broadcast media or historical publications etc. Depending on how you may have interacted with any digital campaign locations managed by The Co-operative or Labour Party, we may collect and use, or have used on our behalf, any personal data, language and/or behaviour within the public domain such as social media posts (X, Meta platforms, YouTube etc.) If you have disclosed these to us in the course of our campaigning, we may know your political affiliation(s), opinion and/or opinion(s) on various societal concerns and ideas for improvements or policies which may be at a local, national or international level, including how you submitted them. Data from third-party companies regarding lifestyle, employment, income and property which may be aggregated (also known ‘aggregated data’) and used in a way we are unable to use this to directly identify you. Pseudonymous and anonymous data we have created from your personal data, but we and others are unable to use this data to directly identify you. If you are a Website Visitor we collect and use the following personal data: First name, last name, email address, reason for getting in touch with us and any further information you provide in the free-text box when you complete a ‘Get in touch’ form First name, last name, email address, nation and region you come from, whether you’re a member, would like to become a member of are from either a Subscribing Society or a relevant organisation, and you opinions on various topics when you complete a ‘Respond to a policy – Submit your Response’ form [we will send you service message updates about that policy. If you consent to hearing more, you will become a Supporter] First name, last name and email address when you complete a ‘Join the Campaign’ form [we will send you service message updates about that campaign. If you consent to hearing more, you will become a Supporter] When you complete a ‘Complaints’ form: First name, last name, phone number, email address, home address, whether you are a member of the Co-operative Party, whether your complaint is about behaviour directed at you, what the complaint is about and any evidence you submit, who the complaint is about, the region they’re in, any related social media links, and there are any ongoing investigations or action [we do not share this data with the person you may be complaining about] When you make a purchase from our ‘Shop’: First name, last name, billing address, delivery address, credit/debit card details If you complete one of our Surveys, in any location we are running a survey, we may collect your name, email address, telephone number, home address, post code, where you work, job title, local council, the constituency you are in, voting preferences and likelihood to vote for us or other political parties, age, gender, ethnicity, academic achievement, location, first language, disability status, benefits status, local, national and international Issues that are important to you and what you think could be done better by any political party, personal data you volunteer in any free text fields, and, if relevant to the survey platform maybe an IP address, cookies and any user information like browser type or information about how you participated in the survey Email address and any further information you provide in an email when you use the automated email sending prompt on pages including ‘Find my local branch’, ‘NEC Members’, ‘Party Staff’, and within the ‘Job Applicant Privacy Notice’. [Please note that emails to local branches and individuals without a Co-operative Party email address (e.g. without ‘@party.coop’) will mean your personal data is not governed by this notice and we recommend you review their privacy notice(s) to understand how they will use your data] Information about the device used to access our website, your visits and use of the website including your IP address, internet log information, location, browser type and version, referrer and activity, and details of visitor behaviour patterns. We record your activity and preferences when visiting our website through the use of cookies (see our Cookie Policy via a link at the bottom of each webpage) IP address, operating system and browser information If you are a Co-operative Party Member we collect and use the following personal data [terms and conditions of being a member can be found here]: Title, first name, preferred first name, last name, email address, post code, home address, telephone number(s), date of birth, and gender Ethnicity, whether you have a disability, any membership to a co-op, trade union, socialist society or any affiliated groups, your electoral roll number, and if applicable photo ID or other requested ways to verify your identity [The ‘Join the Party’ form can be found here.] Information you give us when you request a ‘Membership Card Replacement’: first name, last name, email address and membership number of known Any roles and responsibilities you have as a Co-operative Party or Labour Party Member (e.g. MP, PPC, Secretary, Local Councillor etc.), any groups you attend, your attendance at any events and our party conferences, and any ballots you have organised or been part of, and if relevant and required, whether you voted in them and how you voted Any communications we have with you which may be over email, telephone, online video calls, over social media or face to face Political affiliation(s), opinion and/or opinion(s) on various societal concerns and improvements, all of which may be at a local, national or international level, including policy ideas you may have and how you submitted them Availability information which may include location information, dietary requirements and any accessibility requirements you may have Possibly your job title, name of your business or employer, industry sector, work address, your CV and any type of candidacy selection application forms or outcome information from any selections Information captured on the ‘Co-operative Candidate Development Programme’ form: First name, last name, you name as it appears on the electoral register, email address, post code, home address, telephone number(s), date of birth, gender, membership number, which candidacy you are applying for, ethnicity, sexual orientation, caring responsibilities, how you identify, type of council and the ward you are standing for, and a personal statement on why you want to be a candidate Audio/Visual recordings, photographs, images and any videos recorded within any interviews you have with us or you are conducting that we are (and you may be) recording Bank details including account holder name, sort code, account number, monthly membership amount, donation amounts and financial activity related to the Party Where applicable, payment and/or donation details which may mean further individual bank details and financial status tier allocation Any personal data you volunteer in any free text fields in any paper-based or digital surveys, questionnaire or webforms that are captured at the national, local, branch or ward level by any other Co-operative or Labour Member or member of staff Publicly available information on websites inc. Companies House, Land Registry, news and broadcast media or historical publications etc. Language and behaviour of yourself within the public domain such as social media posts (X, Meta platforms, YouTube etc.) Further information about yourself, your family and your circumstances you divulge in conversation and/or communications and/or research you are participating in with/for the Co-operative Party or Labour Party Lifestyle Data: Estimated data from third-party companies regarding lifestyle, employment, income, and property Details of any suspensions/expulsions from any political party, any safeguarding issues related to yourself, your religious or philosophical beliefs, health data, sex life, sexual orientation, details of any complaints or concerns you have made or that are against or about you, witness evidence or information, any complaint resolution and outcomes, and criminal offence or information on any criminal activity Information that may be provided to us from government institutions, public bodies and law enforcement agencies, complainants or legal practitioners, including any police or criminal records checks we conduct Information on any individual or business-related endorsements you have made or make, any business connections you may have, and biographies or literature that is made available to us which is about you Opinions about you from sources known to us or any previously recorded notes about you and your conduct, your membership eligibility criteria based on any information we hold about you, and names and opinions of other individual(s) relevant to any disciplinary or legal case brought against you Details of how your personal data may have been involved in any data breaches and whether you may have been a causal factor to any data breaches or incidents and what the outcome of any investigations were/are Reasons why and how you discontinued your membership, your status as an ex-member and all related information (as outlined above) [NOTE: most ex-member personal data will be retained for safeguarding and statistical reasons and from time to time, we may occasionally ask you if you may like to re-join the Party. As an ex-member are free to opt-out of any recontact from us at any time.] Personal information related to the Equality Act 2010 inclusive of data known as ‘Protected