As an organisation that holds and processes information about clients, employees or suppliers, we must comply with 1998 Data Protection Act. There is a legal obligation to protect that information and guidance on how that information should be kept and used. In order to comply with this information we will:
- only collect information we need for a specific purpose;
- keep it secure;
- ensure it is relevant and up to date;
- only hold as much as we need, and only for as long as we need it; and
- allow the subject of the information to see it on request.
Requesting Access to Personal Data
4. Where can I get further information?
Enquiries relating to Data Protection at iERA should be directed to iERA's Data Controller whose contact details are below:
Suite 321 Crown House Business Centre
North Circular Road
3. What happens next?
The Data controller will assess that the request is genuine and not frivolous. That the correct fee has been paid and that the ID of the person making the request and the data subject is the same and genuine and ask for confirmation of ID.
We will send you an acknowledgement of your request as soon as possible. This will indicate the deadline by when we will send you a response. We may also ask you to provide further information or clarification if we require it to process your request, and may contact you again for additional information or clarification if necessary.
After iERA receives your request, we must consider it and respond to it. We will respond as soon as possible, and in all cases within 40 calendar days of receipt of your request. If we reasonably require further information from you to locate the data which you have requested, we will inform you as soon as possible, and the 40 day deadline will commence from the date when we receive the information from you.
If iERA holds no data about you, you will be informed of this. If iERA holds data on you, the Data Controller will contact you to agree the format in which the data is to be provided.
2. How do I submit a request?
Requests for access to personal data must be in writing. We ask that you complete and return iERA's Subject Access Request Form which is designed to gather the information which we need to identify you, communicate with you and locate data about you. Failure to complete the form could delay processing of your request, as we may need to contact you for further information or clarification.
Together with the form, you must also send us a fee of £15 (payable to "iERA"), and proof of your identity. We will not begin processing your request until the fee and proof of ID are received. We require proof of ID to ensure that we are releasing data to the correct person. Please supply a photocopy (not the original) of one of the following:
- The pages which identify you in your passport.
- Your driving licence.
If you are unable to supply any of the above, please contact iERA's Data Controller.
Please send the completed subject access request form, fee and proof of identity by post to the following address:
Suite 321 Crown House Business Center
North Circular Road
The form, fee and proof of identity must be submitted for each subject access request.
1. What are my rights?
The Data Protection Act 1998 gives individuals a right of access to the personal data which organisations hold about them, subject to certain exemptions. Requests for access to personal data are known as subject access requests. This page explains how to submit a subject access request to iERA, how we will handle your request.
If you submit a subject access request to iERA, you are entitled to be told whether we hold any data about you. If we do, you also have the right:
- Know what information is being held about you.
- In response to a valid request (including a fee of £10), the Data Controller will provide a copy of all personal data about that Data Subject held at the time the application was made.
- The Data Controller may negotiate with the Data Subject to provide a more limited range of data or may choose to provide more. Certain data may be withheld, including Third Party material, especially if any duty of confidentiality is owed to the Third Party – in this case, Third Party means either that the data is about someone else, or that someone else is the source.
- Personal data includes name, address, telephone numbers and email or other contact information.
Last updated January 2017