<p><img alt="imapt" width="1" height="1" src="//insight.imapt.co.uk/101093536ns.gif" /></p>Subject Access Request Policy | idXtra

Subject Access Request Policy


  1. This document sets out the idxtra policy for responding to “subject access requests” under data protection legislation.
  2. A subject access request is a written request for personal information (known as personal data) held about you by idxtra.
  3. Data protection legislation gives individuals the right to know what information is held about them. However, this right is subject to certain exemptions.
  4. When we receive a subject access request we will first check that we have enough information to be sure of your identity. Often we will have no reason to doubt a person’s identity, for example, if we have regularly corresponded with them. However, if we have good cause to doubt your identity we can ask you to provide any evidence we reasonably need to confirm your identity.
  5. We will gather any manual or electronically held information (including emails) and identify any information provided by a third party or which identifies a third party. If we have identified information that relates to third parties, we will write to them asking whether there is any reason why this information should not be disclosed.
  6. We do not have to supply the information to you unless the other party has provided their consent or it is reasonable to do so without their consent. If the third party objects to the information being disclosed we may seek legal advice on what we should do.
  7. We will deal with your subject access request without undue delay and in any event within one month of receipt of your request. However, if the work involved is particularly complex or if numerous requests are made then we may extend this period by up to two additional months. In this case, we will inform you about the extension and explain the reasons.
  8. We will not charge a fee for dealing with your request unless it is manifestly unfounded or excessive. If we charge a fee, we will inform you of this and explain the reasons for doing so.
  9. We will explain what steps have been taken in dealing with your request i.e. we will set out the source of your personal information we have gathered.
  10. The information will be provided in a concise, transparent and easily accessible form. It may be provided in writing, or by other means, including, where appropriate, by electronic means.
  11. There are a number of exemptions to our duty to disclose personal data and we may seek legal advice if we consider that they might apply. An example of an exemption is information covered by legal professional privilege.
  12. If we agree that the information is inaccurate, we will correct it and where practicable, destroy the inaccurate information. If we do not agree or feel unable to decide whether the information is inaccurate, we will make a note of the alleged error and keep this on file.
  13. If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure by contacting our Data Protection Officer DPO@idxtra.com. If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner or seek recourse through the courts. The Information Commissioner can be contacted at: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF T: 0303 123 1113 (local rate) or 01625 545 745 (national rate) If you would like to know more or have any concerns about how your personal data is being processed please contact: The Data Protection Officer, idxtra, DPO@idxtra.com.