The data subject shall have the right to obtain the personal data provided to the controller in a structured, commonly used and machine-readable form and, if he so wishes, to transfer such data to another controller. This can mean, for example, a way to download data added to a web service at a time in a general format (eg XLS, XML, JSON).

The right applies when the following conditions are met:

• personal data is processed automatically
• the personal data concern the data subject and are provided by her
• the processing of personal data is based on consent or agreement
• when the transfer of data does not adversely affect the rights and freedoms of third parties

The right does not cover data that have been generated by the controller himself on the basis of data provided by the data subject (e.g. health assessments) or that have been compiled from the analysis of data generated from the data subject's monitoring (such as profiling).

Our organization is aware of situations where the data subject has the right to transfer their data. We have designed policies for these situations, which may include e.g.:

• the ways in which the data subject may request the transfer of data
• the means by which the identity of the sender of the request for information is verified
• the forms in which the information is provided to the data subject
• ways in which the data subject is informed