Skip navigation

Subject Access Request

A Subject Access Request (SAR) is a request made by an individual to the University under the General Data Protection Regulations, asking for personal data (“information”) that we may hold about them. 

The purpose of a SAR is to make you aware of the existence of any processing of information the University does about you, and to allow you to verify the lawfulness of our processing.

You have the right to obtain confirmation as to whether your personal information is being processed by the University and if so, you are entitled to access the following information:

  • A copy of the Information (subject to any exemptions).
  • The reasons why their data is being processed.
  • The description of the personal data concerning them.
  • Anyone who has received or will receive their personal data.
  • Details of the origin of their data if it was not collected from them.
  • An explanation as to how (if any) automated decisions taken about them have been made.

The University must respond to all SAR's as soon as practicable, and no later than a month from receipt. 

Subject Access Requests will be managed in accordance with our Subject Access Request Policy.

Submitting a Subject Access Request 

You don’t have to mention the GDPR or use the words ‘subject access request’ for a request it to be a valid - but it does help us, and you, if you do. 

A SAR can be made in a number of different ways, including via telephone or in person, but for it to be considered a valid request, it must be clear what you want to receive, so your encouraged to submit a request in writing – this gives us a clear instruction as to what you want, and gives you a “check list” to mark our response against and ensure that we’ve given you what you asked for.

Written requests may be received via post, email or through the submission of the ‘Subject Access Request Form’.

If a request isn’t written down, there could be some confusion over what you want, but don’t worry if you can’t put it in writing, we will write to you to confirm what we understand your request to be and you will have a chance to confirm or correct us.

Where a request is considered too vague to be processed, we will ask you to provide clarification.

You will also be asked to prove who you are – to stop other people accessing your data without your knowledge. The type of proof we will accept are:

  • A copy of Photographic ID such as passport, driving licence or Student ID (originals are not required, but can be copied if presented in person); or
  • A copy of your Birth Certificate; or
  • Two utility bills or bank statements (with redacted transactions) containing a full address of less than 3 month sold.

To submit a SAR direct to the University Data Protection officer, or for further advice and guidance on data protection, please contact: Email: dp.officer@northumbria.ac.uk  or Tel No: 0191 243 7357

 

Under the GDPR, a request for personal information is free.

If however the request is deemed to be ‘manifestly unfounded or excessive' or for multiple requests, we can charge a ‘reasonable fee’ to cover the processing costs. Should this be necessary, we will notify the requester within a month of receipt of the request, explaining why the fee is necessary.

Yes they can – but only with evidence of your permission to do so.

If a parent, family member or anyone else claiming to be connected to you asks us for copies of your personal information, we will always say no, unless they can prove that they are acting on your behalf:

  • Their requests must be accompanied by a copy of written authority from you or with legal written authority such as Power of Attorney (if applicable).
  • The the requester will still need to provide proof of your identity.

Under the GDPR, we must respond to SARs within one calendar month of receipt. This deadline can be extended by a further two months where there are a number of requests or the request is complex, but we must notify the requester within a month of receipt of the request, explaining why the extension is necessary.

You will always receive an acknowledgement from us, so if you haven’t received one within 5 days of sending your request, check you junk mail or post and if there’s nothing there, give us a call or mail us again. It may be that we haven’t received it or it’s been accidentally filed as “spam”.    

If you’ve emailed someone and received an out of office response asking you to direct it to another address, it’s your responsibility to ensure that you forward it, otherwise we won’t consider the request “received” until that original email has been received.

The legal definition of Personal data is “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Basically it’s any information we hold about you that can be used to identify you. It can take a number of forms such as a paper document, an electronic file, email or entry on a database and things like CCTV footage, a picture or even an audio recording.  It could also be something like an opinion of others about you (if it’s recorded somewhere) such as a reference.

A name in isolation does not necessarily make something personal though. Jon Doe could be anyone of that name, so just because a name appears in an email, it’s not always “about you”.

We will endeavour to provide you with everything you have requested, but on occasion there may be a legal reason why we can’t.  

It may be that the information you have requested included references to other people that you are not entitled to see, in that situation, we would redact (black out) certain parts of the information. In extreme circumstances where redacting cannot satisfy the rights of others to not have their data disclosed, we may need to withhold completely.

If it’s reasonable for us to do so, we might speak to the other party and ask their permission to disclose – if they say yes, we will.

There may be other exemptions under European or UK law that prohibit disclosure of information. If there are, we will explain them to you in full when we respond.

We will always try to send you the information in the manner you have requested us to. So if you want it sent electronically via email, we will send it to you that way, but we will always ensure that appropriate security precautions are taken, so an email may contain an encrypted response.

If you want it sent by post, even on a USB, we will send by recorded or special delivery. 

You may can even arrange to come and pick it up of you prefer.

If you received an acknowledgement, but we don’t follow it up with a response within a month, then please contact us. It’s unlikely to happen, but it’s always possible that your email account has rejected our reply due to its size and we're not aware of it, or something’s happened to delay the delivery.

If we’re responding by post, please allow a day or two for the letter or parcel to arrive.


a sign in front of a crowd
+

Northumbria Open Days

Open Days are a great way for you to get a feel of the University, the city of Newcastle upon Tyne and the course(s) you are interested in.

Research at Northumbria
+

Research at Northumbria

Research is the life blood of a University and at Northumbria University we pride ourselves on research that makes a difference; research that has application and affects people's lives.

NU World
+

Explore NU World

Find out what life here is all about. From studying to socialising, term time to downtime, we’ve got it covered.


Latest News and Features

academic Jennifer Aston pictured in a law library holding an open book
Launch of The Regeneration Shop in Chopwell. Sarah Cotton, Senior Programmes Manager at Chopwell Regeneration Group; Jennine Wilson, Lecturer in Fashion and Senior Technician at Northumbria University; Hal Convery, Shop Manager at The Regeneration Shop; Crystal Hicks, Executive Director of Chopwell Regeneration Group; Gayle Cantrell, Assistant Professor BA Fashion Communication at Northumbria University; Sophie Wetherell, Assistant Professor BA Fashion / MA Fashion Design at Northumbria University; Emma Jane Goldsmith Assistant Professor BA Fashion / MA Fashion Design at Northumbria University; Professor Anne Peirson-Smith, Head of Fashion at Northumbria University.
Mooting
A new toolkit has been developed to support rural communities with the development of renewable energy projects. Photo: Adobe Stock
From left to right: Natalie Winchester, Subject Lead Health and Social Care and Post-16 Raising Standard Leader at Bede Academy, Dr Julie Derbyshire – Director of Apprenticeships and Assistant Professor in Nursing at Northumbria University, Andrew Thelwell – Principal at Bede Academy, Professor Alison Machin, Head of Department of Nursing, Midwifery and Health at Northumbria University and pupils from Bede Academy.
British Military Uniform
the planet Saturn
an image depicting cyber security

Back to top