steipete/gist:7cdd5a0b6226680cff14aebd651d5bea

## gistfile1.txt
Hello,

I'd like to request the following information, in accordance with the information rights in the GDPR, and particularly Article 15. Please address all points in this email in turn.

1. A copy of all my personal data held and/or undergoing processing, in a commonly used electronic form (Article 15(3)). Please note that this might also include any audiovisual material (e.g. voice-recordings or pictures) and is not necessarily limited to the information contained in your customer database and/or the information you make available through the ‘manage my profile’ functionality. For all data that would fall under Article 20 (portability), I would like to recieve this in a commonly-used machine readable format. For data that does not fall under Article 20, such as data inferred about me or opinions about me, I would like this in a commonly-used electronic format.
2. If any data was not collected, observed or inferred from me directly, precise information about the source of that data, including the name and contact email of the data controller(s) in question ("from which source the personal data originate", Article 14(2)(f)/15(1)(g)).
3. If these data have been or will be disclosed to any third parties, please name these third parties along with contact details in accordance with Article 15(1)(c). Please note that the European data protection regulators have stated that by default, controllers should name precise recipients and not "categories" of recipients. If they do choose to name categories, they must justify why this is fair, and be specific, naming "the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients". (Article 29 Working Party Guidelines on Transparency WP260 rev.01, p37).
4. Please provide all purposes of the processing for which each category of personal data collected are intended, as well as the lawful ground for each specific purpose. For all uses of "legitimate interests", please explain what those interests are (Article 14(2)(b)).
5. Please confirm whether or not you make any automated decisions (within the meaning of Article 22, GDPR). If the answer is yes, please provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me. (Article 15(1)(h))
6. Please confirm for how long each category of personal data is stored, or the criteria used to make this decision, in accordance with the storage limitation principle and Article 15(1)(d).
7. Please confirm where my personal data is physically stored (including backups) and at the very least whether it has exited the EU at any stage (if so, please also detail the legal grounds and safeguards for such data transfers). If you make use of cloud-services, please provide me with detailed information about where their servers are located and the details about your data processing arrangement with these providers.
8. Please detail the security measures you undertook to safeguard my personal data (including, for example, encryption, access restrictions, data minimisation strategies, storage methods, etc.).

My name is ZZ, and the username for XX is YY
	Hello,

	I'd like to request the following information, in accordance with the information rights in the GDPR, and particularly Article 15. Please address all points in this email in turn.

	1. A copy of all my personal data held and/or undergoing processing, in a commonly used electronic form (Article 15(3)). Please note that this might also include any audiovisual material (e.g. voice-recordings or pictures) and is not necessarily limited to the information contained in your customer database and/or the information you make available through the ‘manage my profile’ functionality. For all data that would fall under Article 20 (portability), I would like to recieve this in a commonly-used machine readable format. For data that does not fall under Article 20, such as data inferred about me or opinions about me, I would like this in a commonly-used electronic format.
	2. If any data was not collected, observed or inferred from me directly, precise information about the source of that data, including the name and contact email of the data controller(s) in question ("from which source the personal data originate", Article 14(2)(f)/15(1)(g)).
	3. If these data have been or will be disclosed to any third parties, please name these third parties along with contact details in accordance with Article 15(1)(c). Please note that the European data protection regulators have stated that by default, controllers should name precise recipients and not "categories" of recipients. If they do choose to name categories, they must justify why this is fair, and be specific, naming "the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients". (Article 29 Working Party Guidelines on Transparency WP260 rev.01, p37).
	4. Please provide all purposes of the processing for which each category of personal data collected are intended, as well as the lawful ground for each specific purpose. For all uses of "legitimate interests", please explain what those interests are (Article 14(2)(b)).
	5. Please confirm whether or not you make any automated decisions (within the meaning of Article 22, GDPR). If the answer is yes, please provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me. (Article 15(1)(h))
	6. Please confirm for how long each category of personal data is stored, or the criteria used to make this decision, in accordance with the storage limitation principle and Article 15(1)(d).
	7. Please confirm where my personal data is physically stored (including backups) and at the very least whether it has exited the EU at any stage (if so, please also detail the legal grounds and safeguards for such data transfers). If you make use of cloud-services, please provide me with detailed information about where their servers are located and the details about your data processing arrangement with these providers.
	8. Please detail the security measures you undertook to safeguard my personal data (including, for example, encryption, access restrictions, data minimisation strategies, storage methods, etc.).

	My name is ZZ, and the username for XX is YY