This schema defines the Transparency Information Language
{
"meta": {
"_id": "f1424f86-ca0f-4f0c-9438-43cc00509931",
"name": "Green Company",
"created": "2020-04-03T15:53:05.929588",
"modified": "2020-04-03T15: 53: 05.929588",
"version": 2,
"language": "de",
"status": "active",
"url": "https://green-bikes.de/privacy",
"_hash": "d732a793562a3e5dc57645a8"
},
"controller": {
"name": "Green Company AG",
"division": "Product line e-mobility",
"address": "Wolfsburger Ring 2, 38440 Berlin",
"country": "DE",
"representative": {
"name": "Jane Super",
"email": "contact@greencompany.de",
"phone": "0049 151 1234 5678"
}
},
"dataProtectionOfficer": {
"name": "Jane Super",
"address": "Wolfsburger Ring 2, 38440 Berlin",
"country": "DE",
"email": "contact@greencompany.de",
"phone": "0049 151 1234 5678"
},
"dataDisclosed": [
{
"_id": "f1424f86-ca0f-4f0c-9438-43cc00509931",
"category": "E-mail address",
"purposes": [
{
"purpose": "Marketing",
"description": "Newsletter will be sent out once a month."
}
],
"legalBases": [
{
"reference": "GDPR-99-1-a",
"description": "The data are processed on the basis of Art. 99 GDPR which states..."
},
{
"reference": "BDSG-42-5",
"description": "BDSG-42-5 refers to the processing of personal data within..."
}
],
"legitimateInterests": [
{
"exists": true,
"reasoning": "There is an legitimate interest based on ... and is not overwritten because ..."
}
],
"recipients": [
{
"name": "Yellow Company AG",
"division": "Product line e-mobility",
"address": "Triana 123, 9999 Seville",
"country": "ES",
"representative": {
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
},
"category": "Marketing content provider"
},
{
"category": "Responsible Statistical Institutes"
}
],
"storage": [
{
"temporal": [
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-08-09T18:31:42P3Y6M4DT12H30M17S"
}
],
"purposeConditional": [
"Data is stored until the end of the ordering process."
],
"legalBasisConditional": [
"SGB-100-42"
],
"aggregationFunction": "max"
}
],
"nonDisclosure": {
"legalRequirement": false,
"contractualRegulation": false,
"obligationToProvide": false,
"consequences": "If the data is not disclosed, the shipment cannot be delivered."
}
}
],
"thirdCountryTransfers": [
{
"country": "ES",
"adequacyDecision": {
"available": true,
"description": "An adequacy decision was made on the 23rd April 2020 by..."
},
"appropriateGuarantees": {
"available": true,
"description": "Here the appropriate guarantee was formulated by..."
},
"presenceOfEnforceableRightsAndEffectiveRemedies": {
"available": true,
"description": "These rights are given because of..."
},
"standardDataProtectionClause": {
"available": true,
"description": "The standard data protection clause which applies here can be found here: ..."
}
}
],
"accessAndDataPortability": {
"available": true,
"description": "Data access is possible through...",
"url": "https://green-bikes.de/access",
"email": "access@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
],
"administrativeFee": {
"amount": 0,
"currency": "EUR"
},
"dataFormat": "json"
},
"sources": [
{
"_id": "f1423cc00509931",
"dataCategory": "Creditworthiness",
"sources": [
{
"description": "This information could be retrieved from...",
"url": "https://blueCompany.org",
"publiclyAvailable": false
}
]
}
],
"rightToInformation": {
"available": true,
"description": "For the right to information please use this contact form and...",
"url": "https://greencompany.org/rightToInformation",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
]
},
"rightToRectificationOrDeletion": {
"available": true,
"description": "For the right to rectification please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
]
},
"rightToDataPortability": {
"available": false,
"description": "Data portability is only possible when...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy"
]
},
"rightToWithdrawConsent": {
"available": true,
"description": "For the right to withdraw consent please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"Email verification"
]
},
"rightToComplain": {
"available": true,
"description": "For the right to complain please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
],
"supervisoryAuthority": {
"name": "Commissioner for Data Protection",
"address": "Friedrichstrasse 219, 10969 Berlin",
"country": "DE",
"email": "mailbox@privacy-berlin.de",
"phone": "0049 444 222 111"
}
},
"automatedDecisionMaking": {
"inUse": true,
"logicInvolved": "The personal data are processed as follows...",
"scopeAndIntendedEffects": "From processing follows..."
