Guidance and information on how to submit a Data Subject Access Request to Passle Ltd

Article 15 of the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) grants you the right to access your personal data held by Passle Ltd.  This includes the right to obtain confirmation that we process your personal data, receive certain information about the processing of your personal data, or obtain a copy of any personal data we process.

In addition to exercising your access right, the GDPR also grants you the right to:

  • Request the correction of inaccurate data, or completion of incomplete data.
  • Request the erasure of your personal data (the ‘right to be forgotten’).
  • Restrict or object to certain types of data processing.
  • Make a complaint with the local data protection authority.

How you can submit your request

You can submit a request using our Data Subject Access Request Form, along with proof of identity:

  1.  In writing to our head office: Passle Ltd, 1a Walton Crescent, Oxford OX1 2JG, United Kingdom
  2. By email to: gdpr@passle.net

We will respond to your request within one month of receipt of your request. We can only begin processing your access request once we have been able to verify your identity and have all of the information we need to locate your personal data.

 

Proof of identity

To help us establish your identity, you must provide two pieces of identification: One that clearly shows your name and date of birth, and a second that shows your current address.

  1. We accept a photocopy or a scanned image of one of the following as proof of identity: passport or photo identification such as a driver’s licence, national identification number card, or birth or adoption certificate.
  2. We accept a photocopy or a scanned image of one of the following as proof of your address:  a copy of a bank or credit card statement or utility bill showing your current address and dated within the last three months.
  3. If you have changed your name, please provide the relevant documents evidencing the change.

We may request additional information from you to help us confirm your identity and your right to access, and to provide you with the personal data we hold about you. We reserve the right to refuse to act on your request if we are unable to identify you.

Third-party requests

In some situations, it may be necessary for an individual to submit an access request on someone else’s behalf. For such requests, we require proof of:

  • The data subject’s identity (as above).
  • The requester’s identity (as above).
  • The requester’s legal authority to act on the data subject’s behalf, such as:
    • Written consent signed by the data subject.
    • A certified copy of a Power of Attorney.
    • Evidence of parental responsibility if the data subject is a child.

We reserve the right to request additional information from any third-party requester, to determine whether a request is genuine before providing the right to access personal data about someone else.

Information requested

To help us process a request quickly and efficiently, please provide as much detail as possible about the personal data you are requesting access to. Please include time frames, dates, types of data, or any other information to help us with your request.

The following are given as examples:

  • User activity logs.
  • Transaction histories.
  • Correspondence between [name of person A] and [name of person B] between [date X] and [date Y].
  • Email or other electronic communications (please specify the approximate dates and times).
  • Employment / personnel records.

If the scope of your request is unclear or there is insufficient information to conduct a search, we may need to contact you for additional information. For example, a request stating ‘Please supply all data you hold on me’ is too broad to conduct a search efficiently.

If the information you request includes personal data about a third party, we will either seek that individual’s consent before responding to your request, or we will redact the third parties’ personal data before responding. We will notify you if we are unable to provide you with access to your personal data because disclosure would violate the rights and freedoms any third party.

We may have destroyed, erased or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data as per your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Fees and extensions

The information requested will be provided free of charge. However, when a request is manifestly unfounded, excessive or repetitive, we reserve the right to charge a fee for responding to a data subject access request. Any fee, however, will be based on the administrative cost of providing the information. If requests are complex or numerous, we are also entitled to extend the period of compliance by a further two months.

For more information, see our Privacy Policy.