- Napreden AI iskalnik za hitro iskanje primerov
- Dostop do celotne evropske in slovenske sodne prakse
- Samodejno označevanje ključnih relevantnih odstavkov
Podobni dokumenti
Ogledaj podobne dokumente za vaš primer.Prijavi se in poglej več podobnih dokumentov
Questions regarding the exercise of the right to access personal data
Z nami najdeš vse. Preizkusi zdaj!
Samo zamislim si kaj bi rada da piše v sodbi, to vpišem v iskalnik, in dobim kar sem iskala. Hvala!
Tara K., odvetnica
Questions regarding the exercise of the right to access personal data
Datum
26.09.2024
Številka
07121-1/2024/1118
Kategorije
Pravica do seznanitve z lastnimi osebnimi podatki
The Information Commissioner of the Republic of Slovenia (Slovenian SA) has received your e-mail regarding the cyber security incidents you were a victim of. Specifically, you would like to know more about the procedure for exercising your right to access personal data.
***
As a preliminary remark, the Slovenian SA emphasizes that it cannot assess the lawfulness of personal data processing or potential infringements of data subjects' rights outside of an inspection or other administrative procedure. Therefore, we only provide general explanations and legal background in response to your questions.
According to Article 15 of the Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR), every individual whose personal data is being processed has a right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
“(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.”
According to Article 15(3) GDPR “the controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.”
The controller has to provide access to personal data and information under Article 15 without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
It is important to emphasize that the data subject should request access to their personal data from the controller that processes (or is supposedly processing) it. Therefore, the Slovenian SA cannot provide the data subject with information on personal data processed by other controllers. The Slovenian SA can only provide access to personal data and information that it processes itself. The Slovenian SA recommends that you submit a written request (e.g., via email) to the specific controller. In the request, the data subject should be as specific as possible regarding the requested personal data or information (e.g., specifying the categories of data requested and the time period of data processing).
If the controller refuses the data subject's request to access personal data or does not reply to the request within one month, the data subject can file a complaint with the national supervisory authority for data protection. Data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. You can find a list of all competent supervisory authorities in the EU here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
Kind regards,
dr. Jelena Virant Burnik, Information Commissioner of the Republic of Slovenia
Prepared by
Neja Domnik, State Supervisor for Personal Data Protection