Item talk:Q5103

From Wikibase Personal data
Revision as of 12:51, 13 February 2021 by Podehaye (talk | contribs) (Created page with "{{Mailto|mailto:support@alphaexplorationco.com|GDPR request|Dear Clubhouse, This is a transparency request under the General Data Protection Regulation, including a subject a...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

mailto:support@alphaexplorationco.com?subject=GDPR%20request&body=Dear%20Clubhouse%2C%0A%0AThis%20is%20a%20transparency%20request%20under%20the%20General%20Data%20Protection%20Regulation%2C%20including%20a%20subject%20access%20request%2C%20a%20portability%20request%2C%20and%20other%20specific%20provisions.%20%0A%0ADue%20to%20specific%20growth%20hacking%20mechanisms%20you%20employ%2C%20it%20similarly%20concerns%20some%20of%20your%20users%2C%20who%20might%20already%20be%20in%20breach%20of%20GDPR.%20%0A%0AIdentification%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AIt%20is%20natural%20that%20you%20will%20need%20to%20identify%20me%20and%20make%20sure%20I%20am%20who%20I%20claim%20to%20be.%20I%20understand%20that%20according%20to%20Article%2011%20GDPR%2C%20and%20particularly%20Art%2011.2%2C%20you%20might%20thus%20need%20additional%20information.%20The%20following%20information%20should%20help%20you%20locate%20my%20personal%20data%3A%0A%0A%20%20-%20e-mail%20address%3A%20%3C%3C%20ADD%20VALUE%20%3E%3E%3B%0A%20%20-%20telephone%20number%3A%20%3C%3C%20ADD%20VALUE%20%3E%3E.%0A%0AYou%20should%20be%20able%20to%20verify%20easily%20by%20email%20address%20simply%20by%20responding%20to%20my%20email.%20%0A%0AI%20would%20encourage%20you%20to%20verify%20the%20telephone%20number%20by%20simply%20calling%20me.%0A%0ACopies%20of%20my%20personal%20data%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AI%20would%20like%20to%20request%20a%20copy%20of%20all%20my%20personal%20data%20held%20and%2For%20undergoing%20processing.%20This%20is%20both%20a%20subject%20access%20request%20and%20a%20portability%20request.%20This%20request%20is%20directly%20addressed%20to%20you%2C%20and%20concerns%20data%20you%20hold%20directly%20but%20also%20joint%20controllership%20data%20%28GDPR%20Art%2026%29%2C%20jointly%20held%20with%20other%20data%20controllers.%20Some%20of%20those%20other%20controllers%20would%20also%20include%20some%20of%20your%20users%20%28particularly%20those%20who%20have%20already%20breached%20GDPR%20and%20are%20located%20in%20Belgium%2C%20in%20light%20of%20the%20Twoo%20decision%29.%0A%0AAs%20explained%20above%2C%20this%20request%20covers%20all%20my%20personal%20data.%20I%20will%20break%20it%20down%20into%20three%20parts%2C%20according%20to%20Art%2020%2C%20Art%2015%20and%20Art%2026.%0A%0AArticle%2020%0A----------%0AFor%20data%20falling%20within%20the%20right%20to%20data%20portability%20%28GDPR%2C%20art%2020%29%2C%20which%20includes%20all%20data%20I%20have%20provided%20%2Aand%2A%20which%20have%20been%20indirectly%20observed%20about%20me%20%28Article%2029%20Working%20Party%2C%20%2AGuidelines%20on%20the%20Right%20to%20Data%20Portability%20%28WP%20242%29%2A%2C%2013%20December%202016%2C%208%29%20and%20where%20lawful%20bases%20for%20processing%20include%20consent%20or%20contract%2C%20I%20wish%20to%20have%20that%20data%3A%0A%0A-%20%20%20%2A%2Asent%20to%20me%20in%20commonly%20used%2C%20structured%2C%20machine-readable%20format%2A%2A%2C%20such%20as%20a%20CSV%20file.%20A%20PDF%20is%20not%20a%20machine-readable%20format%20%28Article%2029%20Working%20Party%2C%20%E2%80%98Guidelines%20on%20Transparency%20under%20Regulation%202016%2F679%E2%80%99%20WP260%20rev.01%2C%2011%20April%202018%29.%0A%0A-%20%20%20accompanied%20with%20an%20%2A%2Aintelligible%20description%20of%20all%20variables.%2A%2A%0A%0ASince%20I%20am%20not%20a%20user%20of%20Clubhouse%2C%20I%20expect%20this%20data%20to%20be%20nil%20%28short%20of%20this%20email%29.%20%0A%0AArticle%2015%0A----------%0AFor%20all%20personal%20data%20not%20falling%20within%20portability%2C%20I%20would%20like%20to%20request%2C%20under%20the%20right%20to%20access%20%28GDPR%2C%20art%2015%29%3A%0A%0A-%20%20%20%2A%2Aa%20copy%20sent%20to%20me%20in%20electronic%20format%2A%2A.