Data subject rights

Data subjects under the GDPR include, for example, end customers whose data you process in the questionnaire and staff with user accounts. The following rights generally apply; exceptions and procedures must be assessed case by case.

Access

Data subjects may request confirmation as to whether personal data concerning them are being processed and obtain access to purposes, categories, recipients, retention, and origin of the data (Art. 15 GDPR).

Rectification

Inaccurate personal data must be rectified (Art. 16 GDPR). For questionnaire answers, correction may be done by the customer or by your staff — depending on your process design.

Erasure

The right to erasure (Art. 17 GDPR) applies inter alia when data are no longer necessary for the purposes or consent has been withdrawn — subject to statutory retention duties.

Restriction

Data subjects may request restriction of processing (Art. 18 GDPR), e.g. while accuracy is disputed.

Data portability

Where processing is based on consent or contract and is automated, a right to data portability (Art. 20 GDPR) may apply — clarify the boundary to purely internal counselling records with your adviser.

Objection

Where processing is based on legitimate interests (Art. 6(1)(f)), a right to object (Art. 21 GDPR) exists subject to further statutory conditions.

How to contact us

Name a responsible contact (e.g. data protection officer, management, email) and, if the platform receives requests, clear responsibilities between your practice and the platform provider.

Related documents

• Legal information & privacy — overview
• Privacy policy
• Consent