Subject Access Request Policy

For the purposes of this notice a reference to ASCL also includes a reference to ASCL Professional Development Ltd.

This document sets out information to enable ASCL to respond to a data subject access requests (DSAR) under data protection legislation. 

A DSAR is a request by any means (phone, email, letter etc) for personal information (known as personal data) held about an individual by ASCL. Data protection legislation gives individuals the right to know what information is held about them. However, this right is subject to certain exemptions.

When we receive a DSAR we will first check that we have enough information to be sure of the data subject identity. Often, we will have no reason to doubt a person’s identity, for example, if we have regularly corresponded with them. However, if we have good cause to doubt a person’s identity, we can ask for any evidence we reasonably need to confirm the identity.  

We will gather any manual or electronically held information (including emails) and identify any information provided by a third party or which identifies a third party, with conditions being met.

If we have identified information that relates to third parties, we will write to them asking whether there is any reason why this information should not be disclosed. We do not have to supply the information to the data subject unless the other party has provided their consent or it is reasonable to do so without their consent. If the third-party objects to the information being disclosed we may seek legal advice on what we should do.

We will deal with the DSAR without undue delay and in any event within one month of receipt of your request. However, if the work involved is particularly complex or if numerous requests are made then we may extend this period by up to two additional months. In this case, we will inform the data subject about the extension and explain the reasons. 

We will not charge a fee for dealing with a DSAR request unless it is manifestly unfounded or excessive. If we charge a fee, we will inform the data subject of this and explain the reasons for doing so.

We will explain what steps have been taken in dealing with the request i.e. we will set out the source of the personal information we have gathered.

The information will be provided in a concise, transparent and easily accessible form. It may be provided in writing, or by other means, including, where appropriate, by electronic means. 

There are a number of exemptions to our duty to disclose personal data and we may seek legal advice if we consider that they might apply. An example of an exemption is information covered by legal professional privilege.
 
If we agree that the information is inaccurate, we will correct it and where practicable, destroy the inaccurate information. If we do not agree or feel unable to decide whether the information is inaccurate, we will make a note of the alleged error and keep this on file. 

If the data subject is not satisfied by our actions, the individual can seek recourse through our internal complaints’ procedure. If the individual remains dissatisfied, they have the right to refer the matter to the Information Commissioner or seek recourse through the courts.  

The Information Commissioner can be contacted at:

Information Commissioner’s Office 
Wycliffe House, Water Lane 
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

If you would like to know more or have any concerns about how your personal data is being processed, please contact:

ASCL Data Protection Officer
C/o GRCI Law
Unit 3 Clive Court, Bartholomews Walk
Cambridgeshire Business Park
Ely, Cambridgeshire CB7 4EA

or

Director of Finance and Operations
Association of School and College Leaders
130 Regent Road
Leicester LE1 7PG

Tel: 0116 299 1122
Email: info@ascl.org.uk