One of the legal grounds for lawful processing of personal data is the implementation of the data controller or a third party's legitimate interests. To determine when a legitimate interest is justified, a so-called balance test is done to weigh controller or a third party interest against the basic rights of the data subject.
When our processing based on a legitimate interest, we document the implementation of the balancing test and its results so that, if necessary, we can demonstrate that our operations comply with GDPR.
Whenever we process personal data, the data subject has certain rights, e.g. gain access to their data and, in certain situations, oppose processing or have their data deleted.
We have planned procedures for handling data subject requests, which may include e.g.: