Subject Access Request Policy

This Subject Access Request policy document explains our policy for dealing with Subject Access Requests.

What rights do I have to see my data?

You have the right to request a copy of the personal data we hold on you and this is called a Subject Access Request.

You can make a Subject Access Request in any format (by email, over the phone) and you don’t need to use the words ‘subject access request’. If you request a copy of your data, then it is a subject access request and we must deal with it appropriately.

What is your process for handling Subject Access Requests?

  • Our staff will forward any Subject Access Requests to the Data Security Manager to be dealt with on an individual basis.
  • It is our policy to respond to a Subject Access Request within 30 days.
  • It is our policy not to make a charge for Subject Access Requests
  • If we anticipate it will take longer than 30 days to respond to the request, we will write to you to advise you of this, the reason for the delay, and to let you know when we expect to be able to respond.
  • When responding to a Subject Access Request, we will also provide a copy of the personal data undergoing processing and where the data has been requested electronically, we will respond, where possible, by providing the information in a commonly used electronic format.
  • We will provide information regarding:
    • The purpose of the processing;
    • The categories of personal data concerned;
    • The recipients or categories of recipients to who the personal data have been or will be disclosed, including any recipients outside of the EU, or international organisations and details of the appropriate safeguards in place;
    • The period for which  we envisage the data will be stored, or if not possible, the criteria used to determine that period;
    • The existence of the right to request rectification or erasure of the personal data or to restrict or object to the processing of that data;
    • The right to lodge a complaint with the Information Commissioners Office;
    • Where the personal data were not collected from the person who the information refers to, any available information as to their source; or
    • Whether we use the data to make any automated decisions about you, and what impact these might have on you.


How else can I check my data?

Your policy documents that you receive from us when you purchase or amend your policy also show you the information we hold in relation to your insurance policy.

Who should I contact to obtain my data?

You can call us on our usual number 03300 563 362 and make a Subject Access Request over the phone to any member of staff.

Alternatively you can email our Data Security Manager on data@ctcgroup.co.uk . In your email you need to include:

  • Your full name.
  • Your policy number or reference number.
  • Your address detail (if policy number is unknown).
  • Contact details – this is so we can contact you to verify your identity before we release your information.

You can also write to our Data Security Manager at the address at the top of this document.

 

What can I do when I receive my data?

As a Data Subject you have the right to ask us to correct any information that you think is wrong, this is called “The right to rectification”. If you believe any of your information is wrong please contact our Existing Business team to update your information on 03300 563 362 or admin@ctcgroup.co.uk

You also have the right to ask us to erase your data, this is subject to the criteria laid out in our Data Retention Policy available on our website www.ctcinsurance.co.uk/yourdata or by email or post from our Data Security Manager.

More details about your rights are available in our Data Protection Policy which is available on our website, or by request from our Data Security Manager.