Post by The Management on Mar 14, 2024 16:24:40 GMT
This is a post of a SAR Request,
Subject Access Request ?
I would suggest that you copy the text and place in a letter format if only to see what in looks like
[/font]
Subject Access Request ?
What it's for? Is you can add into it to request what details and organization has on you you can then check that they can legally hold that information on you
It is a starting point ,it is variable and can be adjusted to suit yourself
I would suggest that you copy the text and place in a letter format if only to see what in looks like
(Your Address in Full)
Date
(Title and Name
of possibly bad people
Address)
Attention of the Data Protection Officer
Dear Sir/ Madam
DATA SUBJECT ACCESS REQUEST UNDER THE GENERAL DATA PROTECTION REGULATION
( as or if required Number xxxxxxx ..Name Address again with post code)
I am writing to inform you that I am makiing a subject access request for the disclosure of my personal data because I understand that you may be holding and/or processing my personal data.
This request is being made in accordance with Article 15 of the General Data Protection Regulations (“GDPR”) which requires you to confirm whether or not my personal data is being processed by you or any third party acting on your behalf. If it is the case that you hold or are processing my personal data, then I am entitled to receive copies of all information relating to me as the data subject.
The meaning of personal data is deliberately broad in scope and which is defined in Article 4 of the GDPR as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Categories of personal data
This is a general request for disclosure of all personal information held by or any third party acting on its behalf. I understand that some of the data may be held electronically such as emails or other document types. Although I assume you have the necessary search tools to identify the relevant personal data but to assist you further, I would suggest that you carry out a search using my full name which is or alternatively, I am also known as . Furthermore, some of the data I believe you may hold about are the following:
Financial information: statements, invoices, insurance details, details of any credit checks carried out, any commission or payments to third parties connected to or associated with my accounts, credit records, credit worthiness, credit rating, purchases, sales, credit, income, loan records, transactions or other information pertaining to spending habits.
Contractual agreements: signed credit agreements and/or application forms, terms and conditions of said credit agreements or applications, default notices, summary of account history, a copy of any lists of third parties that have been granted (whether or not they were permitted) access to my personal data.
Correspondence: records, notes, minutes, transactions, transcripts, documents, evidence, reports complaints, memos, emails, letters or any other expression of opinion held by or third parties whether in physical, electronic (including any customer relationship management system), magnetic or any other format type and which is presently held or stored in any archives, backups or other relevant storage locations.
Special categories of data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health (including medical history, physical or mental state, sex life or sexual orientation)
Other information: tangible or intangible assets that I own, rent or borrowed, relationships whether in a personal or professional manner.
Video and audio: CCTV footage relating to the day of and between the approximate hours of . All telephone call recordings for the period of including all associated notes.
The above-mentioned list is not exhaustive and the GDPR explicitly states I am entitled to all personal data irrespective of whether I have requested it. Furthermore, the Information Commissioner’s Office (“ICO”) considers that a data controller should be “prepared to make extensive efforts to find and retrieve the requested information” (see the ICO’s Code of Practice relating to subject access requests).
Compliance with this request
Once you have located my personal data , a copy of the information should be sent in a password-encrypted PDF file to my email address . Please ensure that the password is emailed separately to the PDF. In the alternative “hard copies” would be accepted. In addition,
OR
Compliance with this request
Once you have located my personal data , I require the data to be sent in a hard copy format
I also require you to:
Provide a description of the data and the categories of personal data concerned.
Explain the purposes for which the data is processed.
Identify the source or sources of the data.
Set out to whom the data has been disclosed or may be disclosed, in particular recipients in third countries or international organisations.
Set out, where possible, the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period.
State whether there has been any automated decision-making using the data, including profiling, and if so, any meaningful information about how it was based, as well as the significance and the envisaged consequences for me of such processing.
You should also be aware that subject access requests under GDPR are now free of charge and I understand that you are required to identify the individual making such a request. I have therefore enclosed a copy of my so that you may satisfy yourself of my identity.
The time limits for complying with subject access requests is one month beginning on the day after receipt of the said request. As this request is being made by , I calculate that you should comply with my request no later than 4pm on . If you consider my request to be complex and require an extension of time up to a maximum of two months, then you are obligated to notify me within one month of receiving this request and explain why the extension is necessary (the ICO’s view however, is that it is not reasonable to extend the time limit for compliance if the request is
(1) manifestly excessive,
(2) an exemption applies or
(3) you prefer to verify my identity before complying with the request). Nonetheless, if I am not satisfied with your reasons relating to the extension of time, then I am entitled to lodge a complaint to the ICO to consider whether or not such an extension was reasonable.
I should point out the data required includes ALL e-mails, Interdepartmental correspondence,Communication both within the Orginisation as well as Inter branch together with all Minutes and inter personal notes together with all Vetting information.
