The following is an example of a Subject Access Request to a claims or legal business that you have paid or agreed a contract with to act on your behalf with regard to timeshare relinquishments, claims and compensation / refunds.
This is a specific and formal demand for disclosure under the General Data Protection Regulation (GDPR), which will enable you to ask for copies of all documentation concerning you and your case held by the company. It is likely that if they should fail to respond accordingly, they will be considered in breach of the Regulation – so it is a much more robust method of obtaining details of what has / hasn’t been done.
Please make sure you are happy with everything included and add/edit where appropriate.
GDPR SUBJECT ACCESS REQUEST
As a data subject, I have a legal right, under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) to find out about your use of my personal data as follows:
Account No/Ref number
I understand that you currently hold details of my personal information within your internal record systems with regard to my timeshare with xxxxxxxxxxxx.
I would be grateful if you would provide the following for ALL agreements or contracts I hold or have held with your organisation:
– Full copies of all contracts which you believe exist or have existed between myself and your organisation, including true copies of any documents you hold in support of the same.
– A complete list of transactions or statements relating to ALL of my agreements/contracts with your organisation.
– Copies of all documents which include any of my personal information including copies of any contracts or invoices, emails or computer records containing my personal information, or any records which pertain to this information.
– Full copies or transcripts of any correspondence in postal, email or any other format which you have entered into with any individual, organisation or third party which contains my personal or financial information, or which pertains to me.
– Where any previous information or records held have been deleted or disposed of, the methods used to do so, including dates, certificates or references confirming details of destruction. Where you are unable to provide such certificates, please provide a declaration, signed by an authorised officer of your company, confirming the dates and methods of destruction of this data.
Where you have used abbreviations and/or codes, I would request that an accompanying sheet be provided so as to translate these abbreviations and/or codes and their meanings, I also request an accompanying appendices of the documents included and reference to the purpose or meaning to those documents.
I request that you provide all the information requested above, even though you may consider that it falls outside GDPR.
I reserve the right to refer to the contents of this letter if an application for pre-action discovery is necessary relating to any of the information requested herein.
I confirm that I am the data subject named in this Subject Access Request Form.
IF YOU ARE UNABLE TO DEAL WITH THIS REQUEST, YOU SHOULD IMMEDIATELY FORWARD IT TO THE PERSON WITHIN YOUR ORGANISATION RESPONSIBLE FOR DATA PROTECTION.
I look forward to hearing from you in the first instance of receipt.