Introduction
A Data Subject Request (DSR) is a vital right granted to individuals under data protection laws, enabling them to exert control over their personal data. Through a DSR, individuals, also known as data subjects, can request access to their personal information processed by Phished. They can also seek corrections to inaccuracies or request the deletion of their data. This mechanism is crucial for data subjects to protect their privacy and ensure the lawful processing of their personal data by Phished.
While Phished does not offer users the option to export all personal data collected via the platform, we have provided a general email address for all inquiries regarding GDPR rights of individuals.
Answer
Data subjects often direct their queries regarding their rights under the GDPR to Phished, given that our general e-mail address for privacy related questions is mentioned in our privacy policy (which is available in our platform). Consequently, we have established procedures to handle these data subject requests.
In compliance with Article 15 of the GDPR, Phished does not take on the responsibility to directly address inquiries from data subjects. This responsibility lies with the controller, which in this case is our client.
Any requests received are therefore promptly forwarded to the concerned controller (our client who added the data subject as a user). The controller then either (i) provides us with instructions on how to proceed or (ii) confirms their intention to handle the requests themselves.
This procedure ensures that data subjects' inquiries are handled in accordance with legal requirements and respects the roles and responsibilities outlined in our DPA and the applicable data protection regulations.
Other useful FAQ's and documents
Our DPA: Client_Data processing agreement_2023-10_ENG.docx (sharepoint.com)
How to exercise my rights under the GDPR