This procedure is intended to be used when a data subject exercises one or more of the rights they are granted under the European Union General Data Protection Regulation (GDPR).
Each of the rights involved has its own specific aspects and challenges to PartnerHero Inc. in complying with them and doing so within the required timescales. In general, a proactive approach will be taken that places as much control over personal data in the hands of the data subject as possible, with a minimum amount of intervention or involvement required on the part of PartnerHero Inc. This may be achieved by providing online access to the personal data so that the data subject can verify and amend it as required.
However, in some cases there is a decision-making process to be followed by PartnerHero Inc. regarding whether a request will be allowed or not; where this is the case, the steps involved in these decisions are explained in this document.
This procedure should be considered in conjunction with the following related documents:
• Data Protection Impact Assessment Process
• Personal Data Breach Notification Procedure
• Privacy and Personal Data Protection Policy
• GDPR mapping
1 identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person