12. Data Subject's Rights and Requests
Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to:
- (a) withdraw Consent to Processing at any time;
- (b) receive certain information about the Data Controller's Processing activities;
- (c) request access to their Personal Data that we hold;
- (d) prevent our use of their Personal Data for direct marketing purposes;
- (e) ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;
- (f) restrict Processing in specific circumstances;
- (g) challenge Processing which has been justified on the basis of the public interest;
- (h) request a copy of an agreement under which Personal Data is transferred outside of the EEA;
- (i) object to decisions based solely on Automated Processing, including profiling (ADM);
- (j) prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
- (k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
- (l) make a complaint to the supervisory authority; and
- (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine readable format.
You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation). View the full procedures on subject access requests.
You must immediately forward any Data Subject request you receive to the Council's Corporate Improvement and Performance Team.