Registrants should be offered a mechanism by the organization to view and correct their personal data.
Data subjects should be offered a clear means by which they can object to the processing of personal data.
The implementation method for objecting to processing may vary, but it should be in line with the way of using the service offered (e.g. in online services, objecting to processing should also be possible online).
In the absence of specific situations as defined in the Data Protection Regulation, but one of the following criteria is met, the data subject has the right to have his or her personal data deleted:
We are aware of the situations in which the "right to be forgotten" is realized in our actions. We have designed policies for these situations, which may include e.g.:
The data subject shall have the right to obtain the personal data provided to the controller in a structured, commonly used and machine-readable form and, if he so wishes, to transfer such data to another controller. This can mean, for example, a way to download data added to a web service at a time in a general format (eg XLS, XML, JSON).
The right applies when the following conditions are met:
The right does not cover data that have been generated by the controller himself on the basis of data provided by the data subject (e.g. health assessments) or that have been compiled from the analysis of data generated from the data subject's monitoring (such as profiling).
Our organization is aware of situations where the data subject has the right to transfer their data. We have designed policies for these situations, which may include e.g.: