Data Subject Access Request
LexAble complies with Article 15 of the General Data Protection Regulation(GDPR) and the rights of the Data Subject with regard to personal data that we may store about them.
Article 15 includes (but is not limited to) the requirement of the Data Controller (where LexAble is the Data Controller) to provide the Data Subject with information relating to:
- the purposes of our processing;
- the categories of personal data concerned;
- the recipients or categories of recipient we disclose the personal data to;
- our retention period for storing the personal data or, where this is not possible, our criteria for determining how long we will store it;
- the existence of their right to request rectification, erasure or restriction or to object to such processing;
- the right to lodge a complaint with the ICO in the UK or the Data Protection Acts of states in the USA, PIPEDA in Canada, The Privacy Act (1988) in Australia, The Privacy Act (1993) in New Zealand or another supervisory authority in territories in which we operate;
- information about the source of the data, where it was not obtained directly from the individual;
- the existence of automated decision-making (including profiling); and
- the safeguards we provide if we transfer personal data to a third country or international organisation.
We may be providing much of this information already in our privacy notice.
LexAble will fulfil a Data Subject Access Request within 40 days of the request being received or will provide information explaining why the request cannot be fulfilled such as those restrictions described in Article 23.