Mercury 4
Subject Access Requests Policy
1. Introduction
Mercury 4 is committed to ensuring the protection of personal data and upholding the rights of data subjects under the General Data Protection Regulation (GDPR). This Subject Access Requests (SAR) Policy outlines the procedures and responsibilities for handling SARs in accordance with GDPR requirements.
2. Definitions
Subject Access Request (SAR): A request made by a data subject to access, modify or delete their personal data held by Mercury 4.
Data Subject: An individual whose personal data is processed by Mercury 4.
3. SAR Procedure
3.1 Submission of SAR
Data subjects can submit a SAR by contacting Mercury 4 through the designated channels, which may include email, mail, or an online form provided for this purpose. SARs must include sufficient information to verify the identity of the data subject and specify the details of the requested action (e.g., access, modification, deletion).
3.2 Verification of Identity
Mercury 4 will verify the identity of the data subject making the SAR to ensure the security and confidentiality of personal data. Verification may involve requesting additional information or documentation from the data subject.
3.3 Processing of SAR
Upon receipt of a valid SAR, Mercury 4 will promptly acknowledge the request and initiate the necessary actions to fulfil the request within the timeframe stipulated by GDPR (usually within one month). This may involve retrieving, reviewing, and processing the relevant personal data held by Mercury 4.
3.4 Response to SAR
Mercury 4 will provide a written response to the data subject within the specified timeframe, addressing the details of the SAR. The response will include:
Confirmation of whether personal data is being processed.
Details of the personal data being processed, including the purposes of processing, categories of data, recipients, and retention periods.
Access to a copy of the personal data being processed.
Any actions taken in response to modification or deletion requests.
3.5 Exceptions to SAR
Mercury 4 may refuse to comply with a SAR if it is manifestly unfounded or excessive, taking into account the repetitive nature of the request. In such cases, Mercury 4 will inform the data subject of the reasons for refusal and their right to lodge a complaint with the relevant supervisory authority.
4. Responsibilities
4.1 Data Subjects
Data subjects are responsible for submitting SARs in accordance with the procedures outlined by Mercury 4 and providing accurate and sufficient information to verify their identity.
4.2 Mercury 4
Mercury 4 is responsible for:
Establishing and maintaining procedures for handling SARs.
Verifying the identity of data subjects making SARs.
Processing SARs promptly and accurately within the specified timeframe.
Providing written responses to SARs, including access to personal data and details of processing.
Ensuring compliance with GDPR requirements and informing data subjects of their rights and options.
5. Contact Information
For inquiries or submissions related to SARs, data subjects can contact Mercury 4 through the following channels:
Email: admin@mercury4.com
6. Review and Updates
This SAR Policy will be reviewed periodically to ensure its effectiveness and compliance with GDPR requirements. Updates may be made as necessary to reflect changes in regulations or Mercury 4's practices.
This Document was last modified on 20th February 2024