With regard to the processing of personal data, the data subject must be provided with the information specified in the GDPR in a concise, comprehensible and easily accessible form. This is often done in the form of privacy statements, which are published, for example, on the organisation's website.
Where personal data have not been collected from the data subject himself, the descriptions shall state, in addition to the basic content:
Whenever we process personal data, the data subject has certain rights, e.g. gain access to their data and, in certain situations, oppose processing or have their data deleted.
We have planned procedures for handling data subject requests, which may include e.g.: