Our manifesto outlines “22 ways to build resilience and aspiration in people and communities” across five key areas. Download your copy.

Dismiss close

Data protection: subject access request policy

Overhead close-up of a person reviewing a formal-looking document. They are holding a pen to make notes. A laptop is on the table in front of them. Overlaid is text that reads: "Policy Library".

Catch22 reserves the right to amend this policy, following consultation, where appropriate.

Date of last review: June 2023

Date of next review: June 2024


The United Kingdom General Data Protection Regulation (UKGDPR) affords data subjects 10 rights, one of which is the right of access. Data subjects/individual(s) have the right to access their personal data from a data controller who is processing their data. This policy outlines Catch22’s commitment to this right and highlights the process that is followed to ensure that access requests are dealt with in a timely fashion.

Policy statement

Catch22 will take all reasonable actions to ensure that it is compliant with Article 15 of the Regulation, that:

“The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data…” and “The controller shall provide a copy of the personal data undergoing processing.”

In the event that a data subject makes a request to access the data held about them by Catch22, we will respond to that request, subject to verification of identity, within one month of the request. If this is not possible, we will provide the data that is available within that time and advise the requestor that we need additional time with a clear indication of the timeframe that we expect to be able to fulfil their request within.

Continue reading