Your individual rights
The General Data Protection Regulation Act (GDPR) provides you with a number of rights in relation to the processing of your personal data, including the right of access to a copy of the personal data ASSI holds about you, known as a Subject Access Request.
Under the GDPR, individuals' rights are enhanced and extended in a number of important areas:
- The right to correct inaccurate personal data
- The right, in certain cases, to have personal data erased
- The right to object
- The right to move personal data from one service provider to another (data portability)
Submit a request, enquiry or complaint
You can submit a request for information or make an enquiry or complaint about how we have processed your personal information or exercise any of your individual rights by emailing firstname.lastname@example.org. If your request relates to personal data about you, in order to protect you we will need to satisfy ourselves that we are dealing with the correct person and you will be required to submit a copy of your passport or driving licence as proof of identity.
Under GDPR we must respond to a Subject Access Request within a month following the date of receipt of all the information necessary to deal with the request.
There are exemptions to the right of access to your personal information, such as when the material also includes a third party's personal information.
Complain to the Information Commissioner’s Office (ICO)
If you are not satisfied with how ASSI has handled your personal data, please let us know and we will try and resolve the problem. However, you have a right to complain directly to the ICO.
ASSI's General Privacy Notice
Find out more about how ASSI will respect your privacy and protect your personal data in our General Privacy Notice.
Data protection security statement
ASSI follows the UK CAA’s information security policy and procedures which provide appropriate technical and organisational measures that safeguard against the unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data. In particular, these policies cover:
- The secure management of information
- Controlled access to information
- Business Continuity
- Information Management & Privacy
- Information Rights, and
- IT Security
On occasions when third party organisations process personal or sensitive personal data on behalf of ASSI appropriate contractual arrangements will be made.
Information Commissioner's Office
General Data Protection Regulation Act