Your right of access
You have the right to find out if we are holding or using your personal data. There is no charge for making a request.
Before you begin
In most cases we will need to verify your identify before we can proceed with your request. When we do need to you will need to provide two copies of ID to confirm who you are. You will be shown a list of which ID is accepted when you apply.
If you are making a request on behalf of another person, you will also need to provide their ID and their permission for you to act as their representative.
A request can be verbal or in writing. We recommend you follow up any verbal request in writing because this will allow you to explain your concern, give evidence and state exactly what you need. It will also provide clear proof of your request if you decide to challenge our response.
Make a request
How long will it take?
We will respond to your request within one calendar month, unless you have made more than one request or the enquiry becomes complex. When this happens your request can take an extra two months to complete.
What if I am unhappy with you response?
If you are unhappy with how we have handled your request, use one of the methods below to highlight your concerns:
If we cannot resolve your concerns quickly then an internal review into our handling of your case will be arranged and you will be informed of the outcome. If you remain unhappy, you can make a complaint to the Information Commissioner’s Office (ICO).
You can also seek to enforce your rights through the courts. If you decide to do this, we strongly advise you to seek independent legal advice first.
Request for access to your personal data via third party websites
As a Data Controller we are responsible for compliance with the Data Protection Act 2018. Article 32 of the General Data Protection Regulation (GDPR) requires us to have appropriate and organisational measures in place to securely process personal data. We will only work with third party suppliers we have a contract with as defined by Article 28 of the GDPR. Before engaging with a third party supplier we assess the security of their network to ensure compliance with Article 24, 25, 28 and 32.
As we are unable to assess the security of the third party website / portal and we do not have a contract in place with them to ensure compliance with the Data Protection Act / General Data Protection Regulation, we are unable to respond to requests for access to data from third party websites / portals.