As a public authority that handles personal information and data, Ordnance Survey must comply with the Data Protection Act 1998 (DPA). We also comply with Cabinet Office and the Information Commissioner’s guidelines on the handling (otherwise referred to as ‘processing’) of personal data and information.
Ordnance Survey collects personal information for the purposes of licence administration, fulfilment of customer orders, responding to other general enquiries and for staff administration. All personal information is held in secure locations, whether paper or electronic.
All staff must comply with our Data protection policy. Ordnance Survey annually reviews the personal information we hold and how we use it.
The main principles of the DPA are that personal information shall:
- be processed fairly and lawfully;
- be obtained for only one or more specified and lawful purposes;
- be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed;
- be accurate and, where necessary, kept up to date;
- not be kept for longer than is necessary for that purpose or those purposes;
- be processed in accordance with the rights of the data subject under the DPA;
- be kept in such a way to prevent unauthorised or unlawful use of the information, accidental loss or destruction of, or damage to, the personal information; and
- not be transferred to a country or territory outside the European Economic Area.
Applications for personal information
Under the DPA, only the person who the information is about is entitled to request information about them: this is known as a Subject Access Request. You have a lawful right to request information held about you unless there is an applicable, valid exemption. Please note that should another person request information about you, unless specifically allowable under the DPA (normally for other legislative purposes), their request is likely to be refused under the section 40 Personal information exemption under the FOIA.
Once a request has been received by us, Ordnance Survey is obliged to respond within 40 working day of receipt of a request, regardless of weekends and public holidays. Please note that Ordnance Survey will not make a charge for responding to Subject Access Requests.
Please note that Ordnance Survey does not charge for the provision of this information.
How to make a request
Applications for personal data are known as Subject Access Requests; these should be in writing and may be submitted by letter or email. So that we can respond fully, they should include your name and correspondence address (email address where applicable). You should also provide as much detail as possible to enable Ordnance Survey to identify the information sought. Before we release the information to you, we will require at least two means of identity, as it is illegal for us to release the information to anybody else other than the Data Subject (you). This may mean that you might be requested to come to the Ordnance Survey head office in Southampton, or possibly visit one of our surveying offices around the country.
If information is required in a particular format, for example, a photocopy or on computer disk, this should also be stated in the application. If you have difficulty in identifying the precise information you require, or difficulty in making the application in writing, please contact our staff, who will be pleased to help you. Telephone 03456 05 05 05 or use the email address below.
Subject Access Requests for information under the DPA should be addressed to:
The Data Protection Officer
Customer Service Centre
Or email the Data Protection Officer at email@example.com
Appeals procedure under the DPA 1998
If, for any reason, you are unhappy with our response to a Subject Access Request made to us under the DPA, you have the right to appeal our decision directly to the Information Commissioner’s Office. This will start an independent review process, during which the Information Commissioner’s Office will undertake a review of our process, reasoning and withheld information to ensure that due process and whether or not sound reasoning in line with the DPA has been followed.
You can raise a complaint if we have failed to:
- provide the information you asked for;
- tell you whether or not we hold information;
- respond to your request within time limits (normally 40 days);
- give you proper advice and help;
- give information in the form in which you requested it;
- properly explain the reasons for refusing the request; or
- correctly apply an exemption under the Act – in other words, we have refused to disclose information for the wrong reason.
Request a review by the Information Commissioner or write to:
The Case Reception Unit
Customer Service Team
The Information Commissioner’s Office
Phone: 08456 306060
Fax: 01625 545510