SUBJECT ACCESS REQUEST (SAR) PROCEDURES

Euro Recycling has a requirement to collect personal information in order to effectively carry out its everyday business activities as well as to comply with any lawful requirement or regulations.

Under the General Data Protection Regulation, we are obligated to protect any personal information we hold and to comply with the requirements regarding how it is obtained, used, processed, stored and destroyed.

The General Data Protection Regulation

GDPR gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data.

What is Personal Information?

Recorded information about an identifiable individual that may include his or her (1) name, address, email address, phone number, (2) race, nationality, ethnicity, origin, color, religious or political beliefs or associations, (3) age, sex, sexual orientation, marital status, family status, (4) identifying number, code, symbol, (5) finger prints, blood type, inherited characteristics, (6) health care history including information on physical/mental disability, (7) educational, financial, criminal, employment history, (8) others' opinion about the individual, and (9) personal views except those about other individuals.

Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Information Commissioners Office (ICO) website: https://ico.org.uk/for-the-public/

The Right of Access

The GDPR (Article 15) stipulates that individuals have the right to obtain any data held about them by a data controller. At Euro Recycling, we are committed to upholding these rights and have a process in the place for providing this information to the individuals concerned when requested. We will provide in the first instance confirmation of whether or not personal data concerning them is being processed.

Assuming we hold data on an individual, we will provide details of

the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipient to whom the personal data have been or will be disclosed
If the data has been transferred to a third country or international organisations (and if so, the appropriate safeguards used)
the envisaged period for which the personal data will be stored (or the criteria used to determine that period)
where the personal data was not collected directly from the individual, any available information as to their source

How To Make a Subject Access Request (SAR)?

A subject access request (SAR) is a request sent by the individual to Euro Recycling asking for access to their personal information. You can make this request in writing or by email using the details provided in this document.

What We Do When We Receive An SAR

IDENTITY VERIFICATION

When a request is received from an individual it is incumbent on Euro Recycling to verify using all reasonable measures the identity of the individual making the access request.

We may need to contact any individual whose identity can not be confirmed from the information submitted in the request, in order to obtain proof of their identity and to validate their request. This is to protect the data subjects information and rights.

If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act on your behalf and may again contact you to confirm their identity and authorisation prior to acting the subject access request.

INFORMATION GATHERING

If you have provided enough information in your SAR to collate the personal information held about you, we will gather all forms (hard copy, electronic etc) and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the Regulation timeframes set out below.

INFORMATION PROVISION

Once we have gathered and formatted all of the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be presented clearly and in plain language.

Fees and Timeframes

SARs will be processed within 30 days. There will be no charge for the information, unless the request is deemed to require excessive resources to complete. In such cases a small administration fee may be requested, for example to cover any administration and postage costs.

In every case we aim to provide the requested information as quickly as reasonably possible, but at a maximum, allow 30 days from the date the request was received. In exceptional cases, where the extraction or compilation of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the reasons for any delay.

Your Other Rights

GDPR provides you with the right to request rectification of any inaccurate data that is held by Euro Recycling. The rectification process will be subject to the same identification checks as detailed above.

We will amend the details immediately as directed by you and make a note on the system (or record) of the change and reasons.

We will rectify the errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.

If we are unable to for any reason to satisfy your request for rectification, we will always provide a written explanation to you and inform you of you right to complain to the Supervisory Authority and to a judicial remedy.

You also have the right to request the erasure of personal data that Euro Recycling hold or to restrict the processing of your personal data. You are also able to object to the processing of your personal data.

Automated Decision-Making

Euro Recycling (at the time of writing) do not implement any Automated Decision Making.

Exemptions and Refusals

The GDPR includes exemptions to SARs where there are certain over-riding legal or other obligations to consider. For example if the information:

Is subject to legal or litigation privilege.
Is purely personal or for household activity.
Is a reference given (or to be given) in confidence for employment, training or educational purposes.
Is processed for the purposes of management forecasting or management planning in relation to a business or other activity to the extent that complying with a subject access request would prejudice the conduct of the business or activity.
Consists of records of intentions in relation to negotiations between the employer and employee to the extent that compliance with the subject access request would be likely to prejudice the negotiations.
Contains the personal data of a third party.
Is of the type which would be likely to prejudice the prevention or detection of crime, or the apprehension or prosecution of offenders if disclosed.

If any such exemption applies to your request, then we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request.

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Submission & Lodging a Complaint

To submit your SAR, you can contact us via GDPR@euro-recycling.co.uk

Or by writing to

GDRP Committee
Euro Recycling
Unit 117A Burcott Road
Avonmouth
BS11 8AB
UK

If you are unsatisfied with our actions or with to make an internal complaint, you can contact us in writing as outlined on our website.

Supervisory Authority

You have the right to lodge a complaint with the Supervisory Authority. The Information Commissioner’s Office (ICO) can be contacted at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow. Cheshire. SK9 5AF
Telephone: 0303 123 1113
Email: enquiries@ico.org.uk