The Right of Access to Personal Data
- What information am I entitled to see under GDPR?
- Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.Under the GDPR, individuals will have the right to obtain:
- Confirmation that their data is being processed
- Access to their personal data
- Other supplementary information - this largely corresponds to the information that should be provided in a privacy notice.
We will verify the identity of the person making the request, using 'reasonable means'. If the request is made electronically, we will provide the information in a commonly used electronic format. Where possible we will provide remote access to a secure self-service system which would provide the individual with direct access to his or her information.
- What is the purpose of the right of access under GDPR?
- The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the processing.
- How will the information be provided?
- What is classed as personal data?
- The GDPR applies to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
- What personal information do you have?
- If you have purchased from us, or registered your warranty or you have contacted us for support we will have your name, address, contact details and in most instances your email address. If you have contacted us for support we will have notes on your case history.
- Is an email address classed as personal information?
- An email address, whilst personal to the individual does not allow us to identify who the person is. Only if accompanied by a name and full postal address is this possible.
- Can I have the audio record of my call?
- The Right of Access provides a right to see the information contained in personal data, rather than a right to see the documents that include this information this includes a call recording.
- How long do you take to respond to a subject access request?
- Information must be provided without delay and at the latest within one month of receipt. You will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, you must inform the individual within one month of the receipt of the request and explain why the extension is necessary.
- How do I make a Right to Access request?
- To make a Right to Access request for your personal information you can write to:
- Vax LTD (UK)
Customer Contact Team
Stonebridge Cross Business Park
- or email via our Contact Us page with the subject title 'DPA Subject Access Request'.
- Is there a charge for dealing with a subject access request?
- No, we must provide a copy of the information free of charge. We may charge a 'reasonable fee' when a request is manifestly unfounded or excessive, particularly if it is repetitive.
- We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that you can charge for all subsequent access requests.
- The fee must be based on the administrative cost of providing the information.
The Right to Erasure of Personal Information
- The right to erasure is also known as 'the right to be forgotten'.The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- When can I request the erasure of my personal information?
- The right to erasure does not provide an absolute 'right to be forgotten'. As an individual you have a right to have personal data erased and to prevent processing in specific circumstances:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.When the individual withdraws consent.When the individual objects to the processing and there is no overriding legitimate interest for continuing processingThe personal data was unlawfully processed (ie, otherwise in breach of the GDPR).The personal data is processed in relation to the offer of information society services to a child.
There are some specific circumstances where the right to erasure does not apply and you can refuse to deal with a request.
- When can you refuse to comply with a request for erasure?
- We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
- To exercise the right of freedom of expression and information.
- To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
- For public health purposes in the public interest.
- Archiving purposes in the public interest, scientific research, historical research or statistical purposes.
- The exercise or defence of legal claims.
- Will you tell other organisations about the erasure of personal data?
If we have disclosed the personal data in question to others, we will contact each recipient and inform them of the erasure of the personal data - unless this proves impossible or involves disproportionate effort.