Template:MailtoAccess

From Wikibase Personal data
Revision as of 22:00, 25 March 2019 by 172.20.0.1 (talk)
Jump to navigation Jump to search

?subject=Access+Request&body=Dear+%2C%0A%0AThis+is+a+transparency+request+under+the+General+Data+Protection+Regulation%2C+including+a+subject+access+request%2C+a+portability+request%2C+and+other+specific+provisions.+%2A%2APlease+note+that+it+is+not+legal+to+require+data+subjects+to+use+an++in-house+form%2A%2A.+%28see+for+instance+UK+Information+Commissioner%E2%80%99s+Office%2C+%E2%80%98Subject+Access+Code+of+Practice%E2%80%99+%289+June+2017%29+p+13%3B+Information+Commissioner%E2%80%99s+Office%2C+%E2%80%98Guide+to+the+GDPR%3A+Right+to+access%E2%80%99+%2822+May+2019%29%2C+stating+that+%27even+if+you+have+a+form%2C+you+should+note+that+a+subject+access+request+is+valid+if+it+is+submitted+by+any+means%2C+so+you+will+still+need+to+comply+with+any+requests+you+receive+in+a+letter%2C+a+standard+email+or+verbally+%5B..%5D+although+you+may+invite+individuals+to+use+a+form%2C+you+must+make+it+clear+that+it+is+not+compulsory%27%29%0A%0AI+would+like+to+request+a+copy+of+all+my+personal+data+held+and%2For+undergoing+processing.+This+is+both+a+subject+access+request+and+a+portability+request.%0A%0ACopies+of+my+personal+data%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AThis+request+covers+all+my+personal+data+%0A%0AArticle+20%0A----------%0AFor+data+falling+within+the+right+to+data+portability+%28GDPR%2C+art+20%29%2C+which+includes+all+data+I+have+provided+%2Aand%2A+which+have+been+indirectly+observed+about+me+%28Article+29+Working+Party%2C+%2AGuidelines+on+the+Right+to+Data+Portability+%28WP+242%29%2A%2C+13+December+2016%2C+8%29+and+where+lawful+bases+for+processing+include+consent+or+contract%2C+I+wish+to+have+that+data%3A%0A%0A-+++%2A%2Asent+to+me+in+commonly+used%2C+structured%2C+machine-readable+format%2A%2A%2C+such+as+a+CSV+file.+A+PDF+is+not+a+machine-readable+format+%28Article+29+Working+Party%2C+%E2%80%98Guidelines+on+Transparency+under+Regulation+2016%2F679%E2%80%99+WP260+rev.01%2C+11+April+2018%29.%0A%0A-+++accompanied+with+an+%2A%2Aintelligible+description+of+all+variables.%2A%2A%0A%0AArticle+15%0A----------%0AFor+all+personal+data+not+falling+within+portability%2C+I+would+like+to+request%2C+under+the+right+to+access+%28GDPR%2C+art+15%29%3A%0A%0A-+++%2A%2Aa+copy+sent+to+me+in+electronic+format%2A%2A.+This+includes+any+data+derived+about+me%2C+such+as+opinions%2C+inferences%2C+settings+and+preferences.+%28Note+that+opinions%2C+inferences+and+the+like+are+considered+personal+data.+See+Case+C%E2%80%91434%2F16+%2APeter+Nowak+v+Data+Protection+Commissioner%2A+%5B2017%5D+ECLI%3AEU%3AC%3A2017%3A994%2C+34.%29++For+data+that+is+available+to+the+controller+in+machine+readable+format%2C+it+must+be+provided+to+me+in+that+form+in+accordance+with+the+principle+of+fairness+and+provision+of+data+protection+by+design.%0A%0AIf+your+organisation+considers+me+a+controller+for+whom+you+process%0A-------------------------------------------------------------------%0AFurthermore%2C+if+your+business+considers+me+the+controller+of+any+personal+data+for+which+your+business+acts+as+processor%2C+please+provide+me+%2A%2Awith+all+the+data+you+process+on+my+behalf+in+machine+readable+format%2A%2A+in+accordance+with+your+obligation+to+respect+my+to+determination+of+the+means+and+purposes+of+processing.%0A%0A%0AMetadata+on+processing%0A%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0AThis+request+also+includes+the+metadata+I+am+entitled+to+under+the+GDPR.%0A%0AInformation+on+controllers%2C+processors%2C+source+and+transfers%0A------------------------------------------------------------%0A%0A-+The+%2A%2Aidentity+of+all+joint+controllers%2A%2A+of+my+personal+data%2C+as+well+as+the+essence+of+you+contracts+with+them+%28Article+26%29.