GDPR/CCPA-compliant Data Subject Request Form (DSAR)

Data Subject Request (DSAR)

GDPR / CCPA / Global Privacy Compliance

At CliniciansCheck, we take data privacy and security with the utmost seriousness. As part of our global commitment to transparency, accountability, and ethical data use, we provide all individuals with the right to access, control, and request changes to their personal data in accordance with the world’s most stringent privacy laws.

This page outlines your rights and provides access to our secure submission form for exercising them.

Global Legal Alignment

Our DSAR process is aligned with the following data protection laws and frameworks:

• General Data Protection Regulation (GDPR – EU and UK)

• UK Data Protection Act 2018

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

• Personal Information Protection and Electronic Documents Act (PIPEDA – Canada)

• Australian Privacy Act 1988

• Global privacy standards aligned with ISO/IEC 27701:2019

We operate a privacy governance framework designed to meet the expectations of public health systems, international regulatory bodies, and data protection authorities.

Your Data Rights

• Depending on your jurisdiction, you may be entitled to the following rights regarding your personal information:

• Right of Access – Request a copy of your personal data

• Right to Rectification – Correct inaccurate or outdated information

• Right to Erasure – Request deletion of your data (“Right to be Forgotten”)

• Right to Restrict Processing – Limit how your data is used

• Right to Data Portability – Obtain your data in a structured, machine-readable format

• Right to Object – Object to data processing in specific contexts

• Right to Withdraw Consent – Revoke previously granted consent

• Right to Non-Discrimination – Particularly under US privacy laws

• Right to Opt Out – Prevent the sale or sharing of your data (CCPA / CPRA)

• Right to Appeal – Challenge automated decision-making or profiling

These rights are honoured consistently across all regions in which we operate.

How to Submit a Request

We have created a dedicated, encrypted portal for submitting your DSAR. This ensures confidentiality and security throughout the process.

Note: This form is hosted on a secure Jotform platform using industry-standard encryption protocols (TLS 1.2+ and 256-bit SSL). Your data is protected both in transit and at rest, and identity verification is required to prevent misuse or unauthorised access.

Identity Verification

To maintain the highest standards of data protection, we require proof of identity when processing DSARs. This ensures that requests are legitimate and that your personal data is safeguarded at all times.

You may be asked to submit:

• A government-issued photo ID

• Proof of address (e.g., utility bill)

• If acting on behalf of someone else, signed authorisation documentation

These documents are used exclusively for verification and are permanently deleted once your request is processed.

Response Times

We respond to all valid data requests within the timelines set out by applicable regulations:

• 30 days – GDPR / UK DPA / PIPEDA / APA

• 45 days – CCPA / CPRA (with possible extension to 90 days)

You will be notified if additional time is required due to the complexity of the request or the need for further verification.

Contact Our Data Protection Officer (DPO)

Should you have questions, concerns, or wish to follow up on your request, please contact our appointed Data Protection Officer.

Data Protection Officer (DPO) CliniciansCheck Ltd

Email: operationsteam@clinicianscheck.com

Escalating a Complaint

If you are not satisfied with our response, you may contact your regional data protection authority. We encourage individuals to contact us first, so we can resolve any concerns quickly and efficiently.

Supervisory Authorities Include:

• UK: Information Commissioner’s Office (ICO)

• EU: European Data Protection Board (EDPB)

• USA: California Privacy Protection Agency (CPPA)

• Australia: Office of the Australian Information Commissioner (OAIC)

• Canada: Office of the Privacy Commissioner of Canada (OPC)

Our Commitment to Global Privacy Standards

CliniciansCheck operates with full compliance across multiple regulatory jurisdictions. We incorporate the principles of:

• Lawfulness, fairness, and transparency

• Purpose limitation and data minimisation

• Security by design and by default

• User autonomy and control

• Ongoing auditability and accountability

Your Privacy Is Our Pledge

We understand the importance of data sovereignty, transparency, and consent. This is not just about meeting legal requirements—it’s about building trust.

At CliniciansCheck, we don’t just protect data—we honour your rights with clarity, integrity, and excellence.

Encryption and Security Standards

We use a secure, encrypted system for all Data Subject Requests. Submissions are protected both in transit and at rest using:

• TLS 1.2 or higher (secure transmission)

• 256-bit SSL encryption (data protection at rest)

• Verified encryption infrastructure hosted through Jotform

Identity documentation is used only for verification and is securely deleted once the request is resolved. Our systems follow best practices aligned with ISO 27001 and ISO 27701 standards.

Frequently Asked Questions (FAQs)

Can I submit a request on behalf of someone else?

• Yes. Please provide legal authorisation and proof of identity for both parties.

How long will it take to process my request?

• We respond within 30 days for most requests (or 45 days for California-based requests), in accordance with applicable laws.

Is my information safe?

• Yes. All submissions are encrypted, stored securely, and handled by authorised personnel only.