Subject Access Request
DATA SUBJECT ACCESS REQUESTS
(Subject Access Request-SAR)
- According to the General Regulation on the Protection of Personal Data (EU) 2016/679, GDPR which came into effect on May 25, 2018, and based on the Personal Data Protection Policy implemented by Enterprise Aikaterini Petropoulou & Co. , each Natural Person ( P.P. ) has the following information rights, which can be exercised and the Company can respond immediately without putting the P.P. in a disadvantageous position.
- In matters of objectivity, legality and transparency in the processing of his Personal Data ( PD ) by the Company.
- To the purpose for which they are processed and to the minimization of the data processed.
- In the accuracy of the data maintained and processed by the Company and concerning the subject of the data.
- In limiting the storage time of P.D.
- To the extent of security and protection of the P.D. from unauthorized use. 2. The Data Subject Access Request ( Subject Access Request – SAR ) which is available here is a means for the FP to find out what data the Business holds on its behalf, why it holds it, and with whom it shares it
- VALIDITY 3. To be valid, the Access Request must be made in writing and sent by mail (post or email ). The data that the subject can request is specified in Paragraph B2 of Chapter 3 of the Personal Data Protection Policy. 4. Once the subject submits an Access Request, the data subject may be asked to confirm his identity through some basic information that will be required by the Business before sending the response regarding his P.D.
- In the event that someone requests a P.D., he must present an authorization with a signature certified by a public authority in which the P.D. authorizes him to carry out a request on his behalf. And in this case, the Company will contact the directly interested party about their personal data before contacting the authorized person. D. _ CHARGES PER REQUEST 6. This provision will be made without any financial burden, unless his request is manifestly unfounded or abusive. If the individual requests further copies of this information from the Company, a reasonable administrative fee may be incurred. E. _ DATA PROVIDED 7. The Company as a Data Processor will provide all the information it has at its disposal, which the FP has requested and is entitled by law to receive. The provisions of the GDPR define what a DPO can receive: 8. The data subject will have the right to receive from the data controller confirmation as to whether their personal data exists and is being processed. 9. In the event that this is confirmed, he will have access to the following P.D.:
- Purposes of processing . _ _
- Categories of P.D. that concern it.
- The categories of recipients of the PD in case the Company transfers them to someone else for processing and especially if their data goes outside the country or to non-domestic organizations.
- Where possible the intended retention time of the P.D. of the F.P. or alternatively, if this is not possible, the criteria on the basis of which the retention time has been defined.
- The existence of the right to request the controller to correct, delete, limit or refuse the processing of his personal data.
- The right to lodge a complaint/complaint with the national personal data supervisory authority www . dpa . Gr
- In the event that the data controller does not collect the data from the VAT itself, the source from which it collects the data concerning the VAT.
- The case of the existence of an automated decision-making system, including as defined in the corresponding articles of the General Regulation ( GDPR ) and in these cases information related to the reasoning, the importance, but also the possible consequences for the subject of the specific processing.