Data Subject Rights

Data Subject Rights Procedure

Hycross Management Limited

Last Updated: 31 January 2025

Overview

Hycross Management Limited is committed to ensuring that data subjects can exercise their rights under applicable data protection laws, including

UK GDPR, The Data Protection (Jersey) Law 2018, and other relevant regulations. This document outlines our process for handling Data Subject Rights requests, including Subject Access Requests (SARs), right to rectification, right to erasure, right to restriction of processing, right to object, right to data portability, and rights related to automated decision-making.

How to Submit a Request

Individuals can exercise their data protection rights by contacting us through the following methods:

Email: [email protected]

Subject Line: ‘Data Subject Rights Request’

Required Information: The request must include the data subject’s full name, contact details, and a clear description of the request.

We acknowledge all requests within one calendar month in accordance with regulatory requirements. If an extension is required due to complexity, we will inform the requester within the initial timeframe.

Identity Verification

To protect personal data from unauthorized access, we may require additional verification steps before processing a request. This may include requesting proof of identity, such as:

A copy of a passport or driving licenseA recent utility bill or official document showing the requester’s address

If the request is made on behalf of another individual, legal authorization (such as power of attorney) must be provided.

Types of Requests & Our Response Process

Right to Access (Data Subject Access Request - SARs)

Data subjects can request a copy of their personal data held by us.We provide the requested information in a structured, commonly used electronic format.

Right to Rectification

If personal data is inaccurate or incomplete, individuals can request corrections.We update records and notify the requester of the correction.

Right to Erasure (‘Right to be Forgotten’)

Data subjects can request the deletion of their data under certain circumstances.We will assess whether legal grounds exist to retain the data and inform the requester accordingly.

Right to Restriction of Processing

If a dispute arises over data accuracy or legality, processing can be temporarily restricted.

Right to Data Portability

Data subjects can request their data in a machine-readable format to transfer to another controller.

Right to Object

Individuals can object to processing based on legitimate interest or direct marketing.If the request is valid, we will cease processing unless there are compelling legitimate grounds to continue.

Right Not to Be Subject to Automated Decision-Making

If we use automated decision-making, individuals have the right to request human intervention.

Record Keeping & Compliance

All Data Subject Rights requests are logged and maintained in compliance with regulatory requirements. We retain records of requests, responses, and actions taken for at least 12 months for auditing purposes.

Updates & Contact Information

This procedure is reviewed periodically to ensure compliance with evolving regulations. For any queries, contact:

Director: Alex Rondel Email: [email protected]