Your rights under the General Data Protection Regulation (GDPR)
The European General Data Protection Regulation (GDPR) gives data subjects a number of rights which we must, of course, comply with.
- Explains more responsibilities to the organization that processes personal data (“controller”).
- Protects and reinforces the rights of those whose personal data are being processed (“data subjects”).
- Gives the regulator, the Dutch Data Protection Authority, more powers, including the authority to impose high fines.
The processing responsible organization is the organization that determines the purpose and means of processing personal data. In this context, this is our worldwide CMTC-OVM organization in the Netherlands.
An external party that processes personal data on behalf of the Processing Officer. Examples are: the editor of the newsletter, the company that runs the financial administration and the company where our website is ‘hosted’. But also the volunteer who gets a membership file to organize an activity.
All data about an identified or identifiable natural person. For example, name, address, telephone number and e-mail address.
The identified or identifiable natural person, for example, the members, patients, but also donors or volunteers.
Data on health
Personal data related to the physical or mental health of a data subject. Data about health are special personal data. The GDPR imposes stricter requirements on the processing thereof.
The rights of people who register with us (eg as a member, donor and received newsletter) are as follows:
- The right to information about and inspection of the data subject.
- The right to correction or limitation of personal data.
- The right to be forgotten (‘forgetfulness’); the data subject has the right to ask us to remove his / her personal data (including having it removed from any other organizations to which we have provided the data).
- The right to data portability; those involved can ask us to receive their personal data in a standard format and / or forward it to a new organization.
- The right to object to profiling and automated decision-making.
If a data subject is of the opinion that we do not handle personal data properly, the data subject can file a complaint
If the person concerned is of the opinion that we are not handling his / her complaint properly, the person concerned can submit a complaint to the Dutch Data Protection Authority about the way in which our organization deals with personal data. The Dutch Data Protection Authority is obliged to handle this complaint.