GDPR Data Subject Access Request (SAR) Policy – Clients and Suppliers
Data Protection Statement
The GDPR require that personal data is processed fairly and lawfully. International Translations Ltd. is committed to protecting the privacy and confidentiality of personal information relating to clients and suppliers.
The Company’s Data Controller is the Managing Director. Where an individual feels that the rules of data protection have been compromised within International Translations Ltd., they should contact the Managing Director.
Personal data held by the Company will be used for the purposes of fulfilling business contracts and communicating information which is of legitimate interest to clients and suppliers. Disclosure of personal information to a third party will only occur with the expression permission of the individual, unless the Company has a statutory/legal obligation to disclose the information.
The Right to Subject Access
In accordance with the GDPR, you have the right to be informed of the information held about you and to discover to whom it has been disclosed. Should you wish to access the information held by International Translations Ltd., you must make a formal request to International Translations Ltd. in writing. We will also need to see proof of your identity, to make sure it really is you asking for your personal data. We have created a Subject Access Request form to make this easier, but you do not have to use this in order to request access to your data – we just need some details as to what you would like to access.
Under the GDPR you are entitled to access the following:
- the reasons why your data is being processed;
- the description of the personal data;
- anyone who has received or will receive your personal data; and
- details of the origin of your data if it was not collected from you.
How We Handle SARs
Once you have submitted your Subject Access Request, along with proof of your identity, we will respond to you in writing within one month with your data or with an indication of timelines if we cannot provide your data within this time frame. All data requests will be completed within a maximum of three months in accordance with the GDPR. There will be no charge for making a Subject Access Request unless the request is ‘manifestly unfounded or excessive’. We may charge for multiple requests and this will be handled on a case-by-case basis.
Who to Contact
Please contact our Managing Director (MD) by email (firstname.lastname@example.org)