DATA SUBJECT ACCESS REQUEST POLICY
What is the right of access?
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why we are using their data, and check we are doing it lawfully.
How do we recognise a subject access request (SAR)?
An individual can make a DSAR verbally or in writing. A request is valid if it is clear that the individual is asking for their own personal data. An individual does not need to use a specific form of words, refer to legislation or direct the request to a specific contact.
An individual may ask a third party (eg a relative, friend or solicitor) to make a DSAR on their behalf. . Before responding, we need to be satisfied that the third party making the request is entitled to act on behalf of the individual. We will request this information in writing (electronically or otherwise) .It is the third party’s responsibility to provide evidence of their authority.
What we consider when responding to a request?
We will comply with a DSAR without delay and at the latest within one month of receiving your request. We may extend the time to respond by a further two months if the request is complex or you have a large number of requests
If we process a large amount of information about an individual, we may ask you to specify the information or processing activities that your request relates to, if it is not clear. The time limit for responding to the request is paused until we receive clarification, although we will supply any of the supplementary information we can do within one month.
Can we ask for ID?
Yes. We need to be satisfied that we know the identity of the requester (or the person the request is made on behalf of). If we are unsure, we will ask for information to verify an individual’s identity. The timescale for responding to a SAR does not begin until we have received the requested information.
Can we charge a fee?
Not usually. In most cases we cannot charge you a fee to comply with a SAR. However, we can charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data.
How we supply information to the requester?
You are entitled to a copy of your personal data and to other supplementary information. We will provide the information electronically unless you request another method.
We will email you a link to a secure web portal along with a password. The web portal will be deleted after 30 days.
If you ask, we can provide a verbal response to your DSAR, provided that you have confirmed your identity .
Can we refuse to comply with a request?
Where an exemption applies, we may refuse to provide all or some of the requested information, depending on the circumstances. We can also refuse to comply with a DSAR if it is manifestly unfounded or manifestly excessive.
If we refuse to comply with a request, we will inform you of
- the reasons why;
- your right to make a complaint to the ICO or another supervisory authority; and
- your ability to seek to enforce this right through the courts.
What should we do if the request involves information about other individuals?
We will consider whether it is possible to comply with your request without disclosing information that identifies another individual. If this is not possible, we do not have to comply with the request except where the other individual consents to the disclosure or it is reasonable to comply with the request without that individual’s consent.
What other exemptions are there?
The exemptions are set out in Schedules 2 and 3 of the DPA 2018 and they are as follows:
- Crime and taxation: general
- Crime and taxation: risk assessment
- Legal professional privilege
- Functions designed to protect the public
- Regulatory functions relating to legal services, the health service and children’s services
- Other regulatory functions
- Judicial appointments, independence and proceedings
- Journalism, academia, art and literature
- Research and statistics
- Archiving in the public interest
- Health, education and social work data
- Child abuse data
- Management information
- Negotiations with the requester
- Confidential references
Can the right of access be enforced?
Yes. In appropriate cases, the ICO may take action against us if we fail to comply with data protection legislation. The ICO will exercise these enforcement powers in accordance with their Regulatory Action Policy. You can contact the Information Commissioners Office (ICO) by clicking here and quoting our ICO number ZB257978
If we fail to comply with a SAR, you may apply for a court order requiring us to comply or to seek compensation. It is a matter for the court to decide, in each particular case, what action to take.
All Rights Reserved
UK Bailiff Services Ltd is a Company Registered in the UK
Company Number 11337729
Registered Address 223 Bacup Rd, ROSSENDALE, BB4 7PA
VAT Number 306547801
ICO Number ZA379866
All prices and costs quoted are subject to VAT
