Data Subject Rights

Data Subject Rights. The Data Controller shall implement appropriate technical and organizational measures to facilitate the exercise of data subject rights as provided under Chapter III of the GDPR, including: (a) Right of Access (Article 15) — the right to obtain confirmation as to whether Personal Data is being processed, and access to that data along with specified supplementary information; (b) Right to Rectification (Article 16) — the right to have inaccurate Personal Data rectified without undue delay; (c) Right to Erasure (Article 17) — the right to have Personal Data erased where there is no compelling reason for its continued processing; (d) Right to Restriction of Processing (Article 18) — the right to restrict processing in specified circumstances; (e) Right to Data Portability (Article 20) — the right to receive Personal Data in a structured, commonly used, and machine-readable format; (f) Right to Object (Article 21) — the right to object to processing based on legitimate interests, direct marketing, or research purposes; and (g) Rights related to automated decision-making and profiling (Article 22) — the right not to be subject to a decision based solely on automated processing that produces legal effects. All requests shall be responded to without undue delay and within one (1) month of receipt, subject to extension as permitted by the GDPR.