Subject Access Requests

Similar documents
DATA PROTECTION POLICY FOR PUPILS AND PARENTS

Data Protection Policy

BECCLES INDOOR BOWLS CLUB

RECRUITMENT & SELECTION PRIVACY NOTICE May 2018

A-1110 Wien. Privacy Notice

What credit related information do we collect and hold and how do we collect it?

Best Execution & Client Order Execution Policy. October P age 1 6. BE31/10/17 v1

Europa Group Privacy Policy

Privacy & Data Protection Policy

Privacy Notice for Applicants and Tenants

JOHN L. LITTLE, D.D.S, P.A ACKNOWLEDGEMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES. May Refuse to Sign This Acknowledgement-

What do you need? Copy of the HIPAA Policy on Amendment of Protected Health Information

LMA GUIDANCE: GDPR CORE USES INFORMATION NOTICE

SNAKK MEDIA LIMITED FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES

Data Protection Code of Practice

UK Employment Law Changes in 2010: New Statutory Rates, Limits and Entitlements

Triodos Bank. UK Recruitment Privacy Statement

Summit Asset Managers Limited

Ramsey Million Partnership

We process personal data for some or all of the following purposes depending on our relationship with the individual data subject:

DATA PROTECTION POLICY: PUPILS AND PARENTS

General Information and Instructions NOT FOR USE

HIPAA Privacy Rule LINKS AND RESOURCES AFFECTED ENTITIES IMPACT ON EMPLOYERS. Provided by Brown & Brown of Louisiana, LLC

address: Driver license number: Date of birth: Occupation:

PSNC Briefing on the NHS Complaints procedure (from 1 April 2009)

The UK Register of Trusts 21 December 2017

CITY OF EAST LANSING WRITTEN PUBLIC SUMMARY OF FOIA PROCEDURES AND GUIDELINES

You can get help from government organizations that are not connected with us

CONSENT FOR TREATMENT

Charter Township of Oakland 4393 Collins Road, Rochester, MI Public Summary of FOIA Procedures and Guidelines

Renewing an Insurance Policy

Checking and Savings Account Application

Ending Your Membership in the Plan

TERMS AND CONDITIONS FOR APPOINTMENT OF INDEPENDENT DIRECTOR

Terms and Conditions 19 December 2018

GENERAL DATA PROTECTION REGULATION (GDPR) POLICY

Annual Return Guidance

The Company is a public company incorporated in Bermuda and its securities are listed on AIM.

Appeal Process Overview

ABLE Accounts: 10 Things You Should Know

The UK Register of Trusts 23 October 2017

Purpose... 1 Definitions... 1 Policy... 2

PAYMENT BY CARD TERMS & CONDITIONS

FINANCIAL SERVICES GUIDE Adams Triglone, Gregory Thomas Adams, Judith Anne Constantine

Township. Public Summary of FOIA Procedures and Guidelines

Producer Statements will be accepted only in accordance with this policy.

THE CROWDFUND ACT OF 2012 (TITLE III OF THE JOBS ACT): SUMMARY OF LAW AND MAJOR ISSUES RAISED IN PRE-COMMENTS TO THE SEC

Policy on Requesting Reasonable Accommodations from the Zoning Code

Financial Services Guide

Renewal of Manager s Certificate

Pershing Financial Services Guide (FSG) including its Privacy Policy

VOLUNTEER REGISTRATION FORM

St. Clair County Community College s PUBLIC SUMMARY OF FOIA PROCEDURES AND GUIDELINES

Accord Group Privacy Policy

RENEW DERMATOLOGY NOTICE OF PRIVACY PRACTICES

LICENSEE STANDARDS. Life Insurance Advice. (including Replacement of Product Advice)

The Pre-Action Protocol for Debt Claims

Flexible Working Policy

Lapeer Conservation District

The Coombe Secondary Schools Academy Trust Incorporating Knollmead Primary School. Data Protection

Charter Township of Orion 2525 Joslyn Road, Lake Orion, MI Public Summary of FOIA Procedures and Guidelines

Bournemouth Borough Council. Penalty Notice Code of Conduct - For failure to ensure regular attendance at school of a registered pupil

City of Southfield Written Public Summary of FOIA Procedures and Guidelines

CUTV Production Grant Form

Alternative Exam Arrangements

Grant Application Guidelines

Disciplinary Policy. WHO is this policy for?

FINANCIAL SERVICES GUIDE

Record Keeping and Notes in Records for Claims Adjusters

Resolving Frequently Asked Questions

We ll collect and process information about you from a number of sources, including details:

Questions to OSEP regarding and

Handling Complaints at Lloyd s: Guidance for managing agents and their representatives

Guidelines and Recommendations Guidelines on periodic information to be submitted to ESMA by Credit Rating Agencies

Trustee Benefits. 1. Expense payments

Details of Rate, Fee and Other Cost Information

NCTJ Conflicts of Interest Policy and Procedures

16-18Co(17)97 Appendix 2. Panel Consideration Practice Statement. Introduction. This document has been produced to:

Guidelines for submission to the NSW Population and Health Services Research Ethics Committee. Version June 2015

The kinds of personal information (including credit-related information) we collect, and the purposes for which we do that;

Salem Township. Public Summary of FOIA Procedures and Guidelines

NO LATE ENTRIES WILL BE ACCEPTED.

