When you provide your personal data, you must receive, among other things, information about:
- the name of the company or organisation that is processing your data (including the contact details of the DPO, if there is one);
- the purposes for which the company/organisation will use your data;
- the categories of personal data concerned;
- the legal basis for processing your personal data;
- the length of time for which your data will be stored;
- other companies/organisations that will receive your data;
- whether data will be transferred outside the EU;
- your basic rights in the field of data protection (for example, the right to access and transfer data or have it removed);
- the right to lodge a complaint with a Data Protection Authority (DPA);
- the right to withdraw your consent at any time;
- the existence of automated decision-making and the logic involved, including the consequences thereof.
The information should be presented in a concise, transparent, intelligible way and drafted in clear and plain language.
- Articles 12 and 13 and Recitals (60) to (62) of the GDPR
- Article 29 Working Party Guidelines on transparency under Regulation (EU) 2016/679 (WP 260)