A Data Subject Access Request (DSAR) is a request addressed to the organization that gives individuals a right to access information about personal data the organization is processing about them and to exercise that right easily at reasonable intervals, in order to be aware of, and verify the lawfulness of the processing.
DSAR can be submitted by anyone whose personal data the organization is processing. The individuals are not obligated to provide any reason for submitting a DSAR and can request a copy of their data at any time.
Contrary to some beliefs, DSAR is not applied only to employees, but also to customers, partners and contractors. According to some research on the state of data rights, the requests mostly originate from customers rather than employees.
In order to enable us to respond to the Data Subject Access Requests in a timely manner, the data subject should:
Submit his/her request using a DSAR Form
Provide TresVista sufficient information to validate his/her identity (to ensure that the person requesting the information is the data subject or his/her authorized person)
Subject to the exemptions referred to in this document, TresVista will provide information security policy template to data subjects whose requests are in writing (or by some other method explicitly permitted by the local law), and are received from an individual whose identity can be validated by TresVista
It must be noted that TresVista will not provide data where the resources required to identify and retrieve it would be excessively difficult or time-consuming. Requests are more likely to be successful where they are specific and targeted at particular information
Factors that can assist in narrowing the scope of a search include identifying the likely holder of the information (e.g. by making reference to a specific department), the time period in which the information was generated or processed (the narrower the time frame, the more likely a request is to succeed) and being specific about the nature of the data sought (e.g. a copy of a particular form or email records from within a particular department)
Any individual does not have the right to access information recorded about someone else, unless they are an authorized representative
TresVista is not required to respond to requests for information unless it is provided with sufficient details to enable the location of the information to be identified, and to satisfy itself as to the identity of the data subject making the request
In principle, TresVista will not normally disclose the following types of information in response to a Data Subject Access Request:
Information about other people – A DSAR may cover information which relates to an individual or individuals other than the data subject. Access to such data will not be granted, unless the individuals involved consent to the disclosure of their data
Repeat requests – Where a similar or identical request in relation to the same data subject has previously been complied with within a reasonable time period, and where there is no significant change in personal data held in relation to that data protection impact assessment, any further request made within a six month period of the original request will be considered a repeat request, and TresVista will not normally provide a further copy of the same data
Publicly available information – TresVista is not required to provide copies of documents which are already in the public domain
Opinions given in confidence or protected by copyright law – TresVista does not have to disclose personal data held in relation to a data subject that is in the form of an opinion given in confidence or protected by copyright law
Associated Documents And Policies
This policy is to be read in conjunction with the related policies:
Terms and Condition Policy
Privacy Policies and Terms and Conditions (T&C) agreements are both, as the names imply, legally binding contracts. The main difference between these two types of agreements is this: A Privacy Policy agreement exists to protect your clients. A T&C agreement exists to protect you, the company.
A Terms and Conditions Policy agreement is the agreement that includes the terms, the rules and the guidelines of acceptable behavior and other useful sections to which users must agree in order to use or access your website and mobile app.