Data Protection Laws provide certain rights in favour of Data Subjects. The rights in question (“Data Subject Rights”) are as follows:
a) The right of a data subject to received detailed information on the processing (by virtue of the transparency obligations on the Data Controller);
b) The right of access to Personal Data including knowledge of whether or not the Data Subject’s Personal Data are being processed and, if so having access to the Personal Data plus additional ancillary information. This includes information such as the purposes of the Processing, the categories of Personal Data concerned, the recipients of or categories of recipient to whom the Personal Data have been or will be disclosed and retention periods;
c) The right to rectify Personal Data;
d) The right to erase Personal Data (right to be forgotten);
e) The right to Restrict Processing;
f) The right to data portability. i.e. the right to receive Personal Data concerning the Data Subject in a structured, commonly used and machine-readable format and the right to have those data transmitted to another Data Controller. This right only applies to Personal Data which the Data Subject has provided to the HBFI (and not to data which is received from third parties);
g) The right of objection;
h) The right to object to automated decision making, including profiling; and
i) The right to withdraw consent (in the limited cases where we rely on your consent to process your personal data), without affecting the lawfulness of processing based on consent before its withdrawal.
Some rights will not apply in some cases, and exemptions may apply to the exercise of your rights. For example, Articles 17 and 20 of the GDPR state that the right to be forgotten and the right of data portability do not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
Any Data Subject wishing to exercise their Data Subject Rights should write to the HBFI Data Protection Officer, Treasury Dock, 1 North Wall Quay, Dublin 1, D01 A9T8 or email dpo@HBFI.ie. Your request will be dealt with in accordance with the HBFI’s Data Subject Rights Requests Procedure.