Template tests
This is a Text template.
This is a Test template.
ParserFunctions
Templating through ParserFunctions works if this *does not* display code, only text (both options show the 'if' is processed):
Scribunto
This *should not* display code: Script error: No such module "Bananas".
(attempting to follow instructions here, with Module:Bananas already created normally)
Youtube
Access
Deliveroo
Dear Deliveroo,
This is a transparency request under the General Data Protection Regulation, including a subject access request, a portability request, and other specific provisions. **Please note that it is not legal to require data subjects to use an in-house form**. (see for instance UK Information Commissioner’s Office, ‘Subject Access Code of Practice’ (9 June 2017) p 13; Information Commissioner’s Office, ‘Guide to the GDPR: Right to access’ (22 May 2019), stating that 'even if you have a form, you should note that a subject access request is valid if it is submitted by any means, so you will still need to comply with any requests you receive in a letter, a standard email or verbally [..] although you may invite individuals to use a form, you must make it clear that it is not compulsory')
I would like to request a copy of all my personal data held and/or undergoing processing. This is both a subject access request and a portability request.
Copies of my personal data
==============
This request covers all my personal data and in particular the following which your privacy documentation mentions:
- geolocation data ; - performance score ; - user account data ; - profiling information ; - telephone number ; - food order data .
Article 20
For data falling within the right to data portability (GDPR, art 20), which includes all data I have provided *and* which have been indirectly observed about me (Article 29 Working Party, *Guidelines on the Right to Data Portability (WP 242)*, 13 December 2016, 8) and where lawful bases for processing include consent or contract, I wish to have that data:
- **sent to me in commonly used, structured, machine-readable format**, such as a CSV file. A PDF is not a machine-readable format (Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ WP260 rev.01, 11 April 2018).
- accompanied with an **intelligible description of all variables.**
Article 15
For all personal data not falling within portability, I would like to request, under the right to access (GDPR, art 15):
- **a copy sent to me in electronic format**. This includes any data derived about me, such as opinions, inferences, settings and preferences. (Note that opinions, inferences and the like are considered personal data. See Case C‑434/16 *Peter Nowak v Data Protection Commissioner* [2017] ECLI:EU:C:2017:994, 34.) For data that is available to the controller in machine readable format, it must be provided to me in that form in accordance with the principle of fairness and provision of data protection by design.
If your organisation considers me a controller for whom you process
Furthermore, if your business considers me the controller of any personal data for which your business acts as processor, please provide me **with all the data you process on my behalf in machine readable format** in accordance with your obligation to respect my to determination of the means and purposes of processing.
Metadata on processing
==========
This request also includes the metadata I am entitled to under the GDPR.
Information on controllers, processors, source and transfers
- The **identity of all joint controllers** of my personal data, as well as the essence of you contracts with them (Article 26).
- Any **third parties to whom data has been disclosed**, named with contact details in accordance with Article 15(1)(c). Please note that the European data protection regulators have stated that by default, controllers should name precise recipients and not "categories" of recipients. If they do choose to name categories, they must justify why this is fair, and be specific, naming "the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients. ( Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ WP260 rev.01, 11 April 2018 ) Please note that in the case of any transferred data processed on the basis of consent, there is no option to just name categories of recipients without invalidating that legal basis (Article 29 Working Party, ‘Guidelines on Consent under Regulation 2016/679’ (WP259 rev.01, 10 April 2018) 13).
- If any data was not collected, observed or inferred from me directly, please provide precise information about **the source of that data**, including the name and contact email of the data controller(s) in question ("from which source the personal data originate", Article 14(2)(f)/15(1)(g)).
- Please confirm where my personal data is physically stored (including backups) and at the very least **whether it has exited the EU at any stage (if so, please also detail the legal grounds and safeguards for such data transfers)**.
Information on purposes and legal basis
- All **processing purposes and the lawful basis for those purposes by category of personal data**. This list must be broken down by purpose, lawful basis aligned to purposes, and categories of data concerned aligned to purposes and lawful bases. Separate lists where these three factors do not correspond are not acceptable (Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ (WP260 rev.01, 11 April 2018), page 35. ). A table may be the best way to display this information.
- The **specified legitimate interest** where legitimate interest is relied upon (Article 14(2)(b)).
Information on automated decision-making
- Please confirm whether or not you make any automated decisions (within the meaning of Article 22, GDPR). If the answer is yes, please provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me. (Article 15(1)(h))
Information on storage
- Please confirm for how long each category of personal data is stored, or the criteria used to make this decision, in accordance with the storage limitation principle and Article 15(1)(d).
If you do not normally deal with these requests, please pass this email to your Data Protection Officer. If you need advice on dealing with this request, any European Data Protection Authority should be able to provide you with assistance.
In accordance with the law, I look forward to hearing from you within one month of receipt.
Regards,
<< FIRST_NAME LAST_NAME >>
Uber
Dear Uber,
This is a transparency request under the General Data Protection Regulation, including a subject access request, a portability request, and other specific provisions. **Please note that it is not legal to require data subjects to use an in-house form**. (see for instance UK Information Commissioner’s Office, ‘Subject Access Code of Practice’ (9 June 2017) p 13; Information Commissioner’s Office, ‘Guide to the GDPR: Right to access’ (22 May 2019), stating that 'even if you have a form, you should note that a subject access request is valid if it is submitted by any means, so you will still need to comply with any requests you receive in a letter, a standard email or verbally [..] although you may invite individuals to use a form, you must make it clear that it is not compulsory')
I would like to request a copy of all my personal data held and/or undergoing processing. This is both a subject access request and a portability request.
