Subject Access Requests (SARs)

Introducing the procedure around subject access requests at AECC University College.

Subject Access Requests (SARS)

Here we outline how we handle requests for information on personal data. This is in line with the General Data Protection Regulation and Data Protection Bill (to become act) 2018. 

GDPR data breach policy

For further details on our privacy notices please see the below: 

Staff privacy notice
Student privacy notice
PATIENT privacy notice 

Accessing your personal data

Under data protection legislation an individual has the right (subject to certain exemptions) to access the information that an organisation holds about them. Accessing personal data in this way is known as making a subject access request.  Subject access requests are different to requests submitted under Freedom of Information (FOI) legislation, which relate to information about the organisation itself.  Our freedom of information procedure can be downloaded here

Any person wishing to access their personal data under the provisions of the General Data Protection Regulation and Data Protection Bill (to become Act) 2018 should make a Subject Access Request (SAR). We encourage you to use the SAR form which can be downloaded here. The form should be sent to the Data Protection Officer (DPO) via DPO@aecc.ac.uk

Please note: in the event of a shutdown, DSARs posted to AECC may not be dealt with as quickly as usual, and some records may be unobtainable, preventing us providing full access to your personal data. If you need urgent access to the data we hold on you, please submit your request by email to DPO@aecc.ac.uk. We are happy to liaise with you as to whether we release a partial record and send you the remaining data later, or whether you prefer to wait and receive the whole thing when we are able to facilitate your request in full. Your patience is appreciated and we will do everything we can to service your requests.

The DPO will then coordinate the gathering together of the appropriate information. The University College will comply with SARs as quickly as possible but will ensure that the information is provided within 1 calendar month from receipt of identification unless there is good reason for delay. If you are able to describe the data you seek clearly, this will reduce any likelihood for delay. We may refuse requests that are deemed manifestly unfounded or excessive and reserve the right to charge a fee for these. In such cases the reason for refusal, delay, or any fees payable will be explained in writing.

The DPO has a duty to establish the identity of the requester. The identification required is usually one document that includes photo identification and a signature, such as a photo driving licence or a passport, plus a current utility bill or bank statement showing your name and address.

If you have any reason to believe that the University College has not dealt correctly with your request, please contact the Chief Operating Officer, Julie Currin on jcurrin@aecc.ac.uk. If you are still not satisfied, you should contact the Information Commissioner’s Office.

Download SAR form for medical records

Download Personal Data Request Form

Download Any other SAR form