Patients 2 People Ltd Subject Access Request

DATA PROTECTION ACT 1998

INTRODUCTION

The Data Protection Act 1998 (DPA) gives individuals (data subjects) certain rights regarding information held about them (personal data). The DPA also places obligations on those who process personal data (data controllers). P2P is registered with the Information Commissioner Office – number ZA044009. Access to this data is through a Subject Access Request.

The definition of personal data includes any expression of opinion about an individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Anyone processing personal data must notify the Information Commissioner’s Office (ICO) that they are doing so, unless their processing is exempt. Anyone processing personal data must also comply with the eight data protection principles. The data must be:

  1. processed fairly and lawfully
  2. obtained for specific and lawful purposes
  3. adequate, relevant and not excessive for those purposes
  4. accurate and, where necessary, kept up to date
  5. not kept for longer than is necessary
  6. processed in accordance with the rights of a data subject
  7. kept secure
  8. not transferred abroad unless to a country with adequate data protection laws.

The rights of a data subject include a right of access to personal data held about them. However, this right of access is subject to a number of exemptions.

The ICO’s website contains further information on the DPA and the right of access.

ABOUT THIS FORM

This form may be used if you wish to make a subject access request under the DPA to the National Clinical Assessment Service (P2P) for personal information that you believe we may hold about you and is the data controller for the purposes of the DPA; however, subject access requests can be made directly to P2P.

Under section 7(3) of the DPA, a data controller is not obliged to comply with a request unless it is supplied with such information as it may reasonably require in order to satisfy itself as to the identity of the person making the request and to locate the information which that person seeks. Accordingly, while you may have already made a request to us by other means, we may still require you to supply us with additional information (as set out in this form).

If you are requesting information on behalf of the data subject, you will need the data subject to sign the authority for you to act on their behalf in Section B and the declaration in Section E. The personal data recorded on this form will be used only to enable us to deal with your request and for no other purpose.

IDENTIFICATION

Unless P2P has indicated otherwise, you should also provide the following identity documentation:

  • a copy of either your passport or driving licence (photo ID);
  • a copy of one utility bill showing your current residential address.

 

SUBMITTING THE REQUEST

Please send the completed form, cheque and copy identity documentation to:

The Information Access Manager,Patients2People Ltd, Regus House, Fairbourne Drive, Atterbury, Milton Keynes MK10 9RG.

HOW WILL WE PROCESS YOUR REQUEST?

We will verify and shred your proof of identity documentation. We will aim to acknowledge receipt of your request within two working days. We may ask you to clarify the request where its terms are not clear to us or where we need additional information in order to search for the requested information.

Upon our receipt of a valid request, we will arrange for searches to be carried out for the requested personal information.

We may subsequently ask you whether you require copies of particular communications which we suppose may already be in your possession (e.g. correspondence previously sent to you by us or by other parties).

Where the personal information requested by you is contained in records of communications with third parties (e.g. an employer or contracting body, a regulator, or a public authority), we will normally seek the views of each such third party on the issue of disclosure. We do this to inform our decision-making as to whether the disclosure of certain information (e.g. the personal information of staff members of the third party) would be lawful.

We will send the response either to your residential address or to the business address of your representative by recorded delivery.

TIMEFRAME

There is a 40 calendar days timeframe for responding to subject access requests. We will endeavour to respond to your request within 40 days of receipt of a valid request.

Click this link for the Patients2People Ltd Subject Access Request Form