},
"changesOfPurpose": [
{
"description": "Due to techncial requirements...",
"affectedDataCategories": [
"Email adress",
"Credit score"
],
"plannedDateOfChange": "2020-08-20",
"urlOfNewVersion": "https://greencomp.de/privacypolicy/2"
}
]
}
Meta information for the identification and verification of the document.
{
"_id": "f1424f86-ca0f-4f0c-9438-43cc00509931",
"name": "Green Company",
"created": "2020-04-03T15:53:05.929588",
"modified": "2020-04-03T15: 53: 05.929588",
"version": 2,
"language": "de",
"status": "active",
"url": "https://green-bikes.de/privacy",
"_hash": "d732a793562a3e5dc57645a8"
}
The ID follows the database-specific implementation and does not have to be set in advance; but should offer as much entropy as possible for globally unique identifiers.
"f1424f86-ca0f-4f0c-9438-43cc00509931"
Name of the data controller.
"Green Company"
Creation date of the document as an ISO-8601 time code.
Must match regular expression:^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$ "2020-04-03T15:53:05.929588"
Last modified date of the document as an ISO-8601 time code.
Must match regular expression:^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$ "2020-04-03T15: 53: 05.929588"
This number serves to version documents of a controller.
Value must be greater or equal to 1
2
All language abbreviation codes follow the established ISO 639-1 standard as identifiers for names of languages.
Must match regular expression:^(aa|ab|ae|af|ak|am|an|ar|as|av|ay|az|az|ba|be|bg|bh|bi|bm|bn|bo|br|bs|ca|ce|ch|co|cr|cs|cu|cv|cy|da|de|dv|dz|ee|el|en|eo|es|et|eu|fa|ff|fi|fj|fo|fr|fy|ga|gd|gl|gn|gu|gv|ha|he|hi|ho|hr|ht|hu|hy|hz|ia|id|ie|ig|ii|ik|io|is|it|iu|ja|jv|ka|kg|ki|kj|kk|kl|km|kn|ko|kr|ks|ku|kv|kw|ky|la|lb|lg|li|ln|lo|lt|lu|lv|mg|mh|mi|mk|ml|mn|mr|ms|mt|my|na|nb|nd|ne|ng|nl|nn|no|nr|nv|ny|oc|oj|om|or|os|pa|pi|pl|ps|pt|qu|rm|rn|ro|ru|rw|sa|sc|sd|se|sg|si|sk|sl|sm|sn|so|sq|sr|ss|st|su|sv|sw|ta|te|tg|th|ti|tk|tl|tn|to|tr|ts|tt|tw|ty|ug|uk|ur|uz|ve|vi|vo|wa|wo|xh|yi|yo|za|zh|zu)$ "de"
The status of an instance can be active or inactive depending on the policy's legal force.
Must match regular expression:^(active|inactive)$ "active"
"inactive"
URL to this schema.
"https://green-bikes.de/privacy"
The hash is based on one SHA256 calculation of the document.
Must be at least 64 characters long
Must be at most 64 characters long
"be81d309088dde861ab5fc4d62d4bbfe0aeef3e3baf2f5362c1086f451f0a1e7"
Additional Properties of any type are allowed.
Type: objectThe responsible controller is defined in here.
{
"name": "Green Company AG",
"division": "Product line e-mobility",
"address": "Wolfsburger Ring 2, 38440 Berlin",
"country": "DE",
"representative": {
"name": "Jane Super",
"email": "contact@greencompany.de",
"phone": "0049 151 1234 5678"
}
}
Name of the controller.
"Green Company AG"
Serves to differentiate between different areas of a company; particularly relevant for large companies.
"Product line e-mobility"
Address of the controller.
"Wolfsburger Ring 2, 38440 Berlin"
All country codes follow the established ones ISO 3166 country abbreviation standard.
Must match regular expression:^[A-Z][A-Z]$ Must be at least 2 characters long
Must be at most 2 characters long
"DE"
The representative is a responsible real person that represents the controller.
{
"name": "Jane Super",
"email": "contact@greencompany.de",
"phone": "0049 151 1234 5678"
}
Name of the controller's representative.
"Jane Super"
Email address of the controller's representative.
"contact@greencompany.de"
Phone number of the controller's representative.
Must match regular expression:^[+]*[(]{0,1}[0-9]{1,4}[)]{0,1}[-\s\./0-9]*$ "+49 151 1234 5678"
Additional Properties of any type are allowed.
