All individuals who are the subject of personal data held by MHScot are entitled to:
• Ask what information the company holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed how the company is meeting its data protection obligations.
It is the responsibility of all Management, Staff, Volunteers and Contractors who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
Data will be held in as few places as necessary. Management, Staff, Volunteers and Contractors should not create any unnecessary additional data sets.
Management, Staff, Volunteers and Contractors should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
MHScot will make it easy for data subjects to update the information MHScot holds about them. For instance, via the company website.
Data should be updated as inaccuracies are discovered. For example, if a customer can no longer be reached on their telephone number held, it should be removed from the database.
If an individual contacts the company requesting this information, this is called a Subject Access Request.
Subject Access Requests from individuals should be made by email, addressed to the data controller at firstname.lastname@example.org. The data controller can supply a standard request form, although individuals do not have to use this.
Individuals will be charged £10 per subject access request. The data controller will aim to provide the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.
You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.