Data Protection & Subject Access Request procedure

The Data Protection Act gives legal rights to individuals (data subjects) in respect of personal data held about them.

Purpose of the act

The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.

This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.

They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Data Protection Commissioner for an assessment to be made of the data controller if they feel that the act has been contravened.

The Act places obligations on those who record and use personal data (Janine Hodge on behalf of Courage2Be Counselling Services). They must be open about the use of such personal data through notification to the Information Commissioner and they must follow sound and proper practices by applying the Data Protection Principles.

The Government has published its Data Protection Bill to replace this Act. The European General Data Protection Regulations (GDPR) came into force in May 2018.

Accessing your personal information – subject access request (SAR)

What is a subject access request?

Under the Data Protection Act 1998 an individual has the right to request all personal data that a Data Controller (Janine Hodge on on behalf of Courage2Be Counselling Services) holds about them by making a subject access request.  The Data Protection Act gives Data Controllers 40 calendar days to complete a subject access request. This time starts from the day Courage2Be Counselling Services receives a clear request and enough identification to be sure that the request is from the data subject. Once this information has been received the Data Protection Lead will contact you to acknowledge that the 40 day period has started. This deadline can be extended by a further two months if your requests are complex or numerous. If this is done, then the Data Protection Lead will notify you of this within a month of receipt of the request, providing reasons for the delay.

You can make a request to access your personal information using the form below and emailing back to or return by post. Before you do please take the time to read the information provided on this page.

Information you need to provide

Courage2Be Counselling Services does not have to start working on a subject access request until you have provided enough information for us to find the personal data.

1. A clear, specific request

For example, a request for ‘all of the personal data held on me’ is not specific enough for us to find your personal data.

2. Current identification 

Courage2Be counselling services takes great care to ensure that personal data is only disclosed to those who are authorised to access it. For this reason you will need to provide a form of ID from each of the lists below in order to request your personal information.

Examples of acceptable name identification:

  • current driver’s licence
  • current passport
  • birth certificate

Examples of acceptable proof of address:

  • utility bill
  • bank statement
  • council tax bill

Address ID is necessary in order to ensure that your personal data is being posted to the right place. If you would rather pick up your data by hand then please let us know.

3. Charging for requests

Courage2Be Counselling Services will not charge a fee to process a subject access request unless the request is considered to be unfounded or excessive. Here, a £10 fee will be charged and is to be paid by BACS or cash prior to the processing of the subject access request.


Information sharing

Our responsibility is to tell you clearly what we plan to do with your information and how we plan to share it.

If you have applied for or are already receiving a service from us, we have the right to use and share your information internally within Courage2Be Counselling Services and with our partners in order to provide services to you.

We will only share your information when we feel it is appropriate and where it is permitted by law.

We promise to adhere to the Data Protection Act 1998 and we will take reasonable steps to protect your confidentiality and only hold your information for as long as it is necessary.

If you do not want us to use your information, you have the right to withhold your consent from it being shared. This may mean we will not be able to provide you with the services you may require or need.

For more information please read our Privacy Policy

Further information