OSI GDPR Subject Access Request Form Privacy Notice
This is a statement of the practices of the DPO, Ordnance Survey Ireland (OSI), in connection with the use of personal data in respect of the provision services and support in respect of request for records to the organisation under the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Acts 2008 – 2018.
OSI fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with OSI. Any personal information which you volunteer to OSI will be treated with the highest standards of security and confidentiality, in accordance with Irish and European Data Protection legislation. Personal data will be processed shall in accordance with the General Data Protection
Regulation (EU) 2016/679 and the Data Protection Acts 2008 – 2018.
The privacy notice explains the following
- How we collect and use your personal data?
- The purpose and legal basis for collecting your personal data
- How we store and secure personal data?
- Details of third parties with who we share personal data
- What are your rights?
How we collect and use your personal data?
The personal data we collect [name(s), contact details, verification of identify for the purpose of processing requests for personal records] from you will be used by OSI only in accordance with the purposes outlined in this privacy notice.
Through this GDPR Subject Access Request form we process personal data limited to customer name, contact details, and in limited circumstances identity details in order to support the organisations obligations as laid out in the GDPR and the Data Protection Acts 2008 – 2018.
Names and contact details are collated for the purpose of responding to subject access request applications. ID is collated for the purpose of establishing identity of the requester for personal records under GDPR and the Data Protection Acts 2008 – 2018.
The data collected in the form below will be limited to the DPO, and any Unit that may be required to undertake a search for records in respect of the application but only if the request requires forwarding of personal information.
The purpose and legal basis for collecting your data
The data we collect about you will be used for:
- the purpose of responding to subject access request applications.
- the purpose of establishing identity ID of requester for personal records under the GDPR and the Data Protection Acts 2008 – 2018.
The legal bases for processing used by OSI in support of the activity as outlined in the privacy notice are, under Article 6.1 (c) of GDPR:
- processing is necessary for compliance with a legal obligation to which the controller is subject;
If you have any queries or complaints in relation to the use of your personal data, or wish to exercise any of your rights contained within GDPR, you can contact the Data Protection Officer OSI [email protected]
How we store and secure your data
Any data we collect from you will be stored confidentially and securely. OSI are committed to ensuring all accesses to, uses of, and processing of OSI data is performed in a secure manner.
In keeping with the data protection principles we will only store your data for as long as is necessary. For the purposes described here we will store your data for, OSI will only store your personal data for:
- the purpose of processing GDPR subject access request applications:
- Access Request Files – 10 years
- Access Request Files where legal advice was sought – 30 years
In accordance with Data Protection legislation and the National Archives Act 1986.
- the purpose of establishing identity ID of requester for personal records under the GDPR and the Data Protection Acts 2008 – 2018 – the duration of your access request.
When we store your personal data on our systems the data will be stored either on the OSI premises or on secure IT platforms within the EEA which are also subject to European data protection requirements.
Details of third parties with whom we share personal data
OSI will share your data with third parties if it a) the request involves third party data processors used by OSI in the performance of its function, b) OSI’s legal support team if the matter requires legal advice, and c) the Data Protection Commission if there is an appeal to the DPC on the matter.
What are your rights?
You have the following rights over the way we process your personal data.
Right of Access
You have the right to request a copy of the personal data we are processing about you and to exercise that right easily and at reasonable intervals.
You have the right to withdraw your consent where that is the legal basis of our processing only.
You have the right to have inaccuracies in personal data that we hold about you rectified.
You have the right to have your personal data deleted where we no longer have any justification for retaining it subject to exemptions such as the use of pseudonymised data for scientific research.
You have the right to object to processing your personal data if:
- We have processed your data based on a legitimate interest or for the exercise of the public tasks of the OSI if you believe the processing to be disproportionate or unfair to you.
- The personal data was processed for the purposes of direct marketing or profiling related to
- We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You have the right to restrict the processing of your personal data if:
- You are contesting the accuracy of the personal data;
- The personal data was processed unlawfully;
- You need to prevent the erasure of the personal data in order to comply with legal obligations;
- You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.
Where it is technically feasible you have the right to have a readily accessible machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.
If you wish to make a complaint or escalate an issue relating to your rights you can contact the Data Protection Officer at [email protected]
Finally, if you are not satisfied with the information we have provided to you in relation to the processing of your data or you can also make a complaint to the Data Protection Commission via the link on their website.