GDPR Requests – Welfare Academy

  1. Purpose

This GDPR Requests Procedure establishes the framework through which Welfare Academy manages and responds to requests relating to personal data rights under UK GDPR and the Data Protection Act 2018.

  1. Scope

This procedure applies to students, staff, applicants, apprentices, contractors, website users, and other individuals whose personal data is processed by Welfare Academy.

  1. Legislative Framework

This procedure aligns with:
• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Information Commissioner’s Office (ICO) guidance
• Office for Students (OfS) expectations where applicable

  1. GDPR Rights Covered

Individuals may exercise rights including:
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to object
• Right to data portability
• Rights relating to automated decision-making

  1. Submission of Requests

GDPR requests may be submitted through:

Email: support@welfarehs.co.uk
Telephone: 020 3983 0282

Requests should provide sufficient information to identify the individual and the nature of the request.

  1. Identity Verification

Welfare Academy may request identity verification before disclosing, amending, deleting, or restricting personal data in order to protect confidentiality and prevent unauthorised disclosure.

  1. Subject Access Requests

Individuals may request access to personal data held by Welfare Academy. Subject Access Requests (SARs) shall be managed in accordance with UK GDPR statutory requirements.

  1. Rectification Requests

Individuals may request correction of inaccurate or incomplete personal data. Welfare Academy shall review evidence and update records where appropriate.

  1. Erasure Requests

Individuals may request deletion of personal data where lawful conditions apply. Requests may be refused where legal, safeguarding, regulatory, contractual, or public interest obligations require retention.

  1. Restriction of Processing

Individuals may request restriction of processing under circumstances permitted by UK GDPR.

  1. Objection Requests

Individuals may object to certain types of processing, including processing based on legitimate interests or direct marketing activities where applicable.

  1. Data Portability

Where applicable, individuals may request transfer of personal data in a structured, commonly used, and machine-readable format.

  1. Automated Decision-Making

Individuals may request review of decisions based solely on automated processing where applicable under UK GDPR.

  1. Response Timeframes

Welfare Academy shall aim to respond to GDPR requests within statutory UK GDPR timeframes. Complex requests may require reasonable extensions where legally permitted.

  1. Refusal of Requests

Requests may be refused where:
• Legal exemptions apply
• Requests are manifestly unfounded or excessive
• Safeguarding obligations require restricted disclosure
• Regulatory obligations require retention

Reasons for refusal shall be communicated appropriately.

  1. Safeguarding and Confidentiality

Safeguarding obligations may override certain GDPR rights where disclosure or restriction could create risk to life, welfare, or safety. Confidentiality obligations shall be maintained appropriately.

  1. Data Security

All GDPR requests and associated information shall be managed securely using appropriate technical and organisational safeguards.

  1. Staff Responsibilities

Relevant staff members shall:
• Escalate GDPR requests appropriately
• Maintain confidentiality
• Follow institutional procedures
• Protect personal data
• Cooperate with investigations and reviews

  1. Training and Awareness

Relevant staff may receive training relating to UK GDPR compliance, confidentiality obligations, cybersecurity awareness, safeguarding-related data sharing, and data protection procedures.

  1. Complaints and ICO Rights

Individuals dissatisfied with data handling practices may raise concerns through institutional procedures or contact the Information Commissioner’s Office (ICO).

  1. Record Keeping

Welfare Academy shall maintain appropriate records relating to GDPR requests, decisions, correspondence, disclosures, and compliance activities.

  1. Equality and Accessibility

This procedure operates in accordance with the Equality Act 2010 and accessibility obligations. Welfare Academy shall seek to ensure that GDPR rights can be exercised in an inclusive and accessible manner.

  1. Governance and Review

This GDPR Requests Procedure shall be reviewed annually and aligned with UK GDPR, Data Protection Act 2018 requirements, ICO guidance, safeguarding obligations, and OfS expectations where applicable.

  1. Contact Information

Welfare Academy

Email: support@welfarehs.co.uk
Telephone: 020 3983 0282

  1. Policy Approval

This GDPR Requests Procedure is approved and maintained by Welfare Academy management and remains subject to periodic review and legislative updates.

Scroll to Top