University College Cork National University of Ireland, Cork Data Access Request Procedure

Similar documents
DATA PROTECTION POLICY

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Subject: Kier Group plc Data Protection Policy

Data Subject Access Request

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

INNOVENT LEASING LIMITED. Privacy Notice

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

UWTSD Group Data Protection Policy

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Access Rights and Responsibilities. A guide for Individuals and Organisations

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

Rights of Individuals under the General Data Protection Regulation

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

DATA PROTECTION POLICY THE HOLST GROUP

Data Protection Policy

Privacy Notice - General Data Protection Regulation ( GDPR )

Policy Objectives (the Association) Privacy Act APPs Policy Application ACTU The Police Association Website

Brasenose College ICT Systems Privacy Notice (v1.2)

Privacy Policy Wealth Elements Pty Ltd

The British Museum. Data Protection Code of Practise. 1 Introduction

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

About the information we collect We collect and process personal data including but not limited to:-

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

DATA SUBJECT ACCESS REQUEST PROCEDURE

Data Protection Policy

Privacy Notice. General Information Protection Regulation ( GDPR )

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

DATA PROTECTION IN RESEARCH

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

The Data Protection Act 1998

Breach Notification Form

Privacy and Data Protection Policy

Maritime Union of Australia. Privacy Policy 2014

Staff and Recruitment Privacy Notice Your personal information

HOW WE USE YOUR INFORMATION

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

UWC International Data Protection Policy

KSi Malta Privacy Policy

ADMA Briefing Summary March

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

DATA PROTECTION A GUIDE FOR USERS

Islam21c.com Data Protection and Privacy Policy

Data Loss Assessment and Reporting Procedure

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Motorola Mobility Binding Corporate Rules (BCRs)

Data protection legal jungle or common sense Susan Healy. Religious Archives Group 22 Mar 2010

Cognizant Careers Portal Privacy Policy ( Policy )

Personal Data Access Requests. A guide to accessing personal information held by the university

Index Introduction... 3

NCG Carlisle College Privacy Statement

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection. Guidance Notes

Data Protection Policy

PRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Down Under Centre Employment Hub - Privacy Policy Introduction

WIT Diverse Campus Services Ltd. Data Protection Policy

Introductory guide to data sharing. lewissilkin.com

Guidance Request for Record Deletion, Rectification, Restriction and Processing

Wesley House data protection statement and privacy notice (short-course delegates)

Office of John Howell MP Data Protection Policy

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

UUEAS Privacy policy - Members

NCAS SUBJECT ACCESS REQUEST FORM (DATA PROTECTION ACT 1998)

Privacy Notice For Ghana International Bank Plc customers

This policy also applies to personal information about you that the Federation collects from any other third party.

Ambition Training. Privacy Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

HOW TO EXERCISE YOUR DATA SUBJECT RIGHTS

PRIVACY POLICY 1. ABOUT THIS POLICY

Technical Requirements of the GDPR

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

The General Data Protection Regulation

Citizens Information Phone Service: Data Protection Notice for Users of the Service

Data Subject Access Request (SAR) Policy, Guidance and Template

Policy on Privacy and Management of Personal Information

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

SOUTHFIELD SCHOOL PROCEDURE FOR RECEIVING AND RESPONDING TO SUBJECT ACCESS REQUESTS

Data Protection Policy

BODY CORPORATE REGISTRATION Application form

Privacy Policy GENERAL

COMPLAINT FORM PART 1 YOUR PERSONAL DETAILS. Mr/Mrs/Ms: First name: Surname: Address: Telephone: Mobile: (optional) address: (optional)

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

Privacy Impact Assessment

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation

TINOPOLIS PRIVACY NOTICE

Subject Access Request (SAR) Procedure

Vernon Building Society Recruitment Privacy Notice. Effective from 25 th May 2018

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

Privacy Policy Hafliger Films SpA

Data Protection Policy

Cayman Islands Data Protection Law Guide Book

RVC DATA PROTECTION POLICY

CHANCERY EDUCATION TRUST PICKHURST ACADEMY SUBJECT ACCESS REQUEST (SAR) POLICY OCTOBER 2018

Exercising Your Data Access Rights under the Personal Data (Privacy) Ordinance (Frequently Asked Questions and Answers)

Transcription:

University College Cork National University of Ireland, Cork Data Access Request Procedure 1

Document Location http://www.ucc.ie/en/ocla/comp/data/dataaccess/ Revision History Date of this revision: 28/02/2014 Date of next review: 28/02/2015 Version Revision Summary of Changes Number/Revision Date Number 1.1 17/06/13 Revised existing Data Access Procedures 2.0 16/08/13 Procedures completed 2.1 28/02/14 Fees no longer required (section 4) Consultation History Revision Consultation Names of Parties in Summary of Changes Number Date Consultation 1.1 11/06/13 N. Geary, J. FitzGerald Consulted with NG & JF No changes required 2.1 28/02/14 N. Geary, M. Farrell Fees no longer required Approval This document requires the following approvals: Name Title Date Approved Michael Farrell Corporate Secretary 23/09/2013 Michael Farrell Corporate Secretary 28/02/2014 This procedure shall be reviewed annually by the Information Compliance Officer in light of any legislative or other relevant developments who will consult as necessary before submitting any amendments for approval. 2