Characteristics’ (age, disability, gender reassignment, marriage or civil partnership (in employment only), pregnancy and maternity, race, religion or belief, sex, sexual orientation) Personal information related to our internal equality and diversity monitoring policy (geographical location, organisation, socio-economic class, caring responsibilities, educational background) Aggregated data, and pseudonymous and anonymous data we have created from your personal data, but we are unable to use to directly identify you. If you are a Co-operative Party Supporter we collect and use the following personal data: Title, first name, preferred first name, last name, email address, post code, home address, telephone number(s), date of birth, and gender Ethnicity, whether you have a disability, any membership to a trade union, socialist society or any affiliated groups, your electoral roll number, and if applicable photo ID or other requested ways to verify your identity Any roles and responsibilities you have been given while supporting our work including making a donation or volunteering to help us, any groups you attend, your attendance at any events and at our conference, and any ballots you have organised or been part of, and if relevant and required, whether you voted in them and how you voted Any communications we have with you which may be over email, telephone, online video calls, over social media or face to face Political affiliation(s), opinion and/or opinion(s) on various societal concerns and improvements, all of which may be at a local, national or international level, including policy ideas you may have and how you submitted them Availability information which may include location information, dietary requirements and any accessibility requirements you may have Possibly your job title, name of your business or employer, industry sector, and work address For donations, one off or regular, we collect first name, last name, address, date of birth, payment card details and/or direct debit details [Although we consider you a supporter when you make a donation, we will only send you marketing updates and possibly capture further information outlined here if you consent to receiving updates from us, or you are engaging with us in other ways already. Donation terms and conditions can be found here.] Email address when you ‘Subscribe to Buzz’ our newsletter [Although we consider you a supporter when you subscribe to our newsletter, we will only send you more marketing updates, on top of receiving the newsletter, and possibly capture further information outlined here if you consent to receiving updates from us, or you are engaging with us in other ways already.] Audio/Visual recordings, photographs, images and any videos recorded within any interviews you have with us or you are conducting that we are (and you may be) recording [we may also refer to you as an Endorser and further information about Endorsers for the Co-operative Party and the Labour Party can be found here] Any personal data you volunteer in any free text fields in any paper-based or digital surveys, questionnaire or webforms that are captured at the national, local, branch or ward level by us Publicly available information on websites inc. Companies House, Land Registry, news and broadcast media or historical publications etc. Language and behaviour of yourself within the public domain such as social media posts (X, Meta platforms, YouTube etc.) Further information about yourself, your family and your circumstances you divulge in conversation and/or communications and/or research you are participating in with/for us Details of any suspensions/expulsions from any political party, any safeguarding issues related to yourself, your religious or philosophical beliefs, health data, sex life, sexual orientation, details of any complaints or concerns you have made or that are against or about you, witness evidence or information, any complaint resolution and outcomes, and criminal offence or information on any criminal activity Information that may be provided to us from government institutions, public bodies and law enforcement agencies, complainants or legal practitioners, including any police or criminal records checks we conduct Information on any individual or business-related endorsements you have made or make, any business connections you may have, and biographies or literature that is made available to us which is about you Opinions about you from sources known to us or any previously recorded notes about you and your conduct, your membership eligibility criteria based on any information we hold about you, and names and opinions of other individual(s) relevant to any legal case brought against you Details of how your personal data may have been involved in any data breaches and whether you may have been a causal factor to any data breaches or incidents and what the outcome of any investigations were/are. Personal information related to the Equality Act 2010 inclusive of data known as ‘Protected Characteristics’ (age, disability, gender reassignment, marriage or civil partnership (in employment only), pregnancy and maternity, race, religion or belief, sex, sexual orientation). Supporting us as a volunteer, we may also collect: Your signature, marital status, number of dependents, employment record including job titles, work history, working hours, start and end dates, training records, relevant qualifications and professional memberships Volunteering information (e.g. if applicable to the work you may have volunteered for: application form, cover letter, CV, right to work documentation, references, assessment information) Passport information and other relevant proof of identity documentation as required, next of kin and other contact information for people contactable in an emergency Any relevant health and safety information, any accessibility information, whether you have a disability, your ethnicity, political opinion and any criminal convictions Assessments of your performance, training you have participated in, and related correspondence, information about your use of our information systems and IT assets, including images recorded using CCTV and information collected from workforce management systems, including location data. [We also consider you a Supporter when you attend one of our training sessions.] If you are a Supplier to the Co-operative Party, we collect and use the following personal data: Name and job title, contact information including the company/organisation/institution you work for, telephone numbers and email addresses, where provided Where you are a sole trader, payment and/or banking information Information that you provide to us as part of us scoping and providing services to us which may include further employee personal data; Language and behaviour of yourself and/or staff that work for you that is in the public domain such as social media posts (X, Meta platforms, YouTube etc.) Information about your use of our information systems and IT assets Further information you provide us in interviews, conversations and communications with us which may or may not be recorded Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence Information collected from workforce management systems, including location data Relevant information as required by any applicable Know Your Client and/or Anti-Money Laundering regulations (which may include request for identity information such as passports and information collected from publicly available sources e.g. Companies House) If you attend a Co-operative Party event, including any of our or the Labour Party conference(s), or attend any of our offices, we consider you an Event or Office Visitor, and we collect and use the following personal data: First Name(s), surname, email address, phone number, age, reason(s) for visiting or not visiting an event or an office If relevant to the event, gender as it appears on your passport and your home address history for the last 5 years, Job title, occupation, place of work, employer, previous employers and work history, time of entry and exit If applicable, information about you or that you have submitted on an ‘Under-18 Consent and Safeguarding Form’: Participant name, date of birth, age on day of event, home address, school/college, health data, required medication, dietary requirements, GP name and contact details; parent/guardian name, contact telephone number(s), email address, signature and relationship to participant, emergency permissions for medical treatment and media consent; name of carer, carer email address and telephone number Local, national and international Issues that are important to you, and/or what you think could be done better by any political party especially how we could be more relevant and helpful to the issue Publicly available information on websites or Companies House, language and behaviour of yourself within the public domain such as social media posts (X, Meta platforms, YouTube etc.); and passport information or other relevant proof of identity documentation as may be required Recordings, photographs, images, podcasts and videos recorded within any interviews you have with us or you are conducting that we are (and you may be) recording or where you are in the background when you attend an in-person event we are recording, or you appear on CCTV Dietary requirements and any accessibility requirements you may have Any personal data you volunteer in communications with us or in any