GDPR Data Subject Access Request (SAR) Policy – Clients and Suppliers
Data Protection Statement
The GDPR require that personal data is processed fairly and lawfully. Wolfestone is committed to protecting the privacy and confidentiality of personal information relating to clients and suppliers.
The Company’s Data Controller is the Chief Technical Officer. Where an individual feels that the rules of data protection have been compromised within Wolfestone Holdings, they should contact the Chief Technical Officer.
Personal data held by the Company will be used for the purposes of fulfilling business contracts and communicating information which is of legitimate interest to clients and suppliers. Disclosure of personal information to a third party will only occur with the expression permission of the individual, unless the Company has a statutory/legal obligation to disclose the information.
The Right to Subject Access
In accordance with the GDPR, you have the right to be informed of the information held about you and to discover to whom it has been disclosed. Should you wish to access the information held by Wolfestone Holdings, you must make a formal request to Wolfestone Holdings in writing. We will also need to see proof of your identity, to make sure it really is you asking for your personal data. We have created a Subject Access Request form to make this easier, but you do not have to use this in order to request access to your data – we just need some details as to what you would like to access.
Under the GDPR you are entitled to access the following:
- the reasons why your data is being processed;
- the description of the personal data;
- anyone who has received or will receive your personal data; and
- details of the origin of your data if it was not collected from you.
How We Handle SARs
Once you have submitted your Subject Access Request, along with proof of your identity, we will respond to you in writing within one month with your data or with an indication of timelines if we cannot provide your data within this time frame. All data requests will be completed within a maximum of three months in accordance with the GDPR. There will be no charge for making a Subject Access Request unless the request is ‘manifestly unfounded or excessive’. We may charge for multiple requests and this will be handled on a case-by-case basis.
Who to Contact
Please contact our Data Protection Officer (DPO) by email (firstname.lastname@example.org).
Subject access request form can be downloaded here:
If emailing please include SUBJECT ACCESS REQUEST in the subject line of your email.