Subject Access Request

Westermill Farm Subject Access Request


The General Data Protection Regulation (GDPR) has now been in effect since May 24, 2018 and like thousands of small businesses with an internet presence Westermill Farm Holidays has put together the information we believe necessary to comply with the GDPR.

We have several other pages (referred to as “Supplementary Information” below) outlining our understanding of what we are meant to be doing:

… as well as this page and what we want to tell you on this page is that we have made available an easy to use online form so that you may request access to any of your personal data which Westermill Farm Holidays, has, has made use of and/or is making use of.

Westermill Farm subscribes to the tenets and guidance set forth by the

with regard to the processing of a “subject access request.”

Here is one of the main resources we are using to help guide us in making your personal data available to you.

Here is what we agree with so far … in so far as we are able to understand any of it well enough to agree with anything.

What is the right of access?

The right of access, commonly referred to as ‘subject access’, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why the recipients are using their data, and check that the recipients are using it lawfully.

What is an individual entitled to?

Individuals have the right to obtain the following from you:

  • confirmation that you are processing their personal data;
  • a copy of their personal data; and
  • other supplementary information – see ‘Supplementary information’ below

This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them. However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be:

  • told whether any personal data is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and given details of the source of the data (where this is available).

An individual can also request information about the reasoning behind any automated decisions, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret). Other rights relating to these types of decisions are dealt with in more detail in Automated Decision Making.

The above link is broken — at least — as of June 28, 2024: the interested reader is invited to provide a correction.

In most cases Westermill Farm Holidays will respond to a Subject Access Request promptly and in any event within 40 calendar days of receiving it. However, some types of personal data are exempt from the right of subject access and so cannot be obtained by making a subject access request. For more information, please see Exemptions.

Supplementary Information

Personal data of the individual

An individual is only entitled to their own personal data, and not to information relating to other people (unless the information is also about them or they are acting on behalf of someone).

What does all that techno-jargon mean?

Frankly, I am not absolutely certain what a lot of it is about, which is one reason why Westermill Farm has deployed a concise, easy to understand and readily available online form with which you can make requests to us about your data.

Of course you are absolutely free to make subject access requests by any valid method in the meantime.

Verifying your identity

In order to ensure that personal data is transmitted only to the owner of the data or their representative(s) we are required to make a reasonable effort to verify the identity of the requester making a Subject Access Request.

As the personal data we have had, and do have, access to, has almost exclusively been provided via online digital booking forms, we propose, therefore, to use details from those booking forms to initially attempt to verify the requester’s identity.

Such details will include some or all of the following data regarding the individual making the SAR:

  • Full name
  • Email address
  • Phone number
  • Street address

In the event that we cannot be reasonably certain of the identify the requester as the owner of the personal data from the responses to the foregoing data exchange — we will then follow up with a telephone call to the requester to discuss further details associated with the occasion of the business conducted between Westermill Farm and the requester.

You do not have to use the form on this page to make a Subject Access Request (SAR) to Westermill Farm Holidays.

You are welcome to make an SAR using whatever authorized format and technology you prefer.

However, Westermill Farm Holidays will require — at least — the data outlined above, to be provided in writing, in order to be able to process the request. Consequently we suggest that those interested in submitting an SAR review the form below so as to assist in providing the information needed to deal with their request.

Finally please note that Westermill Farm Holidays is not, has not and never will be accessible via Fax.

Westermill Farm Holidays Subject Access Request Form

The Westermill Farm Holidays version of this form has been active since May 29, 2018.