TABLE OF CONTENTS 1. INTRODUCTION... 4 2. PURPOSE OF THIS PROCEDURE... 4 3. PROCEDURE FOR MAKING A DATA ACCESS REQUEST... 4 Making an access request... 4 Fees... 4 Identification... 4 Submitting the request... 5 Right to complain to Data Protection Commissioner... 5 4. DEFINITIONS... 5 5. REVIEW... 6 6. FURTHER INFORMATION... 6 3

1. INTRODUCTION At University College Cork ( the University ) your privacy and data protection rights are very important to us. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts, 1988 and 2003 (the Data Protection Acts ), lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed ( processed ). Under section 4 of the Data Protection Acts, individuals ( data subjects defined below) are entitled to make a request for access to their personal data and have the right to have their personal data amended if found to be incorrect. 2. PURPOSE OF THIS PROCEDURE The purpose of this procedure is to ensure that the University complies with the access request provisions of the Data Protection Acts and to enable individuals to submit data access requests where required. 3. PROCEDURE FOR MAKING A DATA ACCESS REQUEST Making an access request If you wish to make a data access request, it must be in writing. There is no requirement to refer to the Data Protection Acts, but it will assist the University if you do so. Please complete and sign the application form and send it to UCC s Information Compliance Officer (address below). Alternatively, you may write to the Information Compliance Officer. Your letter or email (to foi@ucc.ie) should read something like: "Dear... I wish to make an access request under section 4 of the Data Protection Acts 1988 and 2003 for a copy of any information you keep about me, on computer or in manual form in relation to..." To help us to respond to your request, please be as specific as possible about the information you wish to access. Please include any additional details that would help to locate your information - for example, a staff or student number, names of departments/offices that you were associated with, etc. If you wish a third party to submit a data access request on your behalf (e.g. a family member or solicitor), you must provide written authorisation to allow the University to disclose your personal data to that third party. Fees No application fee is required to process your data access request. Identification In order to ensure that personal data is not disclosed to the wrong person, you may be required to provide proof of identity before any personal data is released to you. Acceptable forms of identification include: copy of passport or driving licence; staff/student ID card; copy of bank statement; copy of utility bill. Copies are acceptable in most cases, however we reserve the right to 4

ask to see original documents where necessary. If you are required to provide copies of such documents to the University, they will be securely destroyed once we have verified your identity. Submitting the request All requests for access to personal data held by University College Cork should be sent to: Catriona O'Sullivan Information Compliance Officer University College Cork 4 Carrigside, College Road Cork Tel: +353 (0)21 4903949 Email: foi@ucc.ie A decision on your request will be made within 40 days of receipt of your request. Right to complain to Data Protection Commissioner If you are unhappy with the outcome of your request, you may make a complaint to the Data Protection Commissioner (Canal House, Station Road, Portarlington, Co. Laois), who will investigate the matter for you. Further details on your rights under the Data Protection Acts are available on the Data Protection Commissioner's website www.dataprotection.ie 4. DEFINITIONS The following are some important definitions used in this procedure, taken from section 1 of the Data Protection Acts, with additional comments provided where appropriate: Data means information in a form which can be processed. It includes both automated data and manual data. Automated data means, broadly speaking, any information on computer, or information recorded with the intention of putting it on computer. Manual data means information that is kept as part of a relevant filing system or with the intention that it should form part of a relevant filing system. Relevant filing system means any set of information that, while not computerised, is structured by reference to individuals, or by reference to criteria relating to individuals, so that specific information is accessible. Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. Sensitive personal data receives greater protection under the Data Protection Acts and means personal data relating to - 5

(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject, (b) whether the data subject is a member of a trade union (c) the physical or mental health or condition or sexual life of the data subject, (d) the commission or alleged commission of any offence by the data subject, or (e) any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings. Data subjects have additional rights in relation to the processing of any such data. Data subject is an individual who is the subject of personal data. Data controllers are those who, either alone or with others, control the contents and use of personal data. Data Controllers can be either legal entities such as companies, Government Departments or voluntary organisations, or they can be individuals such as G.P.s, pharmacists or sole traders. UCC, for example, is a data controller in relation to personal data relating to its own staff and students. Processing is widely defined under the Data Protection Acts and means performing any operation or set of operations on the information or data, including- (a) obtaining, recording or keeping data (b) collecting, organising, storing, altering or adapting the data, (c) retrieving, consulting or using the data, (d) disclosing the data by transmitting, disseminating or otherwise making it available, or (e) aligning, combining, blocking, erasing or destroying the data. 5. REVIEW This procedure has been approved by the Corporate Secretary, UCC. Any additions or amendments to this or related procedures will be submitted to the Corporate Secretary for approval or to whatever authority the Corporate Secretary may delegate this role. The procedure will be reviewed annually by the Information Compliance Officer in light of any legislative or other relevant developments who will consult as necessary before submitting any amendments for approval. 6. FURTHER INFORMATION If you have any queries in relation to this procedure, please contact: Catriona O Sullivan Information Compliance Officer Office of Corporate & Legal Affairs University College Cork Tel: 021 4903949 Email: foi@ucc.ie 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback