Web portal  Search:
 
 
ESCastellano UKEnglish FRFrançais CACatalà GAGalego EUEuskara
Log in

Online portal

No hay subtitulo

Online portal
Return Print

Data protection rights

Data protection regulations allow any person to exercise their rights of access, rectification, deletion, and data portability, as well as the right to object, restrict processing, and not be subject to decisions based solely on the automated processing of their data.

Right of Access

The affected person has the right to be informed:

  • of the purposes of the processing, the categories of personal data processed, and any possible data communications and their recipients
  • of the data retention period, if possible. If not, the criteria used to determine this period
  • of the right to request rectification or deletion of data, restriction of processing, or to object to it
  • of the right to file a complaint with the supervisory authority
  • to obtain, when personal data has not been collected from the individual, any available information about its origin
  • to receive information on the appropriate safeguards if an international data transfer occurs
  • to obtain a copy of the processed data
  • of the existence of automated decisions (including profiling), the logic applied, and the consequences of such processing.

This must be distinguished from the right of access to administrative records regulated by Law 39/2015 of October 1, on the common administrative procedure of public administrations, as well as the right of access regulated in Law 19/2013 of December 9, on transparency, access to public information, and good governance.

Right to Rectification

The affected person has the right to obtain, without undue delay, from the data controller the rectification of inaccurate personal data, as well as the completion of incomplete personal data, even through an additional declaration.

Right to Erasure (Right to be Forgotten)

The affected person may request the deletion of personal data when any of the circumstances provided for in the legislation occur, particularly when the purpose that justified the processing ceases to exist or when the personal data has been processed unlawfully.
This right is excluded in cases where it must prevail for the fulfillment of a mission carried out in the public interest or in the exercise of public powers granted to the controller.

Right to Restriction of Processing

This allows the affected person to obtain from the data controller the restriction of data processing when:

  • the accuracy of the data is contested, while the controller verifies its accuracy
  • the processing is unlawful, but the individual requests restriction of its use instead of deletion
  • the controller no longer needs the data for processing purposes, but the individual requires it for the exercise of a legal claim
  • the affected person has exercised their right to object to the processing, while it is verified whether the controller’s legitimate reasons override those of the affected person

Right to Data Portability

The data subject has the right to receive their personal data from the data controller in a structured, commonly used, and machine-readable format, or to request its transfer to another data controller where technically feasible.

Right to Object

The affected person may object to processing:

  • When, for reasons related to their personal situation, data processing must cease unless a legitimate interest is demonstrated that prevails over the interests, rights, and freedoms of the data subject, or it is necessary for the establishment, exercise, or defense of legal claims.
  • When the processing is intended for direct marketing purposes.

Procedure for Exercising GDPR Rights

Return Print