Subject Access Requests | Health Sciences University
HSU Logo purple

Subject Access Requests (SARs)

Students on their laptops

Our Procedure for Subject Access Requests

Here we outline how we handle requests for information on personal data. This is in line with the General Data Protection Regulation and Data Protection Bill (to become act) 2018.

Find our Data Protection Breach Policy, as well ad our Staff, Student and Patient Privacy notices on our Latest Policies page.

Latest Policies

Accessing Your Personal Data

Under data protection legislation an individual has the right (subject to certain exemptions) to access the information that an organisation holds about them. Accessing personal data in this way is known as making a subject access request. Subject access requests are different to requests submitted under Freedom of Information (FOI) legislation, which relate to information about the organisation itself. Download our freedom of information procedure.

Any person wishing to access their personal data under the provisions of the General Data Protection Regulation and Data Protection Bill (to become Act) 2018 should make a Subject Access Request (SAR). The form should be sent to the Data Protection Officer (DPO) via DPO@aecc.ac.uk.

Please note: in the event of a shutdown, DSARs posted to AECC may not be dealt with as quickly as usual, and some records may be unobtainable, preventing us providing full access to your personal data. If you need urgent access to the data we hold on you, please submit your request by email to DPO@aecc.ac.uk. We are happy to liaise with you as to whether we release a partial record and send you the remaining data later, or whether you prefer to wait and receive the whole thing when we are able to facilitate your request in full. Your patience is appreciated and we will do everything we can to service your requests.

The DPO will then coordinate the gathering together of the appropriate information. The University College will comply with SARs as quickly as possible but will ensure that the information is provided within 1 calendar month from receipt of identification unless there is good reason for delay. If you are able to describe the data you seek clearly, this will reduce any likelihood for delay. We may refuse requests that are deemed manifestly unfounded or excessive and reserve the right to charge a fee for these. In such cases the reason for refusal, delay, or any fees payable will be explained in writing.

The DPO has a duty to establish the identity of the requester. The identification required is usually one document that includes photo identification and a signature, such as a photo driving licence or a passport, plus a current utility bill or bank statement showing your name and address.

If you have any reason to believe that the University College has not dealt correctly with your request, please contact the Data Protection Officer via DPO@aecc.ac.uk. If you are still not satisfied, you should contact the Information Commissioner’s Office.

Download Sar Form For Medical Records

Download Any Other Sar Form

Download Personal Data Request Form (212)

AECC Logo White
© 2024 Health Sciences University -