Subject Access Policy

 

1. Introduction: Commitment to Data Protection Jedi Sales Consultants Ltd is committed to protecting the personal data of individuals in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Subject Access Policy outlines the rights of individuals to access their personal data and the procedures for submitting and handling subject access requests (SARs).

2. Scope: Who the Policy Applies To This policy applies to all employees, contractors, customers, and any other individuals whose personal data is processed by Jedi Sales Consultants Ltd. It covers all personal data held by the company, including electronic and paper records.

3. Rights of Individuals Under UK GDPR Individuals have the right to:

  • Request access to their personal data held by Jedi Sales Consultants Ltd.
  • Be informed about how their data is being used.
  • Request corrections to inaccurate or incomplete data.
  • Request deletion of their personal data in certain circumstances.
  • Restrict processing of their data where applicable.
  • Object to the processing of their data for specific purposes.
  • Receive their personal data in a portable format where applicable.

4. Submitting a Subject Access Request (SAR) Individuals can submit a Subject Access Request (SAR) by:

  • Sending a written request via email or postal mail to the Data Protection Officer (DPO).
  • Clearly specifying the personal data they wish to access.
  • Providing proof of identity to verify the request.

Requests should be sent to: Data Protection Officer
Jedi Sales Consultants Ltd
[Company Address]
Email: [DPO Email Address]

5. Handling and Responding to SARs Jedi Sales Consultants Ltd will:

  • Acknowledge receipt of the request within five working days.
  • Verify the identity of the requester before processing the request.
  • Provide the requested information within one month, unless the request is complex, in which case an extension of up to two months may be applied.
  • Inform the requester if the request cannot be fulfilled and provide reasons for any refusal.

6. Exemptions and Limitations In some cases, Jedi Sales Consultants Ltd may be unable to provide certain data, including:

  • Data that includes personal information about another individual (unless consent is obtained or it is reasonable to disclose).
  • Information subject to legal privilege or law enforcement investigations.
  • Data held for the purposes of crime prevention, taxation, or legal proceedings.

7. Responsibilities and Compliance

  • Management: Ensure that all SARs are handled promptly and in compliance with data protection laws.
  • Employees: Be aware of data protection obligations and forward SARs to the designated DPO immediately upon receipt.
  • Data Protection Officer (DPO): Oversee SAR handling, ensure compliance, and maintain records of SARs received and processed.

8. Monitoring and Review Jedi Sales Consultants Ltd will:

  • Regularly review this policy to ensure compliance with legal requirements.
  • Monitor SAR handling processes to improve response efficiency.
  • Provide training to employees on data protection and subject access rights.

Failure to comply with this policy may result in disciplinary action and legal consequences.

 

Policy Approval

  • Effective Date: 18/09/2024
  • Last Reviewed Date: 18/09/2024
  • Signed by: Nathan Ottaway
  • Role: Owner
  • Date: 18/09/2024