Your Data Rights
This page explains the rights you have over your personal data under the EU General Data Protection Regulation (GDPR), and how to exercise them with AXIOMA. A request to exercise these rights is commonly called a Data Subject Access Request, or DSAR.
This page describes your rights and our process. For details of what data we collect, why, on which legal basis and how long we keep it, see our Privacy Notice.
Last updated: [TO BE ADDED: date]
Who handles your request
The controller responsible for your personal data is [TO BE ADDED: registered company name], established at [TO BE ADDED: EU establishment address]. You can contact us about any of the rights below, or about how we handle your data, at:
- Email: info@axiomagdpr.com
- Data protection contact: [TO BE ADDED: DPO contact, if appointed]
Your rights at a glance
Depending on the circumstances and the legal basis on which we process your data, you may exercise the following rights. Each is explained in plain English below.
| Right | GDPR article | In short |
|---|---|---|
| Access | Art. 15 | Get a copy of your data and information about how we use it. |
| Rectification | Art. 16 | Correct inaccurate data or complete incomplete data. |
| Erasure | Art. 17 | Have your data deleted in certain circumstances. |
| Restriction | Art. 18 | Limit how we use your data while a question is resolved. |
| Portability | Art. 20 | Receive certain data in a machine-readable format, or have it sent to another provider. |
| Objection | Art. 21 | Object to processing based on legitimate interests, and to direct marketing. |
| Automated decisions | Art. 22 | Not be subject to a solely automated decision with legal or similarly significant effects. |
The rights explained
Right of access (Art. 15)
You can ask whether we process your personal data and, if we do, receive a copy of it together with information about the purposes, the categories of data, the recipients, the retention period, the source of the data, and whether any automated decision-making is involved. We will provide the first copy free of charge.
Right to rectification (Art. 16)
If the data we hold about you is inaccurate or incomplete, you can ask us to correct or complete it. Where appropriate, we will tell recipients to whom the data was disclosed about the correction.
Right to erasure (Art. 17)
You can ask us to delete your personal data where, for example, it is no longer needed for the purpose we collected it, you withdraw consent and there is no other legal basis, or you have successfully objected to the processing. This right is not absolute: we may need to keep certain data to comply with a legal obligation, or to establish, exercise or defend legal claims. If we cannot erase the data, we will explain why.
Right to restriction (Art. 18)
You can ask us to limit our use of your data, for example while we verify its accuracy after you have contested it, or while we consider an objection you have raised. While processing is restricted, we will store the data but not otherwise use it without your consent, except in limited situations the GDPR allows.
Right to data portability (Art. 20)
Where we process your data by automated means on the basis of your consent or a contract, you can ask to receive that data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
Right to object (Art. 21)
Where we rely on legitimate interests (Art. 6(1)(f)) or on a task carried out in the public interest, you can object to the processing on grounds relating to your particular situation. We will stop unless we can show compelling legitimate grounds that override your interests, or the processing is needed for legal claims. You can object to processing for direct marketing at any time, and we will stop using your data for that purpose with no exception.
Rights relating to automated decision-making (Art. 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, except where the GDPR permits it. AXIOMA's findings are intended to support human review rather than to make such decisions automatically. Where any such processing applies to you, you can request human intervention, express your point of view, and contest the decision.
Right to withdraw consent
Where we rely on your consent (Art. 6(1)(a)), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.
How to submit a request
Send your request by email to info@axiomagdpr.com. To help us handle it promptly, please include:
- which right or rights you wish to exercise;
- enough detail to identify the data in question (for example, the account, email address or context concerned);
- your preferred response format, if you have one.
You do not need to use a specific form or quote a particular article. A clear description of what you want is enough.
Verifying your identity
Where we have reasonable doubts about the identity of the person making a request, we may ask for additional information to confirm it (Art. 12(6)). This protects your data from disclosure to someone else. We will only request what is necessary for verification, and we will not use that information for any other purpose.
How long it takes
We will respond without undue delay and in any event within one month of receiving your request (Art. 12(3)). Where a request is complex or where we have received a number of requests, we may extend this period by a further two months. If we need an extension, we will tell you within the first month and explain why.
Cost
Exercising your rights is free of charge. Where a request is manifestly unfounded or excessive — in particular because it is repetitive — we may either charge a reasonable fee reflecting our administrative costs, or refuse to act on the request (Art. 12(5)). If that applies, we will explain our decision and how you can challenge it. We bear the burden of demonstrating that a request is manifestly unfounded or excessive.
If we cannot fulfil your request
If we decide not to act on your request, we will tell you without delay, and at the latest within one month, the reasons why, and inform you of your right to complain to a supervisory authority and to seek a judicial remedy (Art. 12(4)).
Complaining to a supervisory authority
If you are not satisfied with how we have handled your data or your request, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77), in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement. Our lead supervisory authority is [TO BE ADDED: lead supervisory authority and contact details]. You can also reach a national authority directly; a list is maintained by the European Data Protection Board.
Exercising your right to complain does not affect any other administrative or judicial remedy available to you.