We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information when we know we are dealing with the right person.
We will not charge you for any of these requests unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before we proceed with your request.
We will respond to all valid requests within 30 days. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example, if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
The right to be informed
You can ask us what data we hold on you and what we do with it.
The Right of Access / Data Subject Access Request (DSAR)
You can ask us to provide you with a copy of your personal data that we hold about you by contacting our legal department at email@example.com. Please note that BCS will not provide copies of any emails sent to or received from yourself as you already have received this information. We also will not provide any internal emails or documents that may contain your name unless the information contained in the email is:
- significantly biographical with regards to you as the data subject and/or
- you as the data subject were the focus of attention in the document.
We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person or if your request is manifestly unfounded or excessive.
Examination Paper Exemption
Individuals cannot use a Subject Access Request to obtain examination papers, examination answers to questions, or scripts, as this is exempt under the Data Protection Act Schedule 2 Part 4 Clause 25, this includes recordings of exams and professional assessments.
This is because it could compromise the professional assessment questions and examination papers which may be re-used. Examiner and professional assessment reports / comments are disclosable if they have been completed.
Correcting Personal Information / Right of Rectification
You can ask us to correct any information about you which is incorrect. We will be happy to correct such information but may need to verify the accuracy of it first. BCS members can change their own personal information at any time by logging in to MyBCS and updating personal details on the “My profile” page.
Computing at School members can change their own personal information at any time by logging in to https://www.computingatschool.org.uk/ and updating personal details directly.
Right to Erasure / Right to Be Forgotten
You can ask us to:
- erase your personal information if you think we no longer need to use of for the purpose we collected it from you;
- erase your personal information if you have either withheld your consent to use using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information
We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligations or where we need to use it to establish, exercise or defend legal claims.
Right to Restrict Processing / Withdrawing Consent
Where we have asked for your consent to use your personal information, you will always have the right to withdraw your consent. We will still hold your details on our databases but will not contact you.
The Right to Object
You can object to the use of your personal information for direct marketing purposes. We explain in the marketing section of this privacy notice more about our approach to direct marketing.
Requesting a transfer of personal information / Data Portability
You can ask us to
- provide your personal information to you in a structured, commonly used, and machine-readable format,
- or you can ask to have it transferred directly to another data controller (i.e. another organisation).
You can only do this where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold, or process based on our legitimate interest or which is not held in digital form.