Type: objectAdditional Properties of any type are allowed.
Type: objectThe Data Protection Officer (DPO) of the controller.
{
"name": "Jane Super",
"address": "Wolfsburger Ring 2, 38440 Berlin",
"country": "DE",
"email": "contact@greencompany.de",
"phone": "0049 151 1234 5678"
}
The full name of the Data Protection Officer.
"Jane Super"
Address of the DPO.
"Wolfsburger Ring 2, 38440 Berlin"
The country in which the Data Protection officer is located at.
Must match regular expression:^[A-Z][A-Z]$ Must be at least 2 characters long
Must be at most 2 characters long
"DE"
The contact email address of the Data Protection Officer.
"contact@greencompany.de"
The phone number of the Data Protection Officer (may include country prefix).
Must match regular expression:^[+]*[(]{0,1}[0-9]{1,4}[)]{0,1}[-\s\./0-9]*$ "0049 151 1234 5678"
Additional Properties of any type are allowed.
Type: objectA detailed explanation about which data is disclosed in the processing tasks.
The description of data disclosed.
{
"_id": "f1424f86-ca0f-4f0c-9438-43cc00509931",
"category": "E-mail address",
"purposes": [
{
"purpose": "Marketing",
"description": "Newsletter will be sent out once a month."
}
],
"legalBases": [
{
"reference": "GDPR-99-1-a",
"description": "The data are processed on the basis of Art. 99 GDPR which states..."
},
{
"reference": "BDSG-42-5",
"description": "BDSG-42-5 refers to the processing of personal data within..."
}
],
"legitimateInterests": [
{
"exists": true,
"reasoning": "There is an legitimate interest based on ... and is not overwritten because ..."
}
],
"recipients": [
{
"name": "Yellow Company AG",
"division": "Product line e-mobility",
"address": "Triana 123, 9999 Seville",
"country": "ES",
"representative": {
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
},
"category": "Marketing content provider"
},
{
"category": "Responsible Statistical Institutes"
}
],
"storage": [
{
"temporal": [
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-08-09T18:31:42P3Y6M4DT12H30M17S"
}
],
"purposeConditional": [
"Data is stored until the end of the ordering process."
],
"legalBasisConditional": [
"SGB-100-42"
],
"aggregationFunction": "max"
}
],
"nonDisclosure": {
"legalRequirement": false,
"contractualRegulation": false,
"obligationToProvide": false,
"consequences": "If the data is not disclosed, the shipment cannot be delivered."
}
}
The id of a data item that is disclosed. The id is necessary to distinguish several processing tasks of the same data item (locally unique ID that can be based on the database implementation).
"f1424f86-ca0f-4f0c-9438-43cc00509931"
The data (category) the data disclosed is referred to.
"E-mail address"
The purpose for which a data item is processed for.
{
"purpose": "Marketing",
"description": "Newsletter will be sent out once a month."
}
In this schema the purpose is specified (i.e. a headline or purpose category).
"Marketing"
This schema refers to an exact description of the purpose the data is processed for.
"Newsletter will be sent out once a month."
Additional Properties of any type are allowed.
Type: object[
{
"purpose": "Marketing",
"description": "Newsletter will be sent out once a month."
}
]
An explanation about the legal bases for the processing of personal data disclosed.
{
"reference": "GDPR-99-1-a",
"description": "The data are processed on the basis of Art. 99 GDPR which states..."
}
This field refers to the reference in legal regulations (laws, orders, declaration etc.). The format is set to uppercase letters for the legal text followed by hyphened numbers and lowercase letters for the exact location.
Must match regular expression:^[A-Z]*([-]?[0-9]*|[a-z]*)*$ "GDPR-99-1-a"
An explanation about the legal basis used.
"The data are processed on the basis of Art. 99 GDPR which states..."
Additional Properties of any type are allowed.
Type: object[
{
"reference": "GDPR-99-1-a",
"description": "The data are processed on the basis of Art. 99 GDPR which states..."
},
{
"reference": "BDSG-42-5",
"description": "BDSG-42-5 refers to the processing of personal data within..."
}
]
An explanation about the legitimate interests for the processing of data disclosed.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"exists": true,
"reasoning": "There is an legitimate interest based on ... and is not overwritten because ..."
}
The legitimate interest only has to be stated if the processing is carried out in accordance with Art. 13 (1d). This field refers to the existence of such an interest.
true
false
If the legitimate interest has to be stated because the processing is carried out in accordance with Art. 13 (1d), it is described in here.