Setting up the Creative Pension Trust - Moneysoft User Guide

How to Become a Delaware Public Benefit Corporation

JAUPT Appraisal Criteria Centre Application. November 2016

AusNet Electricity Services Pty Ltd. Information Sharing Protocol and Register

CAREVEST MORTGAGE INVESTMENT CORPORATION Directions for Completing Retraction Requests

Start-up Crowdfunding Guide for Funding Portals

FINANCIAL SERVICES GUIDE (FSG)

EPPA Update Issued September 2012 / Updated October, 2012 Defined Benefit Funding Relief Provisions

FAQs What does my insurance cover? What will this event cost? I don t know who my insurer is. How can I find out?

FORM 2. INDEPENDENT REGULATORY BOARD FOR AUDITORS (Established under Section 3 of Act 26 of 2005)

HESPERIA COMMUNITY LIBRARY WRITTEN PUBLIC SUMMARY OF FOIA PROCEDURES & GUIDELINES Effective July 1, 2015

Elmwood Infant and Nursery School

Puerto Rico Treasury Department Finally Grants Relief to Participants Affected by Hurricane Maria

Note this is a NPP that reflects Omnibus changes as of March Tucson Gastroenterology Specialists Tucson Gastroenterology Institute

Enforceable Undertakings Operational Policy

Tips for Creating an Account, Applying for and Enrolling in Health Coverage

BACKGROUND CHECK DISCLOSURE DOCUMENT

YUM! Brands 401k Plan

Transcription:

Subject Access Requests The Data Prtectin Act 1998 gives rights t individuals in respect f the persnal data that rganisatins hld abut them. One f thse rights is the right t get a cpy f the infrmatin that is held abut yu. This is knwn as a subject access request. The right f subject access basically means that yu can make an infrmatin request under the Data Prtectin Act 1998 (DPA 1998) t any rganisatin that cntrls hw and why yur persnal data is prcessed. Under the DPA 1998, these rganisatins are called data cntrllers. Yu can find ut whether an rganisatin is a data cntrller by checking their privacy plicy (which yu might find n their website, fr example), r therwise by simply asking them. What is persnal data? Persnal data means infrmatin that relates t an identified, r t an identifiable, living individual. This catches quite a brad categry f infrmatin, and includes infrmatin such as yur name, address, medical histry and identificatin number. Plitical pinins, sexual life, medical histry and cnvictin histry fall int a different categry. This categry is sensitive persnal data. There are stricter rules in relatin t sensitive persnal data due t their nature. Infrmatin relating t the fllwing are cnsidered sensitive persnal data under sectin 2 DPA 1998: - race r ethnic rigin; - plitical pinins; - religius beliefs r ther beliefs f a similar nature; - trade unin membership; - physical r mental health r cnditin; - sex life; - cmmissin r alleged cmmissin f any ffence; and, 1

- prceedings fr any cmmitted r alleged ffence, the dispsal f such prceedings, r the sentence f any curt in such prceedings. What infrmatin wuld I be entitled t? Yu are entitled t be: tld whether persnal data is being prcessed; given a descriptin f the persnal data, the reasns it is being prcessed and whether it will be given t any ther rganisatins r peple; given a cpy f the persnal data; and given details f the surce f the data (where this is available). Yu can als request infrmatin abut the reasning behind any autmated decisins taken abut yu, such as a cmputer-generated decisin t deny credit. Can I access persnal data n smene else s behalf? It is pssible t make a request n smene else s behalf, e.g. where a slicitr is acting n behalf f a client. Hwever in this case the rganisatin will need t satisfy itself that yu the individual s permissin t act n their behalf. This evidence culd, fr example, take the frm f a pwer f attrney, and it is yur respnsibility t prvide this evidence. Can I access persnal data abut my child? Infrmatin abut children may be released t a parent r anther persn with parental respnsibility. Hwever, the best interests f the child shuld always be cnsidered. Even if a child is very yung, data abut them is still their persnal data and des nt belng t anyne else. S it is the child wh has a right f access t the infrmatin held abut them, even thugh in the case f yung children these rights are likely t be exercised by thse with parental respnsibility fr them. Therefre as nly the child has a right t access persnal data abut himself/herself, befre respnding t a request fr infrmatin held abut a child, rganisatins will need t cnsider whether the child is mature enugh t understand their rights. If the rganisatin is cnfident that the child can understand their rights, then it will respnd t the child rather than t the parent r persn wh has parental respnsibility. 2

D I have t pay t access my persnal data? Organisatins may charge a fee f up t 10 ( 2 if it is a request t a credit reference agency fr infrmatin abut yur financial standing nly). There are special rules that apply t fees fr paper-based health recrds (the maximum fee is currently 50) and educatin recrds (a sliding scale frm 1 t 50 depending n the number f pages prvided). Can an rganisatin refuse t prvide me with infrmatin? Yes, nt all persnal infrmatin is cvered by the right f subject access. The DPA 1998 cntains sme circumstances where the rganisatin can refuse t prvide yu with the infrmatin that yu have requested, r where it can limit the infrmatin that it prvides t yu e.g. where the infrmatin yu have asked fr cntains infrmatin that relates t anther persn. The DPA 1998 states that an rganisatin des nt have t cmply with a request if t d s wuld mean disclsing infrmatin abut anther individual wh can be identified frm that infrmatin, except where: - the ther individual has cnsented t the disclsure; r - it is reasnable in all the circumstances t cmply with the request withut that individual s cnsent. Yur subject access rights apply in respect f persnal infrmatin that is: i. held, r ging t be held, n a cmputer; ii. iii. iv. is in, r ging t be in, a highly structured manual filing system that allws fr easy retrieval f data; is in mst health, educatinal, scial services r husing recrds; r is ther infrmatin which is held by a public authrity. 3

Hw d I make a Subject Access Request? 1) Plan Ahead Try t find the right department r the right persn t send the request t as this will save time later. Calling an rganisatin s helpline r checking their privacy ntice r plicy n their website may help. Check any applicable csts r fees in advance. Yu shuld make sure that yu knw all the infrmatin yu need when making a request rganisatins are allwed t charge fr every request made t it s it s better t avid multiple requests if yu can! 2) Write t the rganisatin A Subject Access Request must be made in writing. This can be dne by sending a letter, email, fax r even n scial media (such as Twitter r Facebk). Smetimes a data cntrller may ask yu t submit yur request via a specific type f frm, but they cannt insist that yu use this, because under the DPA yur request will be valid as lng as it is in writing. When requesting yur persnal data frm an rganisatin, yu shuld include the fllwing infrmatin: Yur full name, address and cntact telephne number. Any infrmatin used by the rganisatin t identify yu frm thers f the same name e.g. accunt number, unique ID, etc. Details f the specific infrmatin that yu are requesting, and any relevant dates yur medical recrds, cpies f bank statements held in accunt number xxx, emails between certain dates, cpies f CCTV ftage frm a particular camera, etc. If yu have a disability that means yu require the infrmatin in a specific frmat that is accessible t yu (such as Braille, large print r audi frmat), make this clear in yur request. If yu are making a subject access request n smene else s behalf, evidence t shw that yu are authrised t make that request yu will have t decide what 4

wuld be the mst apprpriate evidence, n a case-by-case basis. Sme examples f dcuments that culd be relevant are: a pwer f attrney r, if yu are requesting infrmatin abut a child, the child s birth certificate, yur marriage certificate, r a curt rder relating t parental respnsibility. In the UK, the data prtectin regulatr is called the Infrmatin Cmmissiner s Office (r ICO in shrt). The ICO has prvided sme examples f letters r emails that yu culd use t make a subject access request. These examples are available here: https://ic.rg.uk/fr-thepublic/persnal-infrmatin/ 3) Keep cpies and prf f receipt It is always best t send yur request by recrded delivery r by email. Yu shuld keep a cpy f the request and all ther crrespndence. This will be imprtant evidence if yu later need t cmplain t the Infrmatin Cmmissiner s Office, fr example, if the rganisatin des nt respnd t yur request prmptly r fully. Hw sn can I get hld f my persnal data? The rganisatin needs t respnd t yur subject access request within 40 days. The 40 day perid starts either n the date that the rganisatin receives the request r, if later, the day n which it receives: a) the fee (if ne is required); b) any requested infrmatin abut yur address; and c) any infrmatin requested t cnfirm yur identity. The rganisatin shuld give yu the infrmatin in writing. Hwever, it des nt have t d this where it is nt pssible t prvide yu with the infrmatin in writing, if it takes disprprtinate effrt t d s, r if yu agree t receiving the infrmatin in sme ther frm (such as seeing it n screen). The ICO has said that the fllwing shuld be taken int accunt when cnsidering whether it wuld take disprprtinate effrt t give yu the infrmatin in writing. the cst f giving yu the infrmatin; 5

the length f time it will take; hw difficult it will be; the size f the rganisatin; and the effect n yu f nt having the infrmatin in permanent frm. What can I d if the rganisatin desn t respnd? If the rganisatin has nt respnded t yur request within 40 days, yu shuld write t them t remind them f yur request and their legal bligatins. If yu think that the rganisatin has withheld sme f yur persnal infrmatin that yu are entitled t, yu shuld cntact them with yur cncern. Make sure yu state the infrmatin yu think is being withheld. Yu can find an example letter frm the ICO s website. If yu have cntacted the rganisatin and still have nt received an apprpriate respnse frm it, yu can reprt the matter t the ICO by: Reprting yur cncern thrugh its webiste: https://ic.rg.uk/cncerns/ Cntacting the ICO via its live chat service r Calling its helpline n 0303 123 1113 Nte: The infrmatin in this leaflet reflects the psitin under the Data Prtectin Act 1998. Frm 25 May 2018, the new EU General Data Prtectin Regulatin will cme int frce. The infrmatin in this leaflet may therefre need t be updated t reflect these changes t the law. 6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback