Grafx collects, holds, and processes certain personal data about our Customers (“data subjects”). If you are a data subject, you have a legal right, under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) to find out about our use of your personal data as follows:
No fee is payable under normal circumstances. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive. Such charges will be based only on the administrative cost that we will incur in order to respond.
After receiving your subject access request, we may contact you to request additional supporting information and/or proof of your identity. This helps us to safeguard your privacy and personal data. We will respond to all subject access requests within one month of receipt and will aim to provide all required information to you within the same period. If we require more information from you, or if your request is unusually complicated, we may require more time and will inform you accordingly.
Please be aware if performing a subject access request you will need to provide two legal forms of identification in order for us to process the request. This identification is required in order for us to authenticate the request is coming from the correct recipient. If you are making a subject access request on someone else’s behalf, please contact our Data Protection Representative at DPR@Grafx.co.uk before making your request.
All personally identifiable information (PII) provided in the process of making a SAR will be permanently deleted upon the completion of the SAR and will never be used for any additional purpose other than those required for the completion of the request. To make a SAR you do not have to use this form and may instead write to us using the contact details found within our contact page.