You have a right to ask CNWL if we have your personal information. If we do, you have a right to know:
- Why we have it
- What type of information we possess
- Whether we have or will send it to others, especially outside the European Economic Area
- How long we will keep it
- Where we got it from
- Details of any automated decision-making.
Right of access
You have a right to access any personal information we hold on you- this is called a Subject Access Request (SAR). Please complete the form online (opens link)
Alternatively, the Trust may attempt to remove (or edit out) the other individual’s information before sending your information to you. This is commonly known as ‘redaction’. This could mean you only receive partial information – such as copies of documents showing blanked-out text or missing sections.
This process can take time, but we will normally respond to you within one calendar month from the date of the request. This can be extended by up to a further two months, considering the complexity and number of requests
Right to be informed
You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the Data Protection Act 2018.
Rectification
You have the right to require us to rectify information about you that is factually inaccurate, and you may also ask us to remove information which is factually inaccurate or to complete information which is incomplete. To do this, you will need to complete and return the form at the following link.
Right to object
You have the right to object to the processing of your data based on legitimate interests or performance of a task in the public interest. The right to object is not absolute in relation to processing for legitimate interests and research purposes.
Right to be forgotten
You have a right to seek the erasure of your data. You may wish to exercise this right for any reason. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
Right to withdraw
If we rely on consent as the legal basis for processing your data. However, we often rely on different legal bases for different aspects of processing. This means that we may not be able to act on your request if we have a compelling legal reason not to. Please email the services that collected your consent if you wish to withdraw.
Portability
You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data.
Restriction
You might also be entitled to ask us to restrict our use of your information — for example if you think the information we hold about you is incorrect.