%20This%20includes%20-%20but%20is%20not%20limited%20to%20-%20any%20data%20derived%20about%20me%2C%20such%20as%20opinions%2C%20inferences%2C%20settings%20and%20preferences.%20%28Note%20that%20opinions%2C%20inferences%20and%20the%20like%20are%20considered%20personal%20data.%20See%20Case%20C%E2%80%91434%2F16%20%2APeter%20Nowak%20v%20Data%20Protection%20Commissioner%2A%20%5B2017%5D%20ECLI%3AEU%3AC%3A2017%3A994%2C%2034.%29%20%20For%20data%20that%20is%20available%20to%20the%20controller%20in%20machine%20readable%20format%2C%20it%20must%20be%20provided%20to%20me%20in%20that%20form%20in%20accordance%20with%20the%20principle%20of%20fairness%20and%20provision%20of%20data%20protection%20by%20design.%0A-%20%20%20information%20provided%20to%20you%20by%20third%20parties%2C%20%2A%2Aincluding%20users%2A%2A%0A%0AArticle%2026%0A----------%0AGiven%20the%20nature%20of%20the%20growth%20hacking%20you%20engage%20in%2C%20I%20fully%20expect%20the%20referral%20mechanisms%20you%20employ%20not%20to%20fall%20within%20the%20household%20exemption%20in%20the%20GDPR.%20This%20interpretation%20is%20confirmed%20by%20the%20recent%20Twoo%20decision%20of%20the%20Belgian%20Data%20Protection%20Authority%3A%0Ahttps%3A%2F%2Fiapp.org%2Fnews%2Fa%2Ftell-a-friend-but-only-with-your-friends-consent%2F%0AAs%20a%20consequence%2C%20the%20processing%20of%20this%20data%20falls%20within%20a%20joint%20controllership%20scheme%20%28GDPR%20Art%2026%29.%0AMirroring%20the%20direct%20exercise%20of%20my%20rights%20with%20respect%20to%20you%20described%20above%2C%20I%20also%20wish%20to%20exercise%20these%20rights%20with%20against%20any%20of%20your%20joint%20controllers%20-%20but%2C%20as%20allowed%20via%20Art%2026%283%29%20by%20reaching%20out%20to%20you.%20Finally%2C%20I%20wish%20-%20as%20described%20in%20Art%2026%282%29%20-%20to%20have%20access%20to%20the%20essence%20of%20the%20arrangement%20described%20in%20Art%2026%281%29.%0A%0A%0AMetadata%20on%20processing%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AThis%20request%20also%20includes%20the%20metadata%20I%20am%20entitled%20to%20under%20the%20GDPR.%0A%0AInformation%20on%20controllers%2C%20processors%2C%20source%20and%20transfers%0A------------------------------------------------------------%0A%0A-%20The%20%2A%2Aidentity%20of%20all%20joint%20controllers%2A%2A%20of%20my%20personal%20data%2C%20as%20well%20as%20the%20essence%20of%20you%20contracts%20with%20them%20%28Article%2026%29.%0A%0A%0A-%20Any%20%2A%2Athird%20parties%20to%20whom%20data%20has%20been%20disclosed%2A%2A%2C%20named%20with%20contact%20details%20in%20accordance%20with%20Article%2015%281%29%28c%29.%20Please%20note%20that%20the%20European%20data%20protection%20regulators%20have%20stated%20that%20by%20default%2C%20controllers%20should%20name%20precise%20recipients%20and%20not%20%22categories%22%20of%20recipients.%20If%20they%20do%20choose%20to%20name%20categories%2C%20they%20must%20justify%20why%20this%20is%20fair%2C%20and%20be%20specific%2C%20naming%20%22the%20type%20of%20recipient%20%28i.e.%20by%20reference%20to%20the%20activities%20it%20carries%20out%29%2C%20the%20industry%2C%20sector%20and%20sub-sector%20and%20the%20location%20of%20the%20recipients.%20%28%20Article%2029%20Working%20Party%2C%20%E2%80%98Guidelines%20on%20Transparency%20under%20Regulation%202016%2F679%E2%80%99%20WP260%20rev.01%2C%2011%20April%202018%20%29%20Please%20note%20that%20in%20the%20case%20of%20any%20transferred%20data%20processed%20on%20the%20basis%20of%20consent%2C%20there%20is%20no%20option%20to%20just%20name%20categories%20of%20recipients%20without%20invalidating%20that%20legal%20basis%20%28Article%2029%20Working%20Party%2C%20%E2%80%98Guidelines%20on%20Consent%20under%20Regulation%202016%2F679%E2%80%99%20%28WP259%20rev.01%2C%2010%20April%202018%29%2013%29.