Tweet
I've been doing a Santander PPI reclaim for my daughter. It was a store card financed by GE Money, and was taken out in 2002. First, I sent a DSAR in 2011, and I duly got back some data from 2005 to account closure in 2007.
In the DSAR, I requested
None of the above data was sent to me, but I got the following in response - "The way in which our data is destroyed is privy to the security business and we are confident that this complies with regulatory requirements."
For info, here is the DSAR I sent, and the reply received. I now intend to make a claim based on a lot of estimated data, so I have decided to insist on confirmation that no further data exists.
In the DSAR, I requested
Details of all systems you currently have in place to ensure my personal or financial information is kept securely, including details of those officers who currently have control of the same, and at the time it was held or provided to a third party.
If any data has been deleted or disposed of, the methods used to do so, including dates, reason for deletion, certificates or documents confirming details of destruction. If you are unable to provide such certificates, then I require a declaration, signed by an authorised officer of your company, confirming the dates and methods of destruction of this data.
Please be aware that the Data Protection Act 1998 clearly states that all information held must be disclosed and there is no correlation to the Limitation Act 1980 whatsoever. This request therefore lawfully includes any and all data which is older than six years. If you do not hold any data older than 6 years, then I require a signed declaration from your data controller confirming this, and a copy of all documents pertaining to its proper disposal.
If any data has been deleted or disposed of, the methods used to do so, including dates, reason for deletion, certificates or documents confirming details of destruction. If you are unable to provide such certificates, then I require a declaration, signed by an authorised officer of your company, confirming the dates and methods of destruction of this data.
Please be aware that the Data Protection Act 1998 clearly states that all information held must be disclosed and there is no correlation to the Limitation Act 1980 whatsoever. This request therefore lawfully includes any and all data which is older than six years. If you do not hold any data older than 6 years, then I require a signed declaration from your data controller confirming this, and a copy of all documents pertaining to its proper disposal.
For info, here is the DSAR I sent, and the reply received. I now intend to make a claim based on a lot of estimated data, so I have decided to insist on confirmation that no further data exists.
Dear Sir/Madam
Please supply all data that your company holds relating to my entire account history. Whilst not exhaustive, for the avoidance of doubt I list below what I require:
Full and legible copies of all contracts and agreements that have existed between myself and your organisation, including copies of any documents you hold in support of same. This is to include Burton account nos.
Full and legible copies of all statements relating to the above accounts. This is to include all credits, debits, charges & interest applied to my account(s) including details of any instances that required manual intervention. It is also to include monthly account balances.
Full and legible copies of all correspondence, including all letters, faxes, emails and memos sent and received between ourselves, and any other third party in relation to any of the above accounts.
Full unedited copies of any telephone recordings and/or transcripts of these recordings as well as any logs or journals that relate to them.
Full and legible copies of all documents which include any of my personal information including copies of any contracts or invoices, emails or computer records containing my personal information, or any records which pertain to this information.
Full details and legible copies of any documents upon which you relied when you have provided my personal or financial information to any individual, organisation or third party.
Full and legible copies or transcripts of any computer logs or database records kept in relation to myself or in relation to my financial or personal information.
Details of all systems you currently have in place to ensure my personal or financial information is kept securely, including details of those officers who currently have control of the same, and at the time it was held or provided to a third party.
If any data has been deleted or disposed of, the methods used to do so, including dates, reason for deletion, certificates or documents confirming details of destruction. If you are unable to provide such certificates, then I require a declaration, signed by an authorised officer of your company, confirming the dates and methods of destruction of this data.
Please be aware that the Data Protection Act 1998 clearly states that all information held must be disclosed and there is no correlation to the Limitation Act 1980 whatsoever. This request therefore lawfully includes any and all data which is older than six years. If you do not hold any data older than 6 years, then I require a signed declaration from your data controller confirming this, and a copy of all documents pertaining to its proper disposal.
All data - including data held on a microfiche or similar systems - must be provided within 40 days, and if you require a fee for this, then I enclose a cheque for the maximum statutory fee of £10.00. If you choose to waive the fee, then please be aware that you still have a legal obligation to comply with this request.
Yours faithfully
Please supply all data that your company holds relating to my entire account history. Whilst not exhaustive, for the avoidance of doubt I list below what I require:
Full and legible copies of all contracts and agreements that have existed between myself and your organisation, including copies of any documents you hold in support of same. This is to include Burton account nos.
Full and legible copies of all statements relating to the above accounts. This is to include all credits, debits, charges & interest applied to my account(s) including details of any instances that required manual intervention. It is also to include monthly account balances.
Full and legible copies of all correspondence, including all letters, faxes, emails and memos sent and received between ourselves, and any other third party in relation to any of the above accounts.
Full unedited copies of any telephone recordings and/or transcripts of these recordings as well as any logs or journals that relate to them.
Full and legible copies of all documents which include any of my personal information including copies of any contracts or invoices, emails or computer records containing my personal information, or any records which pertain to this information.
Full details and legible copies of any documents upon which you relied when you have provided my personal or financial information to any individual, organisation or third party.
Full and legible copies or transcripts of any computer logs or database records kept in relation to myself or in relation to my financial or personal information.
Details of all systems you currently have in place to ensure my personal or financial information is kept securely, including details of those officers who currently have control of the same, and at the time it was held or provided to a third party.
If any data has been deleted or disposed of, the methods used to do so, including dates, reason for deletion, certificates or documents confirming details of destruction. If you are unable to provide such certificates, then I require a declaration, signed by an authorised officer of your company, confirming the dates and methods of destruction of this data.
Please be aware that the Data Protection Act 1998 clearly states that all information held must be disclosed and there is no correlation to the Limitation Act 1980 whatsoever. This request therefore lawfully includes any and all data which is older than six years. If you do not hold any data older than 6 years, then I require a signed declaration from your data controller confirming this, and a copy of all documents pertaining to its proper disposal.
All data - including data held on a microfiche or similar systems - must be provided within 40 days, and if you require a fee for this, then I enclose a cheque for the maximum statutory fee of £10.00. If you choose to waive the fee, then please be aware that you still have a legal obligation to comply with this request.
Yours faithfully
Comment