Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Subject Access Request
I need a subject access request document to formally request access to all personal data held about me by a specific company, including details on how my data is being processed, shared, and stored, in accordance with Swiss data protection laws. The document should include a clear statement of my identity, the specific data I am requesting, and a request for a response within the statutory timeframe.
What is a Subject Access Request?
A Subject Access Request is your legal right to ask any organization what personal data they have about you. Under Swiss data protection law, you can request to see, correct, or delete your information from companies, government agencies, or other groups that process your data.
When you submit a request, organizations must respond within 30 days, showing you what information they hold, how they use it, and who else can access it. Swiss law gives you strong privacy rights - companies must provide this information for free, though they can charge reasonable fees for additional copies. The only exceptions are when requests are clearly excessive or unfounded.
When should you use a Subject Access Request?
Submit a Subject Access Request when you need to understand exactly what personal information an organization has about you in Switzerland. Common situations include applying for jobs (to see your references), dealing with insurance companies (to verify your claims history), or investigating why you received unexpected marketing materials.
It's particularly valuable when preparing legal cases, checking credit reports for errors, or verifying medical records. Many people use these requests after being denied services or when suspecting data misuse. Swiss law guarantees your right to this information, making it a powerful tool for protecting your privacy and correcting inaccurate data.
What are the different types of Subject Access Request?
- Basic Written Request: The standard format asking organizations to provide all personal data they hold about you. Includes your identification details and specific timeframes.
- Detailed Data Inventory Request: A comprehensive version that asks for specific categories of data, including processing methods and third-party sharing.
- Urgent Access Request: Used for time-sensitive situations, particularly in medical or employment contexts, where rapid access to data is necessary.
- Digital Platform Request: Specifically tailored for online services and social media platforms operating in Switzerland, focusing on digital data collection.
- Correction/Deletion Request: Combines the access request with specific instructions to modify or remove personal information.
Who should typically use a Subject Access Request?
- Data Subjects: Any individual in Switzerland can submit a Subject Access Request to view their personal data - including residents, citizens, and visitors.
- Data Protection Officers: Responsible for handling incoming requests and ensuring organizations respond properly within legal timeframes.
- Company Legal Teams: Review requests, coordinate responses, and ensure compliance with Swiss data protection laws.
- IT Departments: Locate and compile requested data from various systems and databases.
- Third-Party Processors: Must cooperate when the primary organization needs information they process on its behalf.
How do you write a Subject Access Request?
- Personal Details: Gather your full name, address, and any account/reference numbers linked to the organization.
- Identity Proof: Prepare a copy of your passport, ID card, or Swiss residence permit to verify your identity.
- Request Scope: Specify exactly what information you're seeking and the time period it covers.
- Organization Details: List the correct legal name and address of the organization holding your data.
- Format Preference: State how you want to receive the information (email, mail, digital copy).
- Timeline Needs: Note any urgency, remembering organizations have 30 days to respond under Swiss law.
What should be included in a Subject Access Request?
- Requester Information: Your full legal name, current address, and contact details must be clearly stated.
- Organization Details: The exact legal name and address of the data controller you're requesting information from.
- Data Scope: Clear description of the personal data you're requesting access to.
- Time Period: Specific timeframe for which you're requesting information.
- Identity Verification: Reference to enclosed proof of identity documents as required by Swiss law.
- Legal Reference: Citation of your rights under Swiss Federal Act on Data Protection.
- Response Timeline: Statement acknowledging the 30-day response period.
What's the difference between a Subject Access Request and an Authorization Letter?
A Subject Access Request differs significantly from a Authorization Letter in both purpose and legal effect. While both documents involve personal information access, they serve distinct functions under Swiss law.
- Legal Basis: Subject Access Requests are a fundamental right under Swiss data protection law, while Authorization Letters are voluntary permissions granted to third parties.
- Scope of Access: Subject Access Requests demand comprehensive disclosure of all personal data an organization holds, while Authorization Letters typically grant limited access for specific purposes.
- Time Requirements: Organizations must respond to Subject Access Requests within 30 days by law, whereas Authorization Letters can specify custom timeframes.
- Cost Implications: Subject Access Requests must be fulfilled free of charge (except for additional copies), while Authorization Letters may involve service fees.
- Processing Requirements: Subject Access Requests trigger mandatory compliance procedures, while Authorization Letters follow standard business practices.
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.