For people making requests
What data do we collect?
We will collect the following information in order to process subject access requests:
- Proof of identity
How we use your data
We will use this to verify your identity, process your data subject access request and retain records of subject access requests.
Our Legal basis
This is done as a legal requirement.
Data is not passed to third parties unless required to fulfil a data subject access request. We may refer you to the third party if this has been directly contracted by you.
The data is held within the EU.
Is the data transferred abroad?
The data is not transferred abroad.
How long we keep the data for?
Information about data subject access requests is retained indefinitely in order to comply with the regulation. Proof of identity is not retained.
How we safeguard your data
We use appropriate technical and organisational measures to safeguard your data including:
- Multi-factor authentication on all systems that allow access to personal data
- Staff have access to only data appropriate to perform their roles
- Access audit logging for systems containing personal data
- Strong data encryption at rest
- Where appropriate, encryption of data in use
- Closed-circuit television
- 24/7 Security guards
- Strong physical access controls to systems containing personal data.