Just got an email to the generic MyCo email address which is listed on the website.
My reference: <redacted>
Date: 2020-06-25
To Whom It May Concern:
I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.
In case you are, I am hereby requesting access to the following information pursuant to Article 15 GDPR:
1. all personal data concerning me that you have stored, including any potential pseudonymised data on me as per Article 4(5) GDPR;
2. the purposes of the processing;
3. the categories of personal data concerned;
4. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
5. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
6. where the personal data are not collected from the data subject, any available information as to their source;
7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me.
In case you are processing anonymised data concerning me, please not only inform me about that but also explain the procedure used in an easily understandable way.
If you are transferring my personal data to a third country or an international organisation, I request to be informed about the appropriate safeguards according to Article 46 GDPR concerning the transfer.
Please make the personal data concerning me, which I have provided to you, available to me in a structured, commonly used and machine-readable format as laid down in Article 20(1) GDPR.
My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.
As laid down in Article 12(3) GDPR, you have to provide the requested information to me without undue delay and in any event within one month of receipt of the request. According to Article 15(3) GDPR, you have to answer this request without cost to me.
I am including the following information necessary to identify me:
Name: <redacted>
Email address: <redacted>
Thanks: for your support!
If you do not answer my request within the stated period, I am reserving the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.
Thank you in advance.
Yours sincerely
I've never engaged with this person as a client or any thing similar, I have done a bit of a search through old emails and nothing comes up.
Maybe it's the skeptic in me but how do I prove a negative?
It looks like it's been lifted from this site
Sample letter for requests for access to personal data as per Art. 15 GDPR datarequests.org
My reference: <redacted>
Date: 2020-06-25
To Whom It May Concern:
I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.
In case you are, I am hereby requesting access to the following information pursuant to Article 15 GDPR:
1. all personal data concerning me that you have stored, including any potential pseudonymised data on me as per Article 4(5) GDPR;
2. the purposes of the processing;
3. the categories of personal data concerned;
4. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
5. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
6. where the personal data are not collected from the data subject, any available information as to their source;
7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me.
In case you are processing anonymised data concerning me, please not only inform me about that but also explain the procedure used in an easily understandable way.
If you are transferring my personal data to a third country or an international organisation, I request to be informed about the appropriate safeguards according to Article 46 GDPR concerning the transfer.
Please make the personal data concerning me, which I have provided to you, available to me in a structured, commonly used and machine-readable format as laid down in Article 20(1) GDPR.
My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.
As laid down in Article 12(3) GDPR, you have to provide the requested information to me without undue delay and in any event within one month of receipt of the request. According to Article 15(3) GDPR, you have to answer this request without cost to me.
I am including the following information necessary to identify me:
Name: <redacted>
Email address: <redacted>
Thanks: for your support!
If you do not answer my request within the stated period, I am reserving the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.
Thank you in advance.
Yours sincerely
Maybe it's the skeptic in me but how do I prove a negative?
It looks like it's been lifted from this site
Sample letter for requests for access to personal data as per Art. 15 GDPR datarequests.org
Comment