"There is an legitimate interest based on ... and is not overwritten because ..."
Additional Properties of any type are allowed.
Type: object[
{
"exists": true,
"reasoning": "There is an legitimate interest based on ... and is not overwritten because ..."
}
]
An explanation about the recipients of the data disclosed.
{
"name": "Yellow Company AG",
"division": "Product line e-mobility",
"address": "Triana 123, 9999 Seville",
"country": "ES",
"representative": {
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
},
"category": "Marketing content provider"
}
The name of the third party (recipient).
"Yellow Company AG"
The division of the third party (recipient) for structuring controllers into smaller entities.
"Product line e-mobility"
The address of the third party (recipient).
"Triana 123, 9999 Seville"
The country in which the recipient is located at. Attention: This explictly specifies third country transfers!
Must match regular expression:^[A-Z][A-Z]$ Must be at least 2 characters long
Must be at most 2 characters long
"ES"
The representative of the third party (recipient).
{
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
}
The name of the representative of the third party (recipient).
"Jane Super"
The email address of the representative of the third party (recipient).
"contact@yellowcompany.de"
The phone number of the representative of the third party (recipient).
Must match regular expression:^[+]*[(]{0,1}[0-9]{1,4}[)]{0,1}[-\s\./0-9]*$ "0049 151 1234 9876"
Additional Properties of any type are allowed.
Type: objectThe category of the the recipient.
"Marketing content provider"
Additional Properties of any type are allowed.
Type: object{
"category": "Responsible Statistical Institutes"
}
This category has to be given, even if the controller is not mentioned explicitly.
"Responsible Statistical Institutes"
Additional Properties of any type are allowed.
Type: object[
{
"name": "Yellow Company AG",
"division": "Product line e-mobility",
"address": "Triana 123, 9999 Seville",
"country": "ES",
"representative": {
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
},
"category": "Marketing content provider"
},
{
"category": "Responsible Statistical Institutes"
}
]
In this section, the duration of storage or storage criteria are given.
{
"temporal": [
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-08-09T18:31:42P3Y6M4DT12H30M17S"
}
],
"purposeConditional": [
"Data is stored until the end of the ordering process."
],
"legalBasisConditional": [
"SGB-100-42"
],
"aggregationFunction": "max"
}
This schema serves to specify a temporal description of how long the data is stored and for what exactly.
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
}
The description why the data has to be stored..
"Creating backups."
The TTL (Time-to-Live) specifies the lifetime of this data (category). It follows the ISO 8601 for time spans.
Must match regular expression:^(\d{4}(-\d{2}(-\d{2})?(?!:))?(T\d{2}(:\d{2}(:\d{2})?(\.\d+)?)?)?(Z|([+,-]\d{2}(:\d{2})?))?)?P(([0-9]+([.,][0-9]*)?Y)?([0-9]+([.,][0-9]*)?M)?([0-9]+([.,][0-9]*)?D)?T?([0-9]+([.,][0-9]*)?H)?([0-9]+([.,][0-9]*)?M)?([0-9]+([.,][0-9]*)?S)?)|\d{4}-?(0[1-9]|11|12)-?(?:[0-2]\d|30|31)T((?:[0-1][0-9]|[2][0-3]):?(?:[0-5][0-9]):?(?:[0-5][0-9]|60)|2400|24:00)$ "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
Additional Properties of any type are allowed.
Type: object[
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-08-09T18:31:42P3Y6M4DT12H30M17S"
}
]
Specifies the purpose that requires data storage.
"Data is stored until the end of the ordering process."
[
"Data is stored until the end of the ordering process."
]
If the storage is required by law, the respective one has to specified in here.
^[A-Z]*([-]?[0-9]*|[a-z]*)*$ "SGB-100-42"
[
"SGB-100-42"
]
The aggregation function describes the calculation basis when specifying several time intervals. For example, if there is storage for 2 weeks for technical reasons (e.g. backup), but there is a legally longer retention period, the maximum aggregation function (max) would be selected (standard case). Aggregation functions available: min, max, sum, avg
"max"
Additional Properties of any type are allowed.
Type: object[
{
"temporal": [
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-08-09T18:31:42P3Y6M4DT12H30M17S"
}
],
"purposeConditional": [
"Data is stored until the end of the ordering process."
],
"legalBasisConditional": [
"SGB-100-42"
],
"aggregationFunction": "max"
}
]
