All Countries
Compliance
Subject Access Request Form

Subject Access Request Form Template for New Zealand

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Subject Access Request Form

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Subject Access Request Form

"I need a Subject Access Request Form for our healthcare clinic in Auckland that includes specific sections for medical record requests and allows for urgent processing options, compliant with both the Privacy Act 2020 and Health Information Privacy Code."

Celebrated by
Collaborations with
Investors
Document background
The Subject Access Request Form is a critical document used to comply with New Zealand's Privacy Act 2020, which gives individuals the right to access their personal information held by organizations. This document should be used whenever an individual wishes to exercise their right to access personal data, requiring them to provide sufficient details for identification and specify the information they seek. The form helps organizations process requests systematically while ensuring compliance with statutory obligations, including the 20-working-day response requirement under New Zealand law. It includes sections for identity verification, request specifications, and preferred response formats, facilitating efficient processing while maintaining data security and privacy standards.
Suggested Sections

1. Requestor Details: Essential personal information about the person making the request, including full name, contact details, and any reference numbers related to their relationship with the organization

2. Identity Verification: Section specifying what forms of identification are required and how they should be submitted to verify the requestor's identity

3. Information Request Details: Specific details about what personal information is being requested, including relevant date ranges and types of information

4. Preferred Format: How the requestor would like to receive the information (e.g., electronic copy, printed copy, in person viewing)

5. Declaration: Statement confirming the truth of information provided and understanding of the process, including signature and date

Optional Sections

1. Third Party Authorization: Required when someone is making a request on behalf of another person, including authority verification and relationship details

2. Urgent Request Details: To be included when the requestor needs the information urgently, requiring justification for expedited processing

3. Specific Department Selection: For large organizations, allowing requestors to specify which department(s) might hold their information

4. Fee Understanding: Section explaining any applicable fees for certain types of requests or formats, if relevant under organizational policy

Suggested Schedules

1. Schedule 1: Acceptable ID Documents: List of acceptable forms of identification and requirements for ID verification

2. Schedule 2: Privacy Notice: Information about how the personal information provided in the form will be used and protected

3. Schedule 3: Processing Timeline Guide: Information about standard processing times and circumstances that might affect these timeframes

4. Appendix A: Guidance Notes: Detailed instructions on how to complete the form and what to expect after submission

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant Industries

Healthcare

Financial Services

Education

Government and Public Sector

Retail

Technology

Telecommunications

Insurance

Professional Services

Non-profit Organizations

Transportation

Hospitality

Real Estate

Manufacturing

Energy

Relevant Teams

Legal

Compliance

Information Security

Data Protection

Human Resources

Customer Service

Operations

Administration

Risk Management

Information Management

Privacy Office

Records Management

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Records Manager

Privacy Analyst

Information Officer

Risk and Compliance Officer

Customer Service Manager

HR Manager

Office Manager

General Counsel

Operations Manager

Administrative Officer

Industries
Privacy Act 2020: The primary legislation governing privacy and personal information in New Zealand, including the 13 Information Privacy Principles that outline individuals' rights to access their personal information and organizations' obligations in handling such requests.
Health Information Privacy Code 2020: A specific code issued under the Privacy Act that sets out particular rules for handling health information, which may be relevant if the subject access request involves health-related personal information.
Official Information Act 1982: Relevant when the subject access request is made to a public sector organization, as it provides for complementary rights of access to official information, including personal information.
Privacy (Information Sharing Agreement Between New Zealand Gang Intelligence Centre Agencies) Order 2018: May be relevant if the subject access request involves information shared between government agencies under this agreement, as it affects how such information can be accessed and disclosed.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Data Protection Request Form

A standardized form under New Zealand's Privacy Act 2020 for individuals to request access to or modification of their personal data held by organizations.

find out more

Subject Access Request Form

A New Zealand-compliant form under the Privacy Act 2020 that enables individuals to request access to their personal information held by organizations.

find out more

Data Subject Request Form

A New Zealand-compliant form for individuals to request access, correction, or deletion of their personal data under the Privacy Act 2020.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.