Subject Access Request
Last Updated: 14 February 2020
Under the General Data Protection Regulations otherwise known as GDPR, a new Data Protection Bill came into force across the UK and the rest of Europe on the 25th May 2018.
New Heights has always taken its responsibilities towards customer data very seriously and as such has been working towards full compliance in the years prior to this date.
So that you can continue to have the confidence in us to protect your data, we have during this period continued to invest significantly in enhanced operational systems and to work with our partners as they do the same. You can be confident that we will continue to place ongoing improvements at the forefront of our commitment to you.
Under the new regulations we are expected to provide you with an electronic machine-readable report (e.g. Microsoft Excel .xlsx, Comma Separated Values .csv, or similar) of the personal data we hold on you, a ‘Subject Access Request’ (SAR).
Understandably, before we can share this data, we have to be confident that you are who you say you are. However, once we are satisfied of this, we will provide you with a report that shows what data we hold on you within 30 days from that confirmation.
At which point we will, for administrative and safeguarding purposes record how often we provide such reports to you. There is no limit as to how often you can request a SAR report, but we are within our rights to refuse, or charge an administration free for such reports if we believe the requests are manifestly unfounded or excessive, and beginning to place unnecessary restrictions upon us which was not intended under the Regulations.
Additionally, you are also permitted to ask us to remove all your data under the ‘Right to be Forgotten’ section of the regulations for complete peace of mind. Once invoked our newly enhanced systems operate in such a way that your personal data will be fully obfuscated from our systems and will from that point forward be unrecoverable. The only exceptions to this is what is retained in our sales records, which we are required by law to keep for a number of years (the length varies depending on type) by HMRC. Once this required period has passed then the remaining information will be deleted.