%0A%0A-%20If%20any%20data%20was%20not%20collected%2C%20observed%20or%20inferred%20from%20me%20directly%2C%20please%20provide%20precise%20information%20about%20%2A%2Athe%20source%20of%20that%20data%2A%2A%2C%20including%20the%20name%20and%20contact%20email%20of%20the%20data%20controller%28s%29%20in%20question%20%28%22from%20which%20source%20the%20personal%20data%20originate%22%2C%20Article%2014%282%29%28f%29%2F15%281%29%28g%29%29.%0A%0A-%20Please%20confirm%20where%20my%20personal%20data%20is%20physically%20stored%20%28including%20backups%29%20and%20at%20the%20very%20least%20%2A%2Awhether%20it%20has%20exited%20the%20EU%20at%20any%20stage%20%28if%20so%2C%20please%20also%20detail%20the%20legal%20grounds%20and%20safeguards%20for%20such%20data%20transfers%29%2A%2A.%0A%0AInformation%20on%20purposes%20and%20legal%20basis%0A---------------------------------------%0A%0A-%20All%20%2A%2Aprocessing%20purposes%20and%20the%20lawful%20basis%20for%20those%20purposes%20by%20category%20of%20personal%20data%2A%2A.%20This%20list%20must%20be%20broken%20down%20by%20purpose%2C%20lawful%20basis%20aligned%20to%20purposes%2C%20and%20categories%20of%20data%20concerned%20aligned%20to%20purposes%20and%20lawful%20bases.%20Separate%20lists%20where%20these%20three%20factors%20do%20not%20correspond%20are%20not%20acceptable%20%28Article%2029%20Working%20Party%2C%20%E2%80%98Guidelines%20on%20Transparency%20under%20Regulation%202016%2F679%E2%80%99%20%28WP260%20rev.01%2C%2011%20April%202018%29%2C%20page%2035.%0A%29.%20A%20table%20may%20be%20the%20best%20way%20to%20display%20this%20information.%0A%0A-%20The%20%2A%2Aspecified%20legitimate%20interest%2A%2A%20where%20legitimate%20interest%20is%20relied%20upon%20%28Article%2014%282%29%28b%29%29.%0A%0AInformation%20on%20automated%20decision-making%20----------------------------------------%0A-%20Please%20confirm%20whether%20or%20not%20you%20make%20any%20automated%20decisions%20%28within%20the%20meaning%20of%20Article%2022%2C%20GDPR%29.%20If%20the%20answer%20is%20yes%2C%20please%20provide%20meaningful%20information%20about%20the%20logic%20involved%2C%20as%20well%20as%20the%20significance%20and%20the%20envisaged%20consequences%20of%20such%20processing%20for%20me.%20%28Article%2015%281%29%28h%29%29%0A%0AInformation%20on%20storage%0A----------------------%0A-%20Please%20confirm%20for%20how%20long%20each%20category%20of%20personal%20data%20is%20stored%2C%20or%20the%20criteria%20used%20to%20make%20this%20decision%2C%20in%20accordance%20with%20the%20storage%20limitation%20principle%20and%20Article%2015%281%29%28d%29.%0A%0ASubmission%20Form%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0A%2A%2APlease%20note%20that%20it%20is%20not%20legal%20to%20require%20data%20subjects%20to%20use%20an%20%20in-house%20form%2A%2A.%20%28see%20for%20instance%20UK%20Information%20Commissioner%E2%80%99s%20Office%2C%20%E2%80%98Subject%20Access%20Code%20of%20Practice%E2%80%99%20%289%20June%202017%29%20p%2013%3B%20Information%20Commissioner%E2%80%99s%20Office%2C%20%E2%80%98Guide%20to%20the%20GDPR%3A%20Right%20to%20access%E2%80%99%20%2822%20May%202019%29%2C%20stating%20that%20%27even%20if%20you%20have%20a%20form%2C%20you%20should%20note%20that%20a%20subject%20access%20request%20is%20valid%20if%20it%20is%20submitted%20by%20any%20means%2C%20so%20you%20will%20still%20need%20to%20comply%20with%20any%20requests%20you%20receive%20in%20a%20letter%2C%20a%20standard%20email%20or%20verbally%20%5B..%5D%20although%20you%20may%20invite%20individuals%20to%20use%20a%20form%2C%20you%20must%20make%20it%20clear%20that%20it%20is%20not%20compulsory%27%29%0A%0AFurther%20assistance%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AIf%20you%20do%20not%20normally%20deal%20with%20these%20requests%2C%20please%20pass%20this%20email%20to%20your%20Data%20Protection%20Officer.%20If%20you%20need%20advice%20on%20dealing%20with%20this%20request%2C%20any%20European%20Data%20Protection%20Authority%20should%20be%20able%20to%20provide%20you%20with%20assistance.%20%0AIn%20accordance%20with%20the%20law%2C%20I%20look%20forward%20to%20hearing%20from%20you%20within%20one%20month%20of%20receipt.%0A%0ARegards%2C%0A%0A%3C%3C%20FIRST_NAME%20LAST_NAME%20%3E%3E