Subject Access Request Policy

Last updated: October 2025

Purpose 

The purpose of this document is to outline Uplift’s policy in relation to the management of subject access requests which are submitted by individuals (data subjects). A subject access request enables a data subject to gain access to any personal information held about them by Uplift. It promotes the right of data subjects to submit a subject access request in order to obtain a copy of such information held about them, in electronic or hard copy form, by Uplift, as the data controller. It also outlines the procedure to be followed by data subjects when submitting a data access request to Uplift.  

 

Scope 

This policy outlines how Uplift will meet its legal obligations under the European Union General Data Protection Regulation (GDPR), and the Irish transposition, the Data Protection Act 2018, upon receipt of a data access request. 

 

Ownership

The Subject Access Request Policy is maintained by Brian Cuthbert, Uplift’s Data Protection Manager, who is responsible for dealing with all subject access requests received by the organisation, and is approved by the Senior Leadership Team. All questions or comments related to this policy or a specific subject access request should be directed to the Data Protection Manager by emailing [email protected]. Any material changes to this policy will require approval by Uplift’s Board.

 

What is personal information?

Personal information is any data, in both physical and electronic form, related to an identified or identifiable person. It includes anything that can be used to identify a person, directly or indirectly, by means of his or her physical, physiological, mental, economic, cultural or social identity.

 

What is a subject access request?

A subject access request is a written request for personal information (known as personal data) held about you by Uplift. Under article 15 of the GDPR you have, as the data subject, the right to see if Uplift is processing your personal data and receive a copy of the data itself. In particular you have the right to the following information:

  1. The data itself in a permanent and intelligible format
  2. The purposes of the processing (what are we using your data for?);
  3. The categories of personal data concerned (categories such as: name, address, email address, date of birth etc);
  4. The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (are we sharing your information with anyone else?)
  5. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period (how long are we keeping your data?);
  6. The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing (the right to object to having your data processed, and to have data erased or corrected upon request);
  7. The right to lodge a complaint with a supervisory authority (the Irish Data Protection Commissioner);
  8. Where the personal data is not collected from the data subject, any available information as to their source (if we didn’t collect the data from you, where did we get it?);
  9. The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

How do you make a subject access request? 

In order to respond effectively and efficiently to any subject access request we ask you to:

  • Visit the Access Request Form at https://www.uplift.ie/gdpr-data-requests, and enter your name and email to begin the process.
  • Please reply to the automated email that you receive following submission of the form with your proof of identity and address, and be as specific as possible about the information you wish to access
  • Submit your request for information, along with the proof of identity and address either by reply email to [email protected] or by post to: 13 North Main Street, Cork, T12 Y6W0.
  • If you cannot access the digital format of the Access Request Form please write to us requesting a form at [email protected] and a copy will be sent to you via standard post.

Use of the Access Request Form is not mandatory. However, completing the Access Request Form will enable us to process your subject access request more efficiently. 

 

What does Uplift do upon receiving a valid subject access request? 

We will first check that we have enough information to be sure of your identity. Often we will have no reason to doubt a person’s identity. However, in rare cases we may request additional evidence we reasonably need to confirm your identity. We do this to ensure that we only disclose information about personal data to the data subject. 

We will then check that we have enough information to find the records you requested. If we feel we need more information, then we will ask you for this as soon as reasonably possible. 

We will then conduct a full search of all our relevant databases and filing systems and collect all data relevant to the subject access request. Provided that none of the restrictions specified in Article 23 of the GDPR apply, we will then share with you the data and the additional information that you are entitled to. The default position is that you will get a digital copy of the information in a permanent and intelligible format unless the supply of such a copy is not possible or would involve a disproportionate effort, or you have agreed otherwise. Any terms which are not intelligible without an explanation will be accompanied by an explanation. 

The copy of the requested material will be dispatched by secure delivery, and we will seek timely confirmation from you, as the data subject, on receipt of the material.

 

Are there any fees payable?

No. The information provided under a subject access request will be provided free of charge (for the first copy – however, any subsequent copies may incur a reasonable fee based on administrative costs).

 

How soon will my subject access request be dealt with?

All valid subject access requests, accompanied by valid proof of identity, received by Uplift will be dealt with within 30 days of receipt of the request.

Review 

This policy will be reviewed at least annually by the Data Protection Manager to ensure alignment to appropriate risk management requirements and its continued relevance to current and planned operations, or legal developments and legislative obligations.