free text fields in any paper-based or digital survey or webform specifically related to Conference of any Labour event If applicable, payment details managed by a third-party payment provider If we are conducting Research, we will use all information outlined in this notice and may also collect and use the following personal data: Derived data about you which is where new information or datasets that are created from existing data, or data we have collected within our research Matched data through processes of functional anonymity with specialist providers – this allows us to collect data from various external sources in a way we are unable to identify you and match the data to any data we collect – again, we use technology to obfuscate our ability to identify you within any data matching techniques or specialist service providers we use If applicable, further information that may assist in our activities for the archiving of information ready for future use and further research If we are conducting Research, we will use all information outlined in this notice and may also collect and use the following personal data: First name, surname, email address, phone number(s), social media handles, employer, journalistic history and organisations you represent or have represented in the past If relevant, your line manager and peers within the organisation you work for (as we have interacted with them whilst working with you specifically) Publicly available information on websites or Companies House Language and behaviour of yourself within the public domain such as social media posts (X, Meta platforms, YouTube etc.) Passport information and other relevant proof of identity documentation as required Further information you provide us in interviews, conversations and communications with us which may or may not be recorded Recordings, photographs, images and videos recorded within a press interview you are conducting we are (and you may be) recording Dietary requirements and any accessibility requirements you may have; and Opinions about you from sources known to us or any previously recorded notes about you and your conduct as a journalist Where do we get your personal data? If you are part of the General Electorate, we will collect your personal data: From the Electoral Register (indirect data collection) The ‘Marked Register’ data (the record of whether or not people on the electoral register voted at a given election, which is available for political parties to purchase) (indirect data collection) The ‘Full Electoral Register’ (which is everyone that is registered to vote unless you are registered anonymously) which also includes your home address NOTE: although you may have opted out of the open register it does not affect whether political parties get access to your data or not i.e. even if you have opted out, we will still have a copy of your data from the open register From yourself via email, telephone or face to face communications we have with you Demographic data about you from our commercial supplier (Experian), and BT Osis Data on political opinions we have collected from you on the doorstep, phone or via other methods of capturing data directly from you Online or physical surveys, questionnaires or polls you have answered or completed for us where you may or may not have had the option to tell us who you are, or you may have chosen to remain anonymous Publicly available data from areas such as census data NOTE: The data we hold to which we do not have a statutory entitlement is either data which is made available for use in a way that permits its use by political parties (for example census data, national land registry data, local election results, or data released through a Parliamentary Question, or Freedom of Information (“FOI”) request, where the data released in response to that question or request is not restricted from such reuse), or is provided through commercial agreements with suppliers who make such information available for resale to a range of customers. As a Website Visitor we are collecting your personal data directly from you or from the device you are using to access our website unless someone else completes one of our website forms on your behalf. If you receive a communication from us that you were not expecting to receive please let us know and we will take appropriate action. As a Co-operative Party Member or a Co-operative Party Supporter, we will collect your personal data from the same places: From yourself when you became a member or when you renew your membership and from the Electoral Register From yourself via email, telephone or face to face communications we have with you and when you add any information about yourself to any of The Co-operative Party’s digital systems we give you access to via a secure portal [only access to your own personal data] From yourself when you decide to apply to part of a selection process and/or a candidacy process, e.g. when you complete the ‘Co-operative Candidate Development Programme’ form (mentioned above) From any photographs/video taken by any individual representing The Co-operative or Labour Party as a photographer or videographer on our behalf at any member meetings, conference or events at a national, local, branch, or ward level of the Party From other Co-operative or Labour Party Members who are updating your personal data in our membership systems based on a request you have made or information they have become aware of If applicable, from other Co-operative Party Members, MPs, Candidates, Supporters, a constituency parties, Councillors, Local Councils where you are Councillor, other affiliated party supporters or groups, the Labour Party, Trade Unions, affiliated organisations, relevant socialist societies, universities, publishers, and media institutions & organisations From yourself when you have interacted with us in any capacity which may be on the doorstep, at a rally, at an event, online (including social media), and physical or digital communications you have had with us at any time where you have provided means for us to contact you about something From yourself when you access or make changes to any personal data when you have been allocated a privileged position in the party which allows access to further information that is held securely (known as meta-data) From the analysis of personal data from all sources we have legitimate and transparent access to personal data (including Experian and data analytics brokers which do not directly identify you but provide aggregated information about households) i.e. production of derived data to help us manage and organise our members From publicly available websites including, but not limited to, professional registration sites, Companies House, Land Registry, social media sites, company websites, news outlets, and online publications etc. We may collect Personal Data that you manifestly choose to make public, including via social media (to the extent that you choose to make your profile publicly visible) From specialist fundraising screening organisations, who gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives. This also means data collection from publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations Where there may be an issue, we may gain personal information about you from the venues we use, travel companies, food and beverage companies or other relevant service providers you interact with From any organisation we contract to conduct any due diligence checks on members for either financial or safeguarding reasons we may have If applicable, from Police, Law Enforcement Agencies, Healthcare Services including the NHS, Adult Services, Children Services, Local Authority Designated Officers (LADO), charities, charitable organisations or agencies or any other safeguarding related institutions or organisation(s) As a Supplier to the Co-operative Party, we will collect your personal data: From you when you approach us to become supplier or submit information via our website or over any digital communications From an industry, business or political based event we hosted which you attended From the organisation you work for submit a proposal to become a supplier and/or entered into a contract of work with us From our business partners or related associates, members or employees, or an organisation referring you to us From public facing websites including social media during our review of applicability to provide a service to us When you are an Event or Office Visitor, we will collect your personal data: From yourself when you register to attend an event, including our conference(s) or any Co-operative Party managed offices From you or our videographer/photographer or on CCTV when we record you in the foreground or background depending on the location and circumstances of the recording taking place From you if you add your details to any building management visitors’ books or you write your personal information on a name badge/sticker From your employer or an individual you employ or who represents you to make the booking for you to attend an event or an office From yourself via email, telephone or face to face communications we have with you and/or when you make a payment for an event attendance From any security or law enforcement agencies we are working with in conjunction with safeguarding agencies as may be required From the venues we use, travel companies, food and beverage companies or other relevant service providers you interact with When we are conducting Research, we will collect your personal data from any location already mentioned in this notice. Depending on the research we are conducting, if applicable, we may also receive personal data: From local authorities, Universities, schools, virtual schools, education providers, charities, and other organisations that are interested in our research work or are collaborating with us on research projects From private sector organisations, government institutions, and the Office for National Statistics (ONS) If you are a journalist and considered to be Press, we collect your personal data: From your employer or an individual you employ to make contact with us on your behalf or from yourself via email, telephone or face to face communications we have with you From individuals who recommended you to us or has relevant information about you, who may include, but is not limited to, other journalists, MPs, the Co-operative or Labour Party, our staff, candidates, members, or members of a trade union or affiliated society From publicly available press releases and broadcast media where you can be identified as being involved (e.g. written the article, edited the broadcast, or produced a segment etc.) or from social media (to the extent that you choose to make your profile publicly visible) What do we use your personal data for and what is our lawful basis for using it? As a member of the General Electorate, we will use your personal data in the following ways: NOTE: For further information on how political parties may use your personal data from the Electoral Register as specified by the UK regulatory body for data protection, the Information Commissioner’s Office, you can access this information by clicking here. We do not sell your personal data to any third parties. Purpose for using personal data Lawful basis for using To perform our activities of democratic engagement with you. [From the Data Protection Act 2018: “The term “democratic engagement” is intended to cover a wide range of political activities inside and outside election periods, including but not limited to: democratic representation; communicating with electors and interested parties; surveying and opinion gathering, campaigning activities; activities to increase voter turnout; supporting the work of elected representatives, prospective candidates and official candidates; and fundraising to support any of these activities“] The lawful basis we shall be relying on is the for the performance of a task carried out in the public interest by a data controller in accordance with UK GDPR Article 6.1(e), also known as “Public Task”. And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To allow Co-operative Party staff, volunteers and members carry out political campaigning with the general electorate data we hold which includes engaging with voters as part of the democratic process, face-to-face canvassing and “Get out the vote” on election days. I.e. this may mean we have printed your information so that people who are knocking doors are able to know who you are and whether you have positively engaged with the Co-operative Party or the Labour Party in the past or now; it may also mean your personal data is securely accessible on our canvasser’s digital devices for short periods whilst walking the streets and knocking on doors. For us to identify and distribute the most effective political campaign messaging to a demographic or geographic area you belong to or where you may be located [NOTE: this is generally aggregated data we have purchased and usually is not able to directly identify you] Our legal basis for profiling is a mixture of both Legitimate Interests (GDPR Article 6 (f)) and Public Task (GDPR Article 6(1)(e)) in order to engage with voters and send them messages which they are likely to be interested in. And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To inform our campaign targeting and demographic modelling activities through profiling of your data from any location we may legally correct your personal data. To respond to you when you have engaged with us or any campaign material whether via social media, generic digital campaign locations on websites which may be polls, surveys and/or questionnaires, or email or SMS (text) distribution lists you are legitimately on that either we already hold or a partner on our behalf holds already where they have a lawful basis to do so. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). [Depending on how you interact with us the lawful basis may be in accordance with UK GDPR Article 6.1(e), also known as “Public Task”.] And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To send you marketing material either in the post, via email or text (SMS). The consent you have provided us for this use of your personal data in accordance with UK GDPR Article 6.1(a). And, The consent you have provided us for this use of your special categories of personal data in accordance with UK GDPR Article 9.2(a). As a Website Visitor we will use your personal data in the following ways: Purpose for using personal data Lawful basis for using To respond to you when you have engaged with us by completing a form or survey on our website or when you send us an email when you use the automated email sending prompt. This may mean we pass your personal data to someone that is able to help you or is more suitable to interact with you, especially where you may be telling us about some casework or local, national or international issues. [Please note that emails to local branches and individuals without a Co-operative Party email address (e.g. without ‘@party.coop’) will mean your personal data is not governed by this notice and we recommend you review their privacy notice(s) to understand how they will use your data] The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). To re-classify you based on how you interacted with our website e.g. you became a Co-operative Party Member, a Co-operative Party Supporter, or a Job applicant. To manage any complaints, you have made via the website. To improve our website. To send you marketing material either digitally (e.g. email or text (SMS)) or physically in the post. The consent you have provided us for this use of your personal data in accordance with UK GDPR Article 6.1(a). And, The consent you have provided us for this use of your special categories of personal data in accordance with UK GDPR Article 9.2(a). Where you have consented to our Cookie Banner: To analyse how you interact with our website, what products/offers we think you will like if you visit the Shop, and to display Co-operative political marketing adverts to you when you are browsing third party websites and social media. The consent you have provided us for this use of your personal data in accordance with UK GDPR Article 6.1(a). When you use the Co-operative Party website Shop To sell Co-operative Party products. The lawful basis we shall be relying in accordance with UK GDPR Article 6.1(b) where the use your personal data is necessary in the performance of a contract which you have agreed to or where we are working to enter into a contract with you. To register your account with us and allow you to sign in. To process your order and payment, and to be able to deliver any orders you place with us. To deal with any returns, refunds or customer services enquiries. To register your membership of any loyalty scheme we operate from time to time. Where you have not created a customer account and have not yet made a purchase, where you have given your consent, we will send you updates about new products, services within the Shop. The consent you have provided us for this use of your personal data in accordance with UK GDPR Article 6.1(a). To ensure the general administration of the Co-operative Party shop, including keeping a record of your transaction and processing orders. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). Storage of your personal data so it is easier for you to login/order on your next visit. To ensure appropriate system administration and troubleshooting of website issues, make improvements and to track the pages you have visited in order to improve the quality of the site and to personalise the website experience. To analyse how many Co-operative Party Members are using the Shop and identify if a role they may have within the Co-operative Party means we are able to target more relevant products to them. We may analyse this information against other information we hold about you. As a Co-operative Party Member, we will use your personal data in the following ways: Purpose for using personal data Lawful basis for using To process your membership application, register you as a member, manage your membership and communicate with you about all membership related matters over email, text (SMS) or by post e.g. policies, ballots, campaigns, events, conference(s), fund-raising, party updates etc. The lawful basis we shall be relying in accordance with UK General Data Protection Regulation (GDPR) Article 6.1(b) where the use your personal data is necessary in the performance of a contract which you have agreed to or where we are working to enter into a contract with you. And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To ensure you meet the conditions of membership at all times as outlined in the Co-operative Party Rule Book. To share your membership details and relevant contact details, or access to them, with Co-operative