Data Protection Policy - Access to Personal Data at Swansea University
- What are my rights?
- What are the exemptions?
- How do I submit a request?
- What happens next?
- Can I appeal?
1. What are my rights?
The Data Protection Act 1998 gives individuals a right of access to the personal data which organizations hold about them, subject to certain exemptions (see What are the exemptions?). Requests for access to personal data are known as subject access requests. This page explains how to submit a subject access request to Swansea University, how we will handle your request, and your right to complain if you are dissatisfied.
If you submit a subject access request to Swansea University, you are entitled to be told whether we hold any data about you. If we do, you also have the right:
- To be given a description of the data, the purposes for which the data are being processed, and those to whom the data may have been disclosed;
- To be given a copy of the data in an intelligible form, with any unintelligible terms explained;
- To be provided with any information available to Swansea University about the source of the data; and
- If you specifically request it, to be given an explanation as to how any decisions taken about you solely by automated means have been made.
These rights apply to electronic data, and to data in "manual" (i.e. non-electronic) formats subject to certain limitations (see How has Freedom of Information affected Data Protection?). Further information about your rights under the Data Protection Act is available on the website of the Information Commissioner.
2. What are the exemptions?
The Data Protection Act includes various exemptions which specify the circumstances in which an organization can refuse to provide access to personal data. The most likely situations in which Swansea University could refuse a subject access request are where:
- The release of the data would jeopardise the prevention or detection of crime, or the apprehension or prosecution of offenders;
- You have requested access to an examination script, other than examiners' comments;
- You have requested data contained in a confidential reference provided by Swansea University;
- You have requested data which record Swansea University's intentions in relation to any negotiations with you, and the release of the data would prejudice the negotiations;
- The data is covered by legal professional privilege;
- The data relates to management forecasting or management planning, and its release to you would prejudice Swansea University's business or activities; or
- You have requested access to data which have been retained for the purposes of historical or statistical research, the conditions set out in the Data Protection Act for processing for research purposes have been met, and the results of the research have not been published in a way which identifies individuals.
If Swansea University withholds data from you as a result of an exemption under the Data Protection Act, we will explain why the data have been withheld and the relevant exemption, unless doing so would itself disclose information which would be subject to the exemption.
The Data Protection Act allows us to refuse to provide you with a copy of your data if the effort in doing so would be disproportionate, or if the same or similar data have already been provided to you and a reasonable interval has not elapsed since your previous subject access request. In addition, if Swansea University reasonably requires further information from you in order to locate the data which you have requested, and we inform you of this, we are not required to comply with your request until you supply us with the information.
We have to protect the Data Protection rights and other legal rights of other individuals when we respond to subject access requests. Information which does not relate to you may be 'blanked out' or edited out, particularly if it relates to other individuals. Sometimes we may not be able to release data relating to you because doing so would also reveal information about other persons who have not consented to their data being released, and it would not be reasonable in the circumstances to release the data without their consent. In such cases, you will be informed that data about you have been withheld and the reasons for doing so.
3. How do I submit a request?
Requests for access to personal data must be in writing. We ask that you complete and return Swansea University's Subject access request form , which is designed to gather the information which we need to identify you, communicate with you and locate data about you. Failure to complete the form could delay processing of your request, as we may need to contact you for further information or clarification.
When completing the Subject access request form , please be as specific as possible about the information which you want access to, as this will assist us in processing your request. For example, if you only want data relating to your academic record, you should indicate that. A general request such as "please send me all of the data which you hold about me" is likely to lead us to contact you for further information or clarification.
Together with the form, you must also send us a fee of £10 (payable to Swansea University), and proof of your identity. We will not begin processing your request until the fee and proof of ID are received. We require proof of ID to ensure that we are releasing data to the correct person. Please supply a photocopy (not the original) of one of the following:
- Your current Swansea University student ID or staff ID.
- The pages which identify you in your passport.
- Your driving licence.
Please send the completed subject access request form, fee and proof of identity by post to the following address:
The University Compliance Officer (FOI/DP)
The form, fee and proof of identity must be submitted for each subject access request.
4. What happens next?
We will send you an acknowledgement of your request as soon as possible. This will indicate the deadline by when we will send you a response. We may also ask you to provide further information or clarification if we require it to process your request, and may contact you again for additional information or clarification if necessary.
We will respond as soon as possible, and in all cases within 40 calendar days of receipt of your request. If we reasonably require further information from you to locate the data which you have requested, we will inform you as soon as possible, and the 40 day deadline will commence from the date when we receive the information from you.
Any copies of data which are provided to you must be in permanent form. We will normally send the data on paper to the postal address specified by you on the subject access request form, unless we agree with you that the data can be supplied in a different format. The data may take the form of photocopies, printouts, transcripts or extracts, or a combination of these, depending on what is most appropriate in the circumstances.
5. Can I appeal?
If you are dissatisfied with the response to a subject access request, you are encouraged to contact the Director of Governance Services. All appeals must be made in writing to:
Director of Governance Services
In order to progress your appeal as quickly as possible, please quote your request reference number and the date of your original request, as well as details of why you are making the appeal. Please include full contact details including a phone number where possible, in case we need to contact you during the appeal process. Receipt of your appeal will be acknowledged in writing. Following the review, you will be provided with a report containing the outcome and subsequent actions taken by Swansea University.
If you are not content with the outcome of the appeal, you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner’s Office,
Further information about how to enforce your rights under the Data Protection Act is available on the Commissioner's website.