SUBJECT ACCESS REQUEST (SAR) & DATA RIGHTS PROCEDURE

Bendylegs Ltd / Dr Jo Watkins

 Effective Date: 10th June 2026 | Review Date: 10th June 2026

  

1. Purpose

This procedure sets out how Bendylegs Ltd handles Subject Access Requests (SARs) and other data protection rights requests under UK GDPR and the Data Protection Act 2018.

For full details on how we collect, use, and retain personal data, please refer to our Privacy Policy at bendylegs.com.

 

2. Scope

This procedure applies to all individuals whose personal data is processed by Bendylegs Ltd, including clients, prospective clients, subscribers, website users, and programme participants.

 

3. Data Rights Covered

Individuals may exercise the following rights where applicable under UK GDPR:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to object
• Right to data portability
• Rights relating to direct marketing
• Rights relating to automated decision-making (where applicable)

 

4. How to Submit a Request

Requests can be submitted by any of the following methods. They do not need to use formal or legal wording to be treated as valid.

Email: jo@bendylegs.com

Website: www.jowatkins.com

 

5. Identity Verification

Where necessary, we may ask for reasonable proof of identity before actioning a request. This is to protect your information and prevent unauthorised access.

 

6. Acknowledgement & Response Timeframes 

Requests will normally be acknowledged within 5 working days of receipt.

 

7. Response

We aim to respond to all valid requests within one calendar month, in line with UK GDPR requirements.

Where a request is complex or involves a large volume of data, this period may be extended by up to two additional months. If an extension is needed, we will contact you to explain the reason and provide a revised response date.

 

8. What a Response May Include

Where applicable, our response may include:

• Confirmation that your personal data is being processed
• Copies of relevant personal data held
• Categories of data, purposes of processing, and retention periods
• Details of any third parties your data has been shared with
• Information about your ongoing rights

 

 9. Limitations and Exemptions

In some circumstances, certain information may be withheld where permitted by law. This may apply where disclosure would affect the rights of others, involve legally privileged information, or fall within another recognised exemption under data protection legislation.

Certain records may also need to be retained for legal, safeguarding, tax, insurance, or dispute resolution purposes even where a deletion request is made.

  

10. How Requests Are Handled

All requests are treated with strict confidentiality and are handled only by authorised individuals. Where data is shared in response to a request, this will be done securely wherever reasonably possible.

  

11. Record Keeping

Bendylegs Ltd maintains a confidential log of all requests received, including dates, actions taken, response deadlines, and outcomes. These records are retained only for as long as necessary for compliance purposes.

 

12. Complaints

If you are unhappy with how your request has been handled, you may raise a complaint directly with us at jo@bendylegs.com.

If you remain dissatisfied after we have responded, you have the right to contact the Information Commissioner's Office (ICO):

 

ICO Website

https://ico.org.uk

  

13. Review of This Procedure

This procedure will be reviewed periodically and updated where necessary to reflect changes in legislation, regulatory guidance, or operational practice.

 

Bendylegs Ltd  |  jo@bendylegs.com  |  Effective: 10th June 2026