The organization shall maintain a list of data sets contained in the data stores it manages.
The documentation shall include at least the following information:
Upon request, the organization offers the registered person a clear list of the transfers of his personal data to third parties.
The list shows in particular which personal data has been transferred, to which organization, on what basis and when.
Whenever we process personal data, the data subject has certain rights, e.g. gain access to their data and, in certain situations, oppose processing or have their data deleted.
We have planned procedures for handling data subject requests, which may include e.g.: