Right to receive Information

Article 1: Definitions

Article 2: Scope of Application of the Decree by Law

Article 3: Bureau's Power of Exemption

Article 4: Cases of Processing Personal Data without the Consent of its Owner

Article 5: Personal Data Processing Controls

Article 6: Terms of Consent to Data Processing

Article 7: The Controller's General Obligations

Article 8: The Processor's General Obligations

Article 9: Reporting Personal Data Breach

Article 10: Appointing Data Protection Officer

Article 11: Roles of Data Protection Officer

Article 12: Duties of the controller and the processor towards the Data Protection Officer

Article 13: Right to Receive Information

Article 14: Right to Request Transfer of Personal Data

Article 15: Right to correction or erasure of Personal Data

Article 16: Right to Restrict Processing

Article 17: Right to Stop Processing

Article 18: Right to Processing and Automated Processing

Article 19: Contacting the Controller

Article 20: Personal Data Security

Article 21: Assessment of the Impact of Personal Data Protection

Article 22: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is Available

Article 23: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is not Available

Article 24: Complaints

Article 25: Grievance against the Bureau's Decisions

Article 26: Administrative Penalties

Article 27: Authorization

Article 28: The Executive Regulation

Article 29: Regularisation

Article 30: Repeals

Article 31: Publication & Enforcement of this Decree by Law

Article 13

The Data Subject has the right, by submitting a request to the Controller without any consideration, to obtain the following information:
a. The types of its Personal Data that are being processed.
b. Purposes of processing.
c. Decisions made based on automated processing, including profiling.
d. The targeted sectors or establishments with whom its personal data will be shared from inside and outside the State.
e. Controls and standards for the period of storage and preservation of his/ her personal data.
f. Procedures for correcting, erasing or limiting processing and objection to his/ her personal data.
g. Protection measures for cross-border processing carried out in accordance with Articles (22) and (23) of this By-Law.
h. Actions to be taken in the event of a breach or misuse of his/ her Personal Data, especially if the breach or misuse has a direct and serious threat to the privacy and confidentiality of his/her Personal Data.
i. How to submit complaints to the Bureau.
In all cases, the Controller shall, before starting the processing, provide the Data Subject with the information stipulated in paragraphs (b), (d) and (g) of Paragraph (1) of this Article.
The Controller may reject the Data Subject’s request to obtain the information mentioned in Paragraph (1) of this Article, if the following is established:
a. The request is not related to the information referred to in Paragraph (1) of this Article, or it is excessively repetitive.
b. The request conflicts with judicial procedures or investigations conducted by competent authorities.
c. The request may negatively affect the efforts of the Controller to protect information security.
d. The request affects the privacy and confidentiality of Personal Data of third parties.

Table of Contents

Article 13

Right to Receive Information

Automate Your Privacy Compliance with GoTrust!