If you want to have your data rectified

You have the right to demand the rectification of inaccurate personal data concerning you.

The accuracy of your personal data is a part of your legal protection. You have the right to be evaluated on the basis of accurate data.

Personal data refers to information by which you can be identified.

A company, authority or corporation that collects your personal data is called a controller.

If you come across inaccurate personal data concerning you, you can request the controller to rectify it. Rectification means that

  • inaccurate data can be corrected
  • obsolete or unnecessary data can be erased and
  • deficient data can be supplemented.

Rectification of data is free of charge. If the rectification request is unfounded or unreasonable, the controller has the right to charge a reasonable fee or refuse the request.

If the controller rectifies your data, it must communicate the rectification to all parties to whom the data have been disclosed in the past if viable. You can ask the controller to tell you the recipients of your data.

How to proceed

Make the rectification request directly to the controller. Additional information on the correct channels can usually be obtained from the controller's website or customer service.

In the request, specify

  • the data to be rectified, word for word
  • the proposed changes, word for word
  • the justifications for the changes proposed by you
  • your name and
  • your contact details (such as your e-mail address or telephone number).

The controller is required to reply to your request within one month. If the requests are numerous or complex, the controller can reply that it needs more time to process them. If the controller announces that it needs more time for processing, the deadline for replying will be three months from your original request. Wait for the controller's reply. Notifying you of a longer processing time does not mean that the controller will refuse to rectify the data.

If the controller refuses to rectify the data you have requested, it must state the reasons for its refusal. The refusal must always be based on law.  If you feel that the controller did not have legal grounds for its refusal, you can contact the Data Protection Ombudsman if necessary.