%0A%0A%0A-+Any+%2A%2Athird+parties+to+whom+data+has+been+disclosed%2A%2A%2C+named+with+contact+details+in+accordance+with+Article+15%281%29%28c%29.+Please+note+that+the+European+data+protection+regulators+have+stated+that+by+default%2C+controllers+should+name+precise+recipients+and+not+%22categories%22+of+recipients.+If+they+do+choose+to+name+categories%2C+they+must+justify+why+this+is+fair%2C+and+be+specific%2C+naming+%22the+type+of+recipient+%28i.e.+by+reference+to+the+activities+it+carries+out%29%2C+the+industry%2C+sector+and+sub-sector+and+the+location+of+the+recipients.+%28+Article+29+Working+Party%2C+%E2%80%98Guidelines+on+Transparency+under+Regulation+2016%2F679%E2%80%99+WP260+rev.01%2C+11+April+2018+%29+Please+note+that+in+the+case+of+any+transferred+data+processed+on+the+basis+of+consent%2C+there+is+no+option+to+just+name+categories+of+recipients+without+invalidating+that+legal+basis+%28Article+29+Working+Party%2C+%E2%80%98Guidelines+on+Consent+under+Regulation+2016%2F679%E2%80%99+%28WP259+rev.01%2C+10+April+2018%29+13%29.%0A%0A-+If+any+data+was+not+collected%2C+observed+or+inferred+from+me+directly%2C+please+provide+precise+information+about+%2A%2Athe+source+of+that+data%2A%2A%2C+including+the+name+and+contact+email+of+the+data+controller%28s%29+in+question+%28%22from+which+source+the+personal+data+originate%22%2C+Article+14%282%29%28f%29%2F15%281%29%28g%29%29.%0A%0A-+Please+confirm+where+my+personal+data+is+physically+stored+%28including+backups%29+and+at+the+very+least+%2A%2Awhether+it+has+exited+the+EU+at+any+stage+%28if+so%2C+please+also+detail+the+legal+grounds+and+safeguards+for+such+data+transfers%29%2A%2A.%0A%0AInformation+on+purposes+and+legal+basis%0A---------------------------------------%0A%0A-+All+%2A%2Aprocessing+purposes+and+the+lawful+basis+for+those+purposes+by+category+of+personal+data%2A%2A.+This+list+must+be+broken+down+by+purpose%2C+lawful+basis+aligned+to+purposes%2C+and+categories+of+data+concerned+aligned+to+purposes+and+lawful+bases.+Separate+lists+where+these+three+factors+do+not+correspond+are+not+acceptable+%28Article+29+Working+Party%2C+%E2%80%98Guidelines+on+Transparency+under+Regulation+2016%2F679%E2%80%99+%28WP260+rev.01%2C+11+April+2018%29%2C+page+35.%0A%29.+A+table+may+be+the+best+way+to+display+this+information.%0A%0A-+The+%2A%2Aspecified+legitimate+interest%2A%2A+where+legitimate+interest+is+relied+upon+%28Article+14%282%29%28b%29%29.%0A%0AInformation+on+automated+decision-making+%0A----------------------------------------%0A-+Please+confirm+whether+or+not+you+make+any+automated+decisions+%28within+the+meaning+of+Article+22%2C+GDPR%29.+If+the+answer+is+yes%2C+please+provide+meaningful+information+about+the+logic+involved%2C+as+well+as+the+significance+and+the+envisaged+consequences+of+such+processing+for+me.+%28Article+15%281%29%28h%29%29%0A%0AInformation+on+storage%0A----------------------%0A-+Please+confirm+for+how+long+each+category+of+personal+data+is+stored%2C+or+the+criteria+used+to+make+this+decision%2C+in+accordance+with+the+storage+limitation+principle+and+Article+15%281%29%28d%29.%0A%0A%0A%0A%0AIf+you+do+not+normally+deal+with+these+requests%2C+please+pass+this+email+to+your+Data+Protection+Officer.+If+you+need+advice+on+dealing+with+this+request%2C+any+European+Data+Protection+Authority+should+be+able+to+provide+you+with+assistance.+%0A%0AIn+accordance+with+the+law%2C+I+look+forward+to+hearing+from+you+within+one+month+of+receipt.%0A%0ARegards%2C%0A%0A%3C%3C+FIRST_NAME+LAST_NAME+%3E%3E

Retrieved from "https://wiki.personaldata.io/w/index.php?title=Template:MailtoAccess&oldid=1888"