GDPR

GDPR

The GDPR provides for a number of rights of persons whose data is processed by the Data Administrator, including:

  1. The right to access data – the data controller is obliged to take the following actions towards the data subject:
    1. confirmation whether it processes data relating to this person;
    2. providing information regarding: the purpose of data processing, the categories of data processed; recipients or their categories; the period for which the administrator will store the data (or the basis for determining it); your rights, i.e. rectification, deletion, restriction of processing, objection; the right to complain to the President of the Personal Data Protection Office; data sources; automated data processing and profiling; transfer of data outside the European Economic Area and the security measures used for this purpose;
    3. granting access to data;
    4. providing a copy of the processed data.
  2. The right to rectify data - any person whose data is processed by the administrator may request in accordance with Art. 16 GDPR to immediately correct any incorrect data concerning you. Moreover, the data subject has the possibility to ask the controller to complete incomplete personal data.
  3. The right to be forgotten - the data subject may request the administrator (in accordance with Article 17 of the GDPR) to immediately delete his or her data in certain specific cases:
    1. the data is no longer necessary for the purposes for which it was collected or otherwise processed;
    2. consent to data processing by the data subject has been withdrawn and there is no other legal basis;
    3. an objection to the processing has been raised and there are no other overriding legitimate grounds for this process or an objection has been raised to the processing of data for direct marketing purposes;
    4. personal data were processed unlawfully;
    5. the personal data must be deleted due to a legal obligation under Union law or the law of the Member State to which the controller is subject;
    6. the data were collected in connection with offering information society services directly to children.
    This right creates a number of obligations on the administrator's part:
    1. obligation to delete data;
    2. in the case of transfer of data - the obligation to inform recipients about their deletion;
    3. in the event of data being made public - the obligation to demand that other administrators delete this data;
    4. in the event of such a request by the person requesting the deletion of his or her data - inform about the recipients to whom the data subject to deletion was transferred by him.
    5. the data were collected in connection with offering information society services directly to children.
  4. The right to limit processing – the data subject may request restriction of the processing of this data when:
    1. questions their correctness - for a period enabling the administrator to verify the correctness of these data;
    2. the processing of the data is unlawful and the data subject objects to their deletion;
    3. the administrator no longer needs personal data for processing purposes, however, the data is needed by the data subject to establish, pursue or defend claims;
    4. has objected to the processing - until it is determined whether there are legally justified grounds on the part of the administrator, and if so, whether they override the grounds for objection.
    If this right is exercised, the data of the data subject are only stored by the administrator in order to limit their future processing.
  5. The right to transfer data - this right gives the possibility for a person to obtain personal data relating to him in a structured, commonly used, machine-readable format and send them to another administrator, without any obstacles from the current administrator.
  6. The right to object - pursuant to this right, the data subject may object to their processing. The result of a justified objection will be the cessation of the processing of personal data covered by the objection. It should be noted that an objection to processing can only be submitted in two cases: due to the special situation of the data subject and when opposing direct marketing. In the event of an effective objection to the obligation to discontinue data processing, the Administrator can demonstrate:
    1. the existence of valid, legitimate grounds for the processing of data that override the interests, rights and freedoms of the person;
    2. existence of grounds for establishing, pursuing or defending claims;
    3. processing is necessary to perform a task carried out in the public interest.