Copies of my personal data
==============
This request covers all my personal data and in particular the following which your privacy documentation mentions:
- accelerometer ; - IP address ; - battery level ; - user account ; - telephone number ; - user star rating ; - performance score ; - address book ; - vehicle data ; - driver dispatching data (as collected when I was in the rider role, possibly with some geolocation noise introduced for privacy considerations); - user onboarding data ; - driver trip data (as collected when I was a driver, for the entire duration of my work with Uber); - rider trip data (as collected when I was a rider, for the entire duration of my use of Uber); - zendesk tickets ; - driver geolocation data ; - rider geolocation data ; - driver status data ; - rider matching data (including unmatched rider data, as collected when I was in the role of driver, and possibly anonymized through aggregation); - driver star rating ; - zendesk tags ; - user experiment information ; - internal discussions (about me); - driver dispatching data (when I was acting in the role of driver); - rider dispatching data (when I was acting in the role of rider); - rider dispatching data (as collected when I was in the driver role, possibly with some geolocation noise introduced for privacy considerations); - driver matching data (including unmatched driver data, as collected when I was in the role of rider, and possibly anonymized through aggregation); - driver matching data (as collected when I was in the role of driver); - e-mail notifications ; - push notifications ; - driver trip data (as collected when I was a rider, possibly with additional geolocation noise added to preserve privacy of the driver); - rider trip data (as collected when I was a driver, possibly with additional geolocation noise added to preserve privacy of the rider); - device information ; - user interaction data ; - telematics data ; - activity recognition data ; - information extracted from identity document ; - Customer Obsession Ticket Assistance data ; - contract (including various versions); - exchanges with the back office .
Article 20
For data falling within the right to data portability (GDPR, art 20), which includes all data I have provided *and* which have been indirectly observed about me (Article 29 Working Party, *Guidelines on the Right to Data Portability (WP 242)*, 13 December 2016, 8) and where lawful bases for processing include consent or contract, I wish to have that data:
- **sent to me in commonly used, structured, machine-readable format**, such as a CSV file. A PDF is not a machine-readable format (Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ WP260 rev.01, 11 April 2018).
- accompanied with an **intelligible description of all variables.**
Article 15
For all personal data not falling within portability, I would like to request, under the right to access (GDPR, art 15):
- **a copy sent to me in electronic format**. This includes any data derived about me, such as opinions, inferences, settings and preferences. (Note that opinions, inferences and the like are considered personal data. See Case C‑434/16 *Peter Nowak v Data Protection Commissioner* [2017] ECLI:EU:C:2017:994, 34.) For data that is available to the controller in machine readable format, it must be provided to me in that form in accordance with the principle of fairness and provision of data protection by design.
If your organisation considers me a controller for whom you process
Furthermore, if your business considers me the controller of any personal data for which your business acts as processor, please provide me **with all the data you process on my behalf in machine readable format** in accordance with your obligation to respect my to determination of the means and purposes of processing.
Metadata on processing
==========
This request also includes the metadata I am entitled to under the GDPR.
Information on controllers, processors, source and transfers
- The **identity of all joint controllers** of my personal data, as well as the essence of you contracts with them (Article 26).
- Any **third parties to whom data has been disclosed**, named with contact details in accordance with Article 15(1)(c). Please note that the European data protection regulators have stated that by default, controllers should name precise recipients and not "categories" of recipients. If they do choose to name categories, they must justify why this is fair, and be specific, naming "the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients. ( Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ WP260 rev.01, 11 April 2018 ) Please note that in the case of any transferred data processed on the basis of consent, there is no option to just name categories of recipients without invalidating that legal basis (Article 29 Working Party, ‘Guidelines on Consent under Regulation 2016/679’ (WP259 rev.01, 10 April 2018) 13).
- If any data was not collected, observed or inferred from me directly, please provide precise information about **the source of that data**, including the name and contact email of the data controller(s) in question ("from which source the personal data originate", Article 14(2)(f)/15(1)(g)).
- Please confirm where my personal data is physically stored (including backups) and at the very least **whether it has exited the EU at any stage (if so, please also detail the legal grounds and safeguards for such data transfers)**.
Information on purposes and legal basis
- All **processing purposes and the lawful basis for those purposes by category of personal data**. This list must be broken down by purpose, lawful basis aligned to purposes, and categories of data concerned aligned to purposes and lawful bases. Separate lists where these three factors do not correspond are not acceptable (Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ (WP260 rev.01, 11 April 2018), page 35. ). A table may be the best way to display this information.
- The **specified legitimate interest** where legitimate interest is relied upon (Article 14(2)(b)).
Information on automated decision-making
- Please confirm whether or not you make any automated decisions (within the meaning of Article 22, GDPR). If the answer is yes, please provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me. (Article 15(1)(h))
Information on storage
- Please confirm for how long each category of personal data is stored, or the criteria used to make this decision, in accordance with the storage limitation principle and Article 15(1)(d).
I understand that according to Article 11 GDPR, and particularly Art 11.2, you might need additional information to identify me for the purpose of this request. The following information should help you locate my personal data:
- e-mail address: << ADD VALUE >>; - driver star rating: << ADD VALUE >>; - rider star rating: << ADD VALUE >>.
If you do not normally deal with these requests, please pass this email to your Data Protection Officer. If you need advice on dealing with this request, any European Data Protection Authority should be able to provide you with assistance.
In accordance with the law, I look forward to hearing from you within one month of receipt.
Regards,
<< FIRST_NAME LAST_NAME >>
Direct emails
Mailto
mailto:destination@example.com?subject=this%20is%20a%20subject&body=this%20is%20a%20body