Under UK GDPR and the Data Protection Act, you, as a ‘data subjects’, are entitled to have access without undue delay and within one month following a request to information we hold regarding your personal details.
Under the Act you are also entitled to:
- a description of the data being processed
- the purposes for which it is being processed
- a description of the recipients
- the source of the data
- where any decision is taken based solely on an automated process.
These are called subject access requests (SAR’s). There are some exemptions to disclosure of information to data subjects under the terms of the Act. The Data Protection Act does not give third parties rights of access to personal information about individuals still living.
To request a copy of this information you can make a subject access request in writing, either via email or a letter to:
Data Protection Team
Encompass LATC LTD
1 Carshalton Road
Alternatively you can make the request verbally to a member of Encompass staff. Regardless of how you tell us, to ensure that we can deal with your request as efficiently as possible you (or the person the request is made on behalf of) will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what service you were involved with.
Encompass LATC must respond within a month, which may be extended by a further two months if the request is complex and the service is nornally free. If we are not the Controller of the data you have requested we will assist you in directing your enquiry to the relevant organisation.
We will send you a copy of all the information we hold on you. Any third party information will be redacted unless we have consent from the third party to provide it.
Some information may fall under an exemption from GDPR regulations. We will justify and document our reasons for relying on any exemption.
We operate a Data Retention Policy to ensure that information is not held for longer than necessary. Your subject access request and paperwork will be kept for three years and then securely destroyed.