top of page

Orange Aero / News

Subject Access Request Policy

Date of Last Review – May 2024

Review Frequency – 1 year

Review Date – May 2025

​

​

Under the General Data Protection Regulation (GDPR) individuals have the right to make a ‘subject access request’ to gain access to information that Orange Aero Limited holds about them. This includes:

  • Confirmation that their personal data is being processed

  • Access to a copy of the data

  • The purposes of the data processing

  • The categories of personal data concerned

  • Who the data has been, or will be, shared with

  • How long the data will be stored for, or if this is not possible, the criteria used to determine this period

  • The source of the data, if not the individual

  • Whether any automated decision-making is being applied to their data, and what the significance and consequences of this might be for the individual

 

Subject Access Requests (SARs) can be made by contacting any member of staff, but it is helpful if they are made to the Managing Director’s PA. Requests can be made in person, verbally, in writing, and by email.

 

For convenience, details of the Managing Director’s PA are shown below:

 

Sharon Mills

Orange Aero Ltd

Unit 0, Howland Road Business Park

Howland Road

Thame

OX9 3GQ

 

smills@orange.aero

 

The following information will be required:

  • Name of the individual

  • Relationship of the requester to the individual, if appropriate

  • Correspondence address

  • Contact number and email address

  • Details of the information required

 

Orange Aero Ltd will acknowledge receipt of a Subject Access Request in writing within 3 working days.

 

When responding to requests, we:

  • May ask the individual to provide two forms of identification

  • May contact the individual via ‘phone to confirm the request was made

  • Will respond without delay and within one month of receipt of the request

  • Will provide the information free of charge.

  • May tell the individual we will comply within three months of receipt of the request, where a request is complex or numerous. We will inform the individual of this within one month and explain why the extension is necessary.

  • Will explain that certain information will not be provided should it cause harm to the physical or mental health of another subject; if disclosing requested information adversely affects the rights and freedoms of others; or where any references have been provided in confidence.

 

Where the request is determined to be ‘manifestly unfounded or excessive’, we may refuse to act on it, or charge a reasonable fee consummate with the complexity or time required to complete the request.

 

A request will be considered unfounded or excessive if it is repetitive or asks for further copies of the same information.

 

When we refuse a request, we will tell the individual why, and tell them they have the right to complain to the ICO.

 

Orange Aero Ltd understands the rights of the individual pertaining to Data Portability and will provide details in a structured, commonly used and machine-readable format.

 

In addition to the right to make a Subject Access Request (see above), and to receive information when we are collecting their data about how we use and process it, individuals also have the right to:

  • Withdraw their consent to processing at any time

  • Ask us to rectify, erase or restrict processing of their personal data, or object to the processing of it (in certain circumstances)

  • Prevent use of their personal data for direct marketing purposes

  • Challenge processing which has been justified on the basis of public interest

  • Request a copy of agreements under which their personal data is transferred outside of the European Economic Area

  • Object to decisions based solely on automated decision-making or profiling (decisions taken with no human involvement, that might negatively affect them)

  • Be notified of a data breach in certain circumstances

  • Make a complaint to the ICO

  • Ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances)

 

Individuals should submit any request to exercise these rights to any member of staff, who will then forward this onto the Managing Director’s PA.

bottom of page