Finally, I would appreciate if you could confirm receipt of my request as soon as possible. If you need further clarification regarding the contents of this letter, I am happy to discuss it further by contacting me by e-mail.
I look forward to hearing from you by (30 days from the sent )
Yours faithfully,
Name in full
Sent date
Tracking Number for Recorded receipt
Date
(Title and Name
of possibly bad people
Address)
Attention of the Data Protection Officer
Dear Sir/ Madam
DATA SUBJECT ACCESS REQUEST UNDER THE GENERAL DATA PROTECTION REGULATION
( as or if required Number xxxxxxx ..Name Address again with post code)
I am writing to inform you that I am makiing a subject access request for the disclosure of my personal data because I understand that you may be holding and/or processing my personal data.
This request is being made in accordance with Article 15 of the General Data Protection Regulations (“GDPR”) which requires you to confirm whether or not my personal data is being processed by you or any third party acting on your behalf. If it is the case that you hold or are processing my personal data, then I am entitled to receive copies of all information relating to me as the data subject.
The meaning of personal data is deliberately broad in scope and which is defined in Article 4 of the GDPR as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Categories of personal data
This is a general request for disclosure of all personal information held by or any third party acting on its behalf. I understand that some of the data may be held electronically such as emails or other document types. Although I assume you have the necessary search tools to identify the relevant personal data but to assist you further, I would suggest that you carry out a search using my full name which is or alternatively, I am also known as . Furthermore, some of the data I believe you may hold about are the following:
Financial information: statements, invoices, insurance details, details of any credit checks carried out, any commission or payments to third parties connected to or associated with my accounts, credit records, credit worthiness, credit rating, purchases, sales, credit, income, loan records, transactions or other information pertaining to spending habits.
Contractual agreements: signed credit agreements and/or application forms, terms and conditions of said credit agreements or applications, default notices, summary of account history, a copy of any lists of third parties that have been granted (whether or not they were permitted) access to my personal data.
Correspondence: records, notes, minutes, transactions, transcripts, documents, evidence, reports complaints, memos, emails, letters or any other expression of opinion held by or third parties whether in physical, electronic (including any customer relationship management system), magnetic or any other format type and which is presently held or stored in any archives, backups or other relevant storage locations.
Special categories of data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health (including medical history, physical or mental state, sex life or sexual orientation)
Other information: tangible or intangible assets that I own, rent or borrowed, relationships whether in a personal or professional manner.
Video and audio: CCTV footage relating to the day of and between the approximate hours of . All telephone call recordings for the period of including all associated notes.
The above-mentioned list is not exhaustive and the GDPR explicitly states I am entitled to all personal data irrespective of whether I have requested it. Furthermore, the Information Commissioner’s Office (“ICO”) considers that a data controller should be “prepared to make extensive efforts to find and retrieve the requested information” (see the ICO’s Code of Practice relating to subject access requests).
Compliance with this request
Once you have located my personal data , a copy of the information should be sent in a password-encrypted PDF file to my email address . Please ensure that the password is emailed separately to the PDF. In the alternative “hard copies” would be accepted. In addition,
OR
Compliance with this request
Once you have located my personal data , I require the data to be sent in a hard copy format
I also require you to:
Provide a description of the data and the categories of personal data concerned.
Explain the purposes for which the data is processed.
Identify the source or sources of the data.
Set out to whom the data has been disclosed or may be disclosed, in particular recipients in third countries or international organisations.
Set out, where possible, the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period.
State whether there has been any automated decision-making using the data, including profiling, and if so, any meaningful information about how it was based, as well as the significance and the envisaged consequences for me of such processing.
You should also be aware that subject access requests under GDPR are now free of charge and I understand that you are required to identify the individual making such a request. I have therefore enclosed a copy of my so that you may satisfy yourself of my identity.
The time limits for complying with subject access requests is one month beginning on the day after receipt of the said request. As this request is being made by , I calculate that you should comply with my request no later than 4pm on . If you consider my request to be complex and require an extension of time up to a maximum of two months, then you are obligated to notify me within one month of receiving this request and explain why the extension is necessary (the ICO’s view however, is that it is not reasonable to extend the time limit for compliance if the request is
(1) manifestly excessive,
(2) an exemption applies or
(3) you prefer to verify my identity before complying with the request). Nonetheless, if I am not satisfied with your reasons relating to the extension of time, then I am entitled to lodge a complaint to the ICO to consider whether or not such an extension was reasonable.
I should point out the data required includes ALL e-mails, Interdepartmental correspondence,Communication both within the Orginisation as well as Inter branch together with all Minutes and inter personal notes together with all Vetting information.
Finally, I would appreciate if you could confirm receipt of my request as soon as possible. If you need further clarification regarding the contents of this letter, I am happy to discuss it further by contacting me by e-mail.
I look forward to hearing from you by (30 days from the sent )
Yours faithfully,
Name in full
Sent date
Tracking Number for Recorded receipt