Data Subject Rights

  • Home
  • Data Subject Rights

DATA SUBJECT RIGHTS

1. Right to be informed

The right to information allows individuals (data subjects) to know what personal data is collected about them, why the data is collected, who is collecting data, for how long data is collected, how they can file a complaint, and if there is data sharing involved.

To be more precise, House Of Nature Safaris is obligated to provide information about:

  • Controller’s information and contact details
  • Purpose of data processing
  • Legal basis for personal data processing
  • Third party details
  • Data retention period
  • Rights granted to HNS under the data protection law
  • Right to file a complaint
  • Whether the provision of personal data is a statutory or contractual requirement
  • Whether the individual is obligated to provide the personal data

All of this information should be conveyed using straightforward and easily understandable language.

2. Right of access

Individuals have a right to submit access requests and obtain information from us about whether their personal information is being processed. HONS is obligated to provide a copy of personal data they have about the individual and additional information, including:

  • The purpose of the processing
  • What categories of personal data are they processing
  • With whom the data is shared (third countries or international organizations)
  • How long will the organization keep the data (data retention period)
  • Information about their GDPR rights (right to rectification, right to erasure, and restriction of processing)
  • Information about automated decision-making, including profiling
  • Source of collected data (if the data is not collected from the individual)
3. Right to rectification

The right to rectification allows the individuals to ask the organization to update any inaccurate or incomplete data they have on them. If the organization confirms the data is inaccurate, the legal deadline to respond to a request is one month. Upon the request, the organization should ensure that the data is indeed inaccurate and rectify it. This right sets new operational challenges for organizations since rectifying one data set can have broader consequences on the entire database.

4. Right to be forgotten

The right to be forgotten is also known as the right to erasure. This right allows individuals to ask for their personal data to be deleted if:

  • Personal data is no longer necessary
  • Individual withdraws consent
  • Personal data is unlawfully processed
  • Individual objects to the processing, and the data controller has no reason to continue processing
  • Data erasure is necessary for compliance with a legal obligation (EU law or national law)

HONS informs any third parties that received the shared data and asks them to delete it unless it can prove that the request would require a disproportionate effort or would be impossible.

5. Right to restrict processing

Individuals can request that an HNS limit how it uses its personal data, although we are not automatically required to delete it.

However, we have to refrain from processing in certain situations:

  • Data is inaccurate (during the verification process)
  • Processing is unlawful, but the individual does not want the data to be erased and requests restriction (which is different from the right to be erased)
  • HNS no longer needs data, but the individual wants the data to be preserved so the legal claim can be exercised
  • HNS is taking measures to verify the data erasure request

Once the data is restricted, HONS is not allowed to process it unless we have consent; we need it for legal claims or to protect the rights of other individuals.

6. Right to data portability

Data portability is one of the novelties among data subject rights. It allows individuals to obtain personal data they have previously provided to us in a structured, commonly used, and machine-readable format.

Individuals can also request that their data be transferred directly to another organization.

However, it can only be applied to the data that an individual has provided to the HNS by consent or contract and if the processing is automated.

This also applies to data related to the individual’s behavior and may include search inquiries, location data, website history, and more.

7. Right to object to processing

The right to object allows individuals to object to processing personal data at any time, in certain situations, and it will depend on the purpose of processing and the lawful base for processing. Individuals can also object to data processing based on legitimate interests or tasks in the public interest.

8. Rights in relation to automated decision-making and profiling

The GDPR introduced strict rules when it comes to the processing of personal data that is done without human involvement. This encompasses different types of profiling, such as assessing individual performance at work, economic status, health, personal preferences, interests, reliability, behavior, or location, if it produces a legal effect that significantly affects them. However, it will not apply if the processing is necessary for the performance of a contract, if it is authorized by the law, or if the processing is based on explicit consent.