The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 govern how we collect, use and process personal information and gives individuals a number of rights regarding their personal information. The principles laid down by the GDPR are:
- lawfulness, fairness and transparency - personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals
- purpose limitation - personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- data minimisation - personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accuracy - personal data shall be accurate and, where necessary, kept up to date
- storage limitation - personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- integrity and confidentiality - personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
- accountability – the data controller shall be responsible for, and be able to demonstrate compliance with, the principles
Your rights under GDPR
How to use your right or make a complaint
Apply by completing the online Subject Access Request form.
Alternatively, please print and complete the Subject Access Request (SAR) - request form (MS Word, 332KB)
Please email your request to: firstname.lastname@example.org or post to The Data Protection Officer, 1st Floor Westfields, c/o Municipal Buildings, Earle Street, Crewe, CW1 2BJ
If you are not satisfied with our response you can complain to the Information Commissioner.