Party or Labour Party staff, local Co-operative Party organisers, other Co-operative Party Members (who are authorised via internal protocols) [NOTE: we have tiered secure access based on a person’s role in the Co-operative Party and the geography they are associated to.] For the Co-operative Party, elected representatives of the Co-operative Party, and any candidates in internal Co-operative Party elections, in which you are entitled to participate, to contact you and also use your information to campaign to you. To send you constitutional emails, including but not limited to, notifications related to your membership payments, notifications about annual general meetings, parliamentary selections, and leadership selections etc. [NOTE: you will receive these even where you have opted out of any other forms of communications with you.] To process any applications you make and subsequent procedures for any type of government or parliamentary candidate selection processes you are involved in, in line with the Co-operative Party Rule Book. To allow the Co-operative Party to check your eligibility to participate in and administer the ballot process for relevant internal elections, as determined by the Co-operative Party’s National Executive Committee (“NEC”), including sending electronic ballots. Where you have specifically indicated to us as appropriate to share personal data with the relevant affiliated organisation to verify you are a member of that organisation and to allow that affiliated organisation to update their records on the basis of the information you have provided. To process membership payment, donation payments, and, if applicable, allow expenses generated in your role as a member to be reimbursed by the Labour Party. To perform our activities of democratic engagement with you. [From the Data Protection Act 2018: “The term “democratic engagement” is intended to cover a wide range of political activities inside and outside election periods, including but not limited to: democratic representation; communicating with electors and interested parties; surveying and opinion gathering, campaigning activities; activities to increase voter turnout; supporting the work of elected representatives, prospective candidates and official candidates; and fundraising to support any of these activities“] The lawful basis we shall be relying on is the for the performance of a task carried out in the public interest by a data controller in accordance with UK GDPR Article 6.1(e), also known as “Public Task”. And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. For Co-operative Party and yourselves to conduct “political activities” which include campaigning, fund-raising, political surveys and casework. To help us develop Co-operative Party policy and documentation based on your views and opinions and any communications you have with us. To conduct polls, petitions and ballots. To administer membership suspensions and expulsions. For us to identify and send you the most effective political campaign messaging to you and for you to be able to use. [NOTE: this is generally aggregated data we have purchased and usually is not able to directly identify you] The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To send you invitations to participate in and help set up, manage and run any Co-operative Party events. To invite you to help manage any supporters and volunteers who are giving us their time for our democratic processes. To keep you up to date via newsletters, briefings, updates, and other communications that may promote the aims of the Co-operative Party, ask for donations or participation in things such as Labour Lottery etc. including providing political messages on social media. [NOTE: you can opt-out at any time although where you are already a member, we are not required to gain your consent to send you this material either electronically or by post.] To conduct wealth screening exercises via an accredited screening provider to ensure donation requests are aligned to the correct means available to Labour Party members. [You will always have the right to opt out of this processing by sending an email to us] This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising in the most effective way, and ensure that we provide you with an experience as a potential donor which is appropriate for you. To provide you with training that is of assistance to you campaigning with us. To understand your personal profile so that we can replicate similar audience profiles within our social media outreach activities and advertising i.e. to increase our chances of gaining more members. To ensure you are not targeted by any of our advertising activities, including on social media if you have opted out of marketing activities i.e. you may be on a suppression list we use. To invite you to rejoin the Co-operative Party at least twelve (12) months after you discontinued your membership. [NOTE: you can opt out of receiving our invitations to rejoin at any time although this will not mean we delete your personal data when you have stopped being a member.] To process any appeals against suspensions and/or expulsions that you make. To check your eligibility to donate or loan sums of more than £500 and to report relevant donations to the Electoral Commission. To test, monitor and develop any of our physical or digital systems that hold your information and also develop models for targeting of campaign messaging to certain demographics and geographies. To make relevant identity verification checks as a protective function based on when you contact us and what you are contacting us about, e.g. when a CLP is in “Special Measures”, Data Protection rights requests, Membership details update requests, password resets for your access to digital platforms etc. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 11 Protecting the public against dishonesty etc of the Data Protection Act 2018. As a Co-operative Party Supporter, we will use your personal data in the following ways: Purpose for using personal data Lawful basis for using To process your interest, your inquiry or specific application, such as signing up to our newsletter or consent on our webforms to be a Co-operative Party Supporter. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 22 Political Parties of the Data Protection Act 2018. To communicate with you about all supporter related opportunities over email, text (SMS) or by post e.g. policies, ballots, campaigns, events, conference(s), fund-raising, party updates etc. To share relevant contact details, or access to them, with Co-operative Party or Labour Party MPs, candidates, staff, local Co-operative Party or Co-operative Party or Labour Party Organisers, Co-operative Party or Labour Party Members (who are authorised via internal protocols) within your Co-operative Party constituency or Constituency Labour Party (CLP), Branch Labour Party (BLP) and ward, or local Co-operative Party or Labour Party Councillors so they might utilise your generous support. For the Co-operative Party or Labour Party and yourselves to conduct “political activities” which include campaigning, fund-raising, political surveys and casework, or any other work which may suite your experience and skill set. To help us develop Co-operative Party or Labour Party policy and documentation based on your views and opinions and any communications you have with us. For us to identify and send you the most effective political campaign messaging to you and for you to be able to use. To understand your personal profile so that we can replicate similar audience profiles within our social media outreach activities and advertising i.e. to increase our chances of gaining more supporters. To ensure you are not targeted by any of our advertising activities, including on social media if you have opted out of marketing activities i.e. you may be on a suppression list we use. To invite you to help manage any volunteers who are giving us their time for our democratic processes. To invite you to join the Co-operative Party or Labour Party as a member. To test, monitor and develop any of our physical or digital systems that hold your information and also develop models for targeting of campaign messaging to certain demographics and geographies. To provide you with training that is of assistance to you campaigning with us. To keep you up to date via newsletters, briefings, email updates, and other communications that may promote the aims of the Co-operative Party or Labour Party, ask for donations or participation in things such as Co-operative Party or Labour Party raffles or lottery (possibly Labour Lottery) etc. and also including providing political messages on social media. We capture your consent from our website and also from social media based advertising. [NOTE: you can opt-out at any time.] The lawful basis we shall be relying on is the consent you have given us in accordance with UK GDPR Article 6.1(a). And, Special categories of personal data used for the purpose of explicit consent in accordance with UK GDPR Article 9.2(a). To deal with legal claims and ongoing litigation cases. Compliance with a legal obligation under UK GDPR Article 6.1(c). The legal obligation is the UK General Data Protection Regulation to uphold your data protection rights. Special categories of personal data used for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity under UK GDPR Article 9.2(f). As a Supplier to the Co-operative Party, we