Data subject rights are based on the EU fundamental right to data protection and are defined in more detail in the General Data Protection Regulation (GDPR). As a data subject, you have the following rights, which you can assert against the controller who processes your personal data (i.e., for example, against a public authority):
Right of access
You have the right to request confirmation from the controller as to whether personal data about you is being processed at all. If this is the case, you have a right to information about this personal data and to further information such as in particular
- the purposes of processing,
- the categories of personal data that have been processed,
- the recipients or categories of recipients to whom this data has been or will be disclosed,
- the planned duration for which this data will be stored,
- the existence of a right to rectification or erasure or restriction of processing,
- the existence of a right of appeal to a data protection supervisory authority,
- if applicable, information about the origin of the data and
- The existence of automated decision-making.
Right to rectification
You have the right to request rectification from the controller without undue delay if you discover that your data is inaccurate.
Right to erasure
You have the right to request the deletion of your data from the person responsible if, for example
- the data is no longer necessary for the purposes for which it was collected, or
- you revoke a given consent and no other legal basis for the processing is apparent.
Right to restriction of processing
You have the right to request the controller to restrict the processing of your data, for example, if
- the accuracy of your data still needs to be verified,
- the processing is unlawful, but you do not request the erasure of the data, but only the restriction of its use, or
- the controller no longer needs the data for the purposes of processing, but you still need it to assert, exercise or defend legal claims.
Right of objection
You have the right to object to the processing of your data at any time, provided that your data is required for the performance of a task which is in the public interest or in the exercise of official authority. In doing so, you must explain the particular personal situation in order to justify the request.