Page Contents

Answer

When you provide your personal data, you must receive, among other things, information about:

  • the name of the company or organisation that is processing your data (including the contact details of the DPO, if there is one);
  • the purposes for which the company/organisation will use your data;
  • the categories of personal data concerned;
  • the legal basis for processing your personal data;
  • the length of time for which your data will be stored;
  • other companies/organisations that will receive your data;
  • whether data will be transferred outside the EU;
  • your basic rights in the field of data protection (for example, the right to access and transfer data or have it removed);
  • the right to lodge a complaint with a Data Protection Authority (DPA);
  • the right to withdraw your consent at any time;
  • the existence of automated decision-making and the logic involved, including the consequences thereof.

The information should be presented in a concise, transparent, intelligible way and drafted in clear and plain language.

References

  • Articles 12 and 13 and Recitals (60) to (62) of the GDPR
  • Article 29 Working Party Guidelines on transparency under Regulation (EU) 2016/679 (WP 260)