Katy Clark MSP Data Protection Privacy Notice 

This the Privacy Notice of the office of Katy Clark MSP. 

This privacy notice explains how my office collects and uses personal information about individuals. As an MSP I am a registered data controller with the UK Information Commission. 

I process any personal data under the requirements of the General Data Protection Regulation (EU) 2016/679 (the GDPR) and the Data Protection Act 2018 (the DPA). 

My office address and contact details are

Address: The Scottish Parliament | Edinburgh | EH99 1SP Email:  Katy.Clark.MSP@Parliament.scot 

What is personal data: 

Any information that can lead to you being identified such as a name, personal life or family, identification number, employment, location data, an online identifier etc. Personal data can also include factors specific to your physical, psychological, genetic, mental, economic, cultural or social identity.  

Any data I hold that meets this criteria is subject to GDPR and the Data Protection Act 2018.  

Purpose of processing personal data: 

I will hold all personal data securely, I will only use it for the purposes it was collected or acquired for and I will only pass it on to third parties with your consent or according to a legal obligation. 

I collect and use personal data to fulfil the functions and associated activities of my office such as carrying out casework on your behalf or to tend to issues and campaigns I am involved in. Other processing activities include carrying out tasks for the public interest; for example, surveying or opinion gathering, campaigning or communicating with constituents. Processing may also be necessary for the pursuit of legitimate interests, to comply with legal obligations, protect vital interests of individuals or the performance of a contract. 

If you contact me with an inquiry or a complaint, I will normally need to store your contact details to deal with your inquiry or complaint.  This is considered to be “normal category data” under the GDPR. 

Further information about the data protection legislation and your rights is available here: 


Handling your data: 

GDPR and your data is based on a set of handling principles. 

  • Fair and lawful​ 
  • Used for specified, legitimate and explicit purposes and not further processed or used in a way incompatible with specified purposes​ 
  • Adequate, relevant and limited to what is necessary​ 
  • Accurate and rectified without delay​ 
  • Retained in identifiable form for no longer than necessary​ 
  • Processed with appropriate security including protection against unauthorised or unlawful processing 

Retention of personal data: 

I will retain personal information for as long as I am a sitting MSP unless asked otherwise. 

Sharing of personal data: 

I sometimes may be required to share the personal information I hold with other individuals or organisations including for example: 

  • healthcare, social and welfare organisations 
  • local and central government bodies 
  • educators and examining bodies 
  • statutory law enforcement agencies 
  • investigating bodies 
  • elected representatives and other holders of public office 
  • financial organisations 
  • crime prevention agencies and the police 

I may seek your prior express consent to share your personal data with any of the following: 

  • employment and recruitment agencies 
  • press and the media 
  • family, associates and representatives of the person whose personal data I am processing 
  • enquirers 
  • subjects of complaints 
  • political parties 
  • charitable parties 
  • health authorities 

Your rights 

The GDPR sets out the rights which individuals have in relation to personal information held about them by data controllers.  

Right to access – You have the right to request a copy of the personal information about you that I hold. 

Right to rectification – I want to make sure that your personal information is accurate, complete and up to date and you may me to correct any personal information about you that you believe does not meet these standards. 

Right to deletion – You have the right to ask me to delete personal information about you where: 

  • You consider that I no longer require the information for the purposes for which it was obtained 
  • I am using that information with your consent and you have withdrawn your consent. 
  • You have validly objected to my use of your personal information –my use of your personal information is contrary to law or our other legal obligations. 

Right to prevent direct marketing – You have the right at any time to require me to stop using your personal information for direct marketing purposes.   

Right to prevent automatic decision making – in some cases, you may ask me to restrict how I use your personal information.  The right might also apply where this is no longer a basis for using your personal information, but you don’t want me to delete the data.   

Withdrawing consent using your information – Where I use your personal information with your consent you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given. 

Please contact me using the contact details provided above. 

Changes to my privacy statement 

I keep this privacy statement under regular review and will place any updates on this website.  Paper copies of the privacy statement may also be obtained using the contact information above. 

This privacy statement was last updated on 12 January 2022.