Data Subject Access Request
If you, a data subject, wish to exercise any of the rights granted to you by the General Data Protection Regulation please send us an email to, firstname.lastname@example.org
Please state the title of the email as “Data Subject Access Request” then quote in the email body the right(s) you wish to exercise. We, Oakwell Hampton, will then have a period of 30 days, as per the General Data Protection Regulation, to adhere to your request.
A data subject under the General Data Protection Regulation has the following rights,
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
The below steps form the process followed by Oakwell Hampton as it adheres to a data subject’s request to exercise one or more of the above rights.
- Data subject sends an email to Oakwell Hampton on email@example.com , stating the right(s) they wish to exercise
- The email is picked up by the Head of Talent at Oakwell Hampton
- The Head of talent will then send the data subject an email confirming receipt of the data subject’s request
- Oakwell Hampton have up to 30 days, from the data subject’s request date, to respond to the data subject’s request and adhere to it, where applicable.
If a data subject exercises their “Right of access”, Oakwell Hampton will then, as per the General Data Protection Regulation, provide the below information,
- Name and contact details of our organisation
- The purpose of processing
- The lawful basis for processing
- The legitimate interest for processing
- The categories of the data subject’s personal data which are being processed
- The recipients of, or categories of recipients of, the personal data
- The retention period for the personal data
- The source of the personal data
Should the data subject exercise their right to object or restricted processing, Oakwell Hampton will endeavour to provide sufficient evidence of our legitimate and legal processing. If we are unable to override the data subject’s request(s), we will then adhere to it. This will all take place within the 30-day period granted to us by the General Data Protection Regulation.