The GDPR provides the following rights for individuals:
- The right to be informed – Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement which is usually satisfied by the provision of a privacy notice (described in further detail below) at the point the personal data is collected by the University.
The right of access – Individuals have a right to access their personal data which is commonly referred to as a Subject Access Request. Please click here for further information on how to submit a subject access request.
- The right to rectification – Individuals have a right to have inaccurate personal data rectified, or completed if it is incomplete. This right is closely linked to the accuracy principle.
- The right to erasure – Individuals have a right to have personal data erased which is also known as the right to be forgotten. This right is not absolute and only applies in certain circumstances. Please click here for further information on how to submit a right to erasure request.
- The right to restrict processing – Individuals have the right to request the restriction or suppression of their personal data. This right is not absolute and only applies in certain circumstances.
- The right to data portability – Individuals have the right to obtain and reuse their personal data for their own purposes across different services. This right allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without it affecting usability.
- The right to object – Individuals have the right to object to the processing of their personal data in certain circumstances, including an absolute right to stop their data being used for direct marketing.
- Rights in relation to automated decision making and profiling – Individuals have the right not to be subject to a decision based solely on automated decision-making using their personal data.
A response to all rights must be sent within one month (31 days), however as mentioned above most of the rights are qualified and specific exemptions may also apply.
To help us faciliate any request regarding your Data Subject Rights , it would be helpful if you could complete a Data Subject Rights Form, providing as much information as possible, and submit this by email to infocompliance at warwick dot ac dot uk or sent it to:
Information and Data Compliance
University of Warwick
In addition you will need to send a copy of one form of ID (passport, driving licence, birth certificate or other internationally recognised ID card) for yourself.
Download a Data Subject Rights form here: