Subject Access Requests Policy

Subject Access Request (SAR's) Policy

1. POLICY STATEMENT

1.1 Midwich Ltd is committed to ensuring that any personal data and sensitive personal data that it holds about individuals (Data Subjects) is accurate, current, used only for the purpose intended and securely protected.

2. WHAT INFORMATION IS AN INDIVIDUAL ENTITLED TO UNDER THE GDPR?

2.1 Under the GDPR, individuals will have the right to obtain:

  • confirmation that their data is being processed;
  • access to their personal data; and
  • other supplementary information (as set out in Article 15 of the GDPR).

3. WHAT IS THE PURPOSE OF THE RIGHT OF ACCESS UNDER THE GDPR?

3.1 The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of, and can verify, the lawfulness of the processing (Recital 63).

4. FEES

4.1 A copy of the requested information will be provided free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

4.2 We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we may charge for all subsequent access requests.

4.3 Our fee will be based on the administrative cost of providing the information to you.

5. TIMESCALES

5.1 We will provide the requested information without delay and at the latest within 30 days of receipt.

5.2 We will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.

6. WHAT IF THE REQUEST IN MANIFESTLY UNFOUNDED?

6.1 Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we will:

  • charge a reasonable fee taking into account the administrative costs of providing the information; or
  • refuse to respond.

6.2 Where we refuse to respond to a request, we will explain why and inform you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and, at the latest, within one month.

7. HOW SHOULD THE INFORMATION BE PROVIDED TO MIDWICH?

7.1 We need to verify the identity of the person making the request, using ‘reasonable means’. Whilst there is no set format for making requests, we have created a template which will speed up the process. This can be found at Appendix 1.

7.2 Where requests are made electronically, we will provide the requested information to you in a commonly used electronic format like a PDF.

8. REQUESTS FOR LARGE AMOUNTS OF DATA

8.1 The GDPR permits us to ask you to specify the information the request relates to (Recital 63).

8.2 The GDPR does not include an exemption for requests that relate to large amounts of data, but we may be able to consider whether the request is manifestly unfounded or excessive.

Appendix 1 - Subject Access Request Form

x

Request a callback

Complete the form below and we’ll call you to discuss your requirements.

PSCo, Innovation House Segro Park
Ellesfield Avenue Bracknell RG12 8HH

01344 592 222
Copyright © 2024 Midwich. All rights reserved.