use your personal information in the context of you or the organisation you work for who is providing a service to us. We will use your personal data in the following ways: Purpose for using personal data Lawful basis for using Review your applicability to provide your services to us. The lawful basis we shall be relying in accordance with UK GDPR Article 6.1(b) where the use your personal data is necessary in the performance of a contract which you have agreed to or where we are working to enter into a contract with you. Conduct business operations with you including contract management. Request feedback from you. Conduct Equality, Diversity and Inclusion monitoring activities. Resolve queries or complaints. Provide you access to digital or physical infrastructure as appropriate. Prevent or detect fraud or money laundering including fraudulent payments and fraudulent use of our services. Process your invoice and its payment. Contact you to agree on a contract or a purchase order with you. Process the payment of invoices, expense claims or grant claims etc. When you are an Event or Office Visitor including when you might attend one of our conferences, we will use your personal data in the following ways: Purpose for using personal data Lawful basis for using To register your attendance to Co-operative Party or Labour Party Conference, event or office visit. The lawful basis we shall be relying in accordance with UK GDPR Article 6.1(b) where the use your personal data is necessary in the performance of a contract which you have agreed to or where we are working to enter into a contract with you. If relevant, to take and manage payment for attendance. To manage the event, your attendance, safety and any issues that may occur. When you have attended a Co-operative Party or Labour Party conference or any Co-operative Party or Labour Party event or purchased a ticket (whether you attended or not) we will use your information to contact you for market research purposes, and to send you any service message about the conference or event. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). Where you have not made a purchase of a ticket but have signed up to attend an event where there is no purchase necessary, unless you opt-out, we will send you information about online and offline events. To register you in any building facility management companies to allow for your visit including entry and exit times and any guests you may bring. This may mean we log your personal details into our digital calendars, so we are remined for any upcoming visits and know when you visited last. You may also write your name and contact details into a visitors’ book. You will be recorded on CCTV in most event and office visit locations for safety and monitoring purposes. To gather opinion from you about the event or visit so we can improve future events and visits. To send you information about the Co-operative Party’s activities and political marketing including invitations to join the Co-operative Party as a member. You can opt-out at any time. The consent you have provided us for this use of your personal data in accordance with UK GDPR Article 6.1(a). Where you have not made a purchase of a ticket but have signed up to attend an event, where we have gained your consent we will contact you for market research purposes, and to send you more information about the Co-operative Party’s activities and political marketing including invitations to join the Co-operative Party as a member. You can opt-out at any time. To allow for accessibility and dietary needs/requirements for any events or visits. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). To transcribe audio captured from any recorded interviews, workshops or focus groups we have with you as a participant at any events or visits which may help us inform and decide upon policy areas of focus. To use any photograph/video taken at any of our events including an MP attendance event, without the expressed written permission of those included within the photograph/video, within the Co-operative Party marketing and policy collateral and documentation which may include brochures, manifestos and/or party-political broadcasts. If you do not wish to be in any photograph/video being take, please make sure you position yourself out of the line of sight of any cameras. To match your data with data we already hold with our copy of the electoral register and our Co-operative Party and Labour Party membership databases so that we can better understand the demographics of our reach and appeal and to make better targeting decisions for wider communications generally and for you. Purpose for using personal data when we conduct Research: The main purpose of conducting research with the personal data we collect is to inform, enhance and develop policies and procedures for how best to either: Win a general election Enhance our effectiveness and targeting techniques for raising funds to run our organisation and fight a general election or other relevant political campaigns Write policies and procedures for the running of the country Produce and deliver effective messaging to target geographies and demographics To inform our activities and best practice requirements for most effective ‘democratic engagement’ Stay in government and how best to run the government should the Co-operative Party and Labour Party form a government at any time Most outputs from the research will be statistical, based on aggregated information that is derived from the personal data and derived personal data we have created or have access to. At every stage of use, where possible, we will pseudonymise and anonymise your personal data. This is so that the least amount of people possible have access to personal data when conducting research and/or are not given the ability to re-identify the data where there is no reason for them to do so. For our research projects we collect your personal data for two distinct reasons when you are a ‘Research Participant’. You should always refer to any research specific privacy notice provided to you which will be bespoke to the research you’re involved in. The first reason for collecting your personal data will be to analyse it in the context of the research. This means the personal data collected from you is needed so we can conduct research on your personal data. It is highly unlikely we will analyse one research participant’s personal data in isolation. Most research we conduct is the bringing together of multiple people’s information and personal data to make discoveries to inform results to be published in a research report, white paper, or policy document we are writing. Your personal data is never published unless we have gained explicit permission from you to do so. Research outcomes are mainly statistical and derived into statements and reproducible facts without any individual personal data associated to them. The second reason for collecting your personal data is so we are able to gather the information needed for the research project from you. To achieve this, we may use your personal data: To conduct an interview, workshop or focus group with you as a participant, which may or may not be recorded To contact you to participate in an interview, and/or a workshop, and/or a focus group session as part of a project or piece of research If you are having data gathered directly from you, to gain your permission for participation in the research To match your data with your data held in the government data sources, such as the Office for National Statistics To match your personal data with any other personal data about you that we already hold or have access to ensuring we use legitimate data intermediary service providers and authorised researcher organisations that uphold the preservation of privacy and strong data protection and governance over your personal data To transcribe the audio captured from any recorded interviews, workshops or focus groups we have with you as a participant To identify your data, which would be deleted where possible, should you no longer agree to have your data processed for the purpose of conducting the evaluation To associate your answers with yourself where we would like to make confidential contact with you based upon the answers you have provided which we have identified as useful in our development of the research area To make confidential contact with you where you have indicated interest in being contacted about the research area or to participate in any research projects associated with this area of research (you are able to opt out at any time and are under no obligation to participate in any subsequent research projects) Most commonly, the lawful basis for using your personal data may be one or more of the following within a project: Legitimate Interest for societal benefit within research Legitimate Interest or Public Task for ‘democratic engagement’ research Ethical Consent for your participation in the research (equivalent of UK GDPR Article 6.1(a) consent within the Data Use and Access Act 2025) For the collection of your sensitive personal data, also known as GDPR special categories of personal data, in general we rely on GDPR Article 9.2(j) for research purposes with a basis in law. This is also relevant to any personal information known as “protected characteristics” under the UK Equality Act 2010. NOTE: Should you withdraw your consent for participation when the personal data is being analysed, we would not be able to immediately remove your personal data or the derivatives of your personal data until the analysis is complete. Where possible we would endeavour to remove all association to your personal data from the point of withdrawal of consent and inform you where this may not be possible depending on the stage of analysis and the project as a whole. If you are considered to be a member of the Press, we will use your personal data in the following ways: Purpose for using personal data Lawful basis for using To contact you or your office about any journalistic activities you may be involved in with the Co-operative Party or Labour Party or any of their representatives. The lawful basis we shall be relying on is the legitimate interest of the Data Controller in accordance with UK GDPR Article 6.1(f). To set up meetings and interviews with you which may or may not be recorded and to agree questions you will ask and topics of conversation within any interviews you conduct with MPs, candidates or other parts of the Co-operative Party or Labour Party. To provide you with official responses from the Co-operative Party or Labour Party about journalistic stories you are working on. To provide you with information about topics of discussion, an agenda or further information the Co-operative Party or Labour Party has been made privy to which may be relevant to a journalistic story. To discuss with you or your office or representatives about information you have had printed or broadcast in any medium pertaining to any part of the Co-operative Party or Labour Party. To invite you to cover events, the Co-operative Party or Labour Party is hosting, as a journalist or as a guest at a relevant event. To manage you as “Press” at any given event you attend which may mean lanyards and name badges identifying you and/or your workplace on them. This may allow you a different level of access to locations managed by the Co-operative Party or Labour Party at any given time. To pre-record interviews and broadcast segments with you. To log and re-use any articles, blogs, social media posts, television broadcasts and any other public facing media which you have produced or created. To request information from you about a story you may be working on before, during and after a story has been made public. To maintain a list of journalist and press contacts which Labour will use to make contact with you at any given time. We will use all personal data we hold about you for the following purposes: Purpose for using personal data Lawful basis for using To conduct investigations into concerns or complaints about electoral fraud, financial fraud, criminality, safeguarding issues, welfare issues, inappropriate behaviour displayed toward members of the public or other members, or any other activities which may cause or have the possibility of causing harm to others, either about you, where you may have been harmed, or where you are assisting us or acting as a witness. Where relevant, based on the outcome of investigation, we will also administer membership suspensions and expulsions based on the investigation. Use of the personal data is necessary to protect the vital interests of an individual or individuals in accordance with UK GDPR Article 6.1(d). And, Special categories of personal data used for the purpose of Substantial Public Interest under UK GDPR Article 9.2(g) in line with Schedule 1, Part 2, Paragraph 18 – Safeguarding of children and of individuals at risk; and Paragraph 19 – Safeguarding of economic well-being of certain individuals, of the Data Protection Act 2018. To identify personal data and take relevant action upon submission of a data subject rights request. Compliance with a legal obligation under UK GDPR Article 6.1(c). The legal obligation is the UK General Data Protection Regulation to uphold your data protection rights. Special categories of personal data used for the purpose of Substantial Public Interest (Preventing or detecting unlawful acts; Protecting the public; Regulatory requirements) under UK GDPR Article 9.2(g). To be able to assess any impact on individuals of a data breach involving personal data held on our systems or any third-party systems we employ. To help protect an individual from neglect or physical, mental or emotional harm, or protect the physical, mental or emotional well-being of an individual. Use of the personal data is necessary to protect the vital interests of an individual or individuals in accordance with UK GDPR Article 6.1(d). Special categories of personal data used for the purpose of Substantial Public Interest (Preventing or detecting unlawful acts; Protecting the public; Regulatory requirements) under UK GDPR Article 9.2(g). To deal with legal claims and ongoing litigation cases. This includes to establish, defend, or enforce legal claims or regulatory investigations. Compliance with a legal obligation under UK GDPR Article 6.1(c). The legal obligation is the UK General Data Protection Regulation to uphold your data protection rights. Special categories of personal data used for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity under UK GDPR Article 9.2(f). Who do we share your personal data with? NOTE: We never sell your personal data. Any data shared with the below categories of recipients is the minimum necessary for the task they have been instructed to carry out on our behalf or in conjunction with us. Each category of recipient is subject to review by the Data Protection Officer to make sure they have the right methods in place for keeping your personal data secure. Where the sharing of personal data is within the context of a product or service being supplied under contract to the Co-operative Party, a Data Processing Agreement (DPA), in accordance with UK GDPR Article 28, is put in place. This makes sure the supplier cannot use your personal data outside of the list of uses above. For all purposes of using your personal data, as listed above, we will share your personal data with the following: An electoral roll database management and customer relationship management (CRM) service providers Digital communications, storage and events platform service providers, and IT service providers where there is a requirement for activities to be part of a digital services supply chain If applicable and you have interacted with them, online polling, survey, questionnaire or web-form platform providers The Co-operative Party’s digital campaign team of designers and physical printing facilities and external print organisations Any department or unit within the Co-operative Party or Labour with an authorised level of secure access to data If initiated by you and/or where relevant and/or agreed by you or your representative, the Co-operative Party or Labour Party Candidates, MP’s or their office staff (both of which are separate data controllers) If initiated by you and/or where relevant and/or agreed by you or your representative, your Co-operative Party constituency, Constituency Labour Party (CLP) or local the Co-operative Party or Labour Party groups or affiliated organisations (all of which are separate data controllers) If initiated by you and/or where relevant and/or agreed by you, any relevant socialist societies or affiliated organisations which you have an interest or, upon becoming a member, you have provided your explicit permission for sharing your data from them to us and us with them If initiated by you and/or where relevant and/or agreed by you, media organisations which may include news media and journalists who represent specific and relevant views If initiated by you and/or where relevant and/or agreed by you, charities, charitable causes or individual families which have the possibility of being positively impacted from your contact and engagement with them (if agreed, any further uses of your personal data will be in line with their privacy information and the Co-operative Party takes no liability for any use of your personal data in how they use your personal data) If relevant, venues, hotels, travel companies and any other concierge or building management service providers For specific events, funders of certain Co-operative Party events who will be provided with lists of attendees although we will make this clear when you register to attend When authorised, secure and contracted, data intermediary service providers and authorised research organisations and their research partner organisations Where we have been made aware of casework to pass on to MPs, government departments, councillors or local organisations we will do so in a compliant and managed way via data intermediary service providers (this means only the minimum amount of personal data is shared so the casework can be resolved appropriately) [we do not need to capture consent for this sharing based on ‘democratic engagement’ purposes] If applicable, with Police, Law Enforcement Agencies, Healthcare Services including the NHS, Adult Services, Children Services, Local Authority Designated Officers (LADO), charities, charitable organisations or agencies or any other safeguarding related institutions or organisation(s), solicitors, legal counsel and/or claimants There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime or prove we have adhered to their request. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law. Data sharing with a third-party organisation that is not a supplier of a product or service to the Co-operative Party does not occur unless there is a legal obligation or sound lawful purpose for such sharing. For any such sharing we put a Data Sharing Agreement in place between Labour and the third-party containing specific information in accordance with the Information Commissioner’s Office ‘Data sharing code of practice’. This will include giving only relevant and often only geographically restricted access to your personal data to our local Co-operative Party organisations, Co-operative Party Candidates hoping to be elected, Co-operative Party Councillors, Co-operative Party Mayors and Co-operative Party Members of Parliament (MPs) so they can all conduct their democratic engagement activities. Please see their respective privacy notices. In all circumstances, the unlawful and unauthorised sharing of copies of personal data in which the Co-operative Party is the data controller is expressly prohibited. Any unauthorised sharing of Co-operative Party data is classified as a data breach which we will record and report to the ICO as required. How long will we keep your personal data? Data shall be reduced, redacted, de-identified and deleted at appropriate times so we retain the minimum amount of data possible. Personal data that we use for any purpose will not be kept for longer than is necessary for that purpose. In some circumstances we will anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Where images or videos of ours that you are in have been published are in the public domain or contain other data subject’s whose personal data we are obliged to retain, we may not be able to remove or delete your personal data. Different purposes will have different retention periods, and we will (for example) retain data about whether you were on the electoral register, for purposes of checking the permissibility of donations, for longer than we would retain profiled information estimating your likelihood to vote in a general election. Unless you specifically tell us otherwise, we will retain your personal data in all locations where it is currently held or until such a time it is no longer tenable to keep your personal data for any reason. Notwithstanding the other provisions of this section, we will retain your personal data: To the extent that we are required to do so by law If we believe that the information may be relevant to any ongoing or prospective legal proceedings To establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk) If we believe we have an overriding legitimate interest in order to do this. This is particularly the case for the “right to erasure”, where we maintain a minimal amount of information on our records. On the basis of keeping people safe from any harm, and our legitimate interest in knowing who has or has not been a Co-operative Party Member in the past when there may be future safeguarding or legal concerns or requests for member information, we retain all personal data we have captured from you. As a Co-operative Party Member or a Co-operative Party Supporter, where you submit a right to deletion request we will delete you from any and all locations we hold your personal data where it would mean we may make contact with you again (outside of our copy of the Electoral Register, and outside of when you make contact with us) we will retain your information if: It has been, or is being used within a complaints, disputes or grievance process by us and we may need to evidence this in the future to defend legal claims We need to keep it to comply with a legal obligation Erasing your data would prejudice scientific or historical research There is information associated with your data which is of a safeguarding concern to yourself or others Erasing will mean we lose our logs of when you made any data protection rights requests Erasing will mean we are unable to understand if you have been a member in the past Once you are no longer a Co-operative Party Supporter, which may mean you have chosen to unsubscribe from email and/or text or other digital communications we do not automatically delete your personal data. Supporter lists are reviewed each UK general election cycle and deleted within 12 months where you have opted out, if there is no other point of Co-operative Party Supporter data collection. a If circumstances require, on the basis of keeping people safe from any harm, and our legitimate interest in knowing who has or has not been a supporter in the past when there may be future safeguarding or legal concerns or requests for your information, we retain all personal data we have captured from you. As a representative of a Supplier, we retain your personal data for 7 years after your service has ended although may be longer if there are legal or political circumstances which mean we need to keep your personal data for longer. As an Event or Office Visitor where we are making recordings, it is your responsibility to move out of the line of sight of any cameras if you do not want to be identified in any images or video. The Co-operative Party reserves the right to retain all images and video with any audio or visual recording indefinitely that have been captured at any of our events or offices including any conference(s). Where you are no longer interacting with us after a previous engagement, event attendance or communications with us, we will delete your personal data during our data base reviews conducted during each parliamentary cycle (every 5 years). Unless you specifically tell us otherwise, or we receive a notification of your personal data being incorrect within a digital system, we will retain your personal data in all locations where it is held or until such a time it is no longer tenable to keep your personal data for any reason. What are your rights and how can you express them? To express any of your data protection rights you can send an email to our Data Protection Officer: j.northcott@party.coop Right of Access: You can request a copy of your personal data and details about how we use it Right to Rectification: You can ask us to fix or change your personal data if it is wrong or incomplete Right to Erasure: In some circumstances you can ask us to delete your personal data Right to Restriction: You can ask us to limit how we use your personal data if: it is not correct it has been used against the law, but you do not want us to delete it we do not need it anymore, but you want us to keep it for legal reasons if you have already asked us to stop using it but you are waiting for us to confirm Right to Object: You can ask to take back your consent for us to use your personal data at any time Automated Decision-Making Rights: You have the right not to have decisions made about you by a computer, if those decisions significantly affect you (e.g. legally) You will not have to pay a fee to access your personal data (or to use any of the other rights). However, we might charge a fee if your request is unreasonable or too much. Also, we may refuse to comply with the request in such circumstances. Due to the nature of being a political party, we maintain a risk averse approach to taking action on rights requests where we cannot prove it is the correct person making the request. To make sure that we can account for the risks, we ask everyone who submits a rights request to verify their identity. We are allowed to do this in line with what the UK regulator, the ICO, says on their website. Further information about your rights is on the ICO website which can be accessed by clicking here. We do apologise for any inconvenience this may cause but the various reasons for someone making a false rights request must be accounted for and we do not want to get it wrong. We hope you agree that it is reasonable to expect this level of caution from a political party. To successfully pass our identity verification process we ask that you send us a copy of any of the following: A copy of the photo page of your passport; or A copy of the photo side of your driving licence If you cannot provide these for any reason, please contact us to discuss other possible forms of acceptable ID. The Co-operative Party does not fall into the category of “public authority” under the Freedom of Information Act 2000. We will not, therefore, provide information if you have made this type of request. How can you complain about our use your personal data? If you want to raise a complaint about the way we’ve handled your personal data, you can contact the Co-operative Party Data Protection Officer (j.northcott@party.coop ). Upon contact you will enter our data protection complaints process. If you feel we have not addressed your complaint satisfactorily when we consider there is no further action to take, you have the right to complaint to the UK data protection regulator the Information Commissioner’s Office (ICO). You can submit your complaint to the ICO by either: Clicking here to access to ICO complaints tool; or By giving them a call on the ICO helpline: 0303 123 1113. How can you contact us about this privacy notice? If you have any questions about the information in this privacy notice, then you can contact the Data Protection Officer via email at j.northcott@party.coop or by post within a letter to: The Co-operative Party Data Protection Officer Unit 13, 83 Crampton Street, London, SE17 3BQ, United Kingdom When was this privacy notice last updated? We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of the changes where required by applicable law to do so. Last modified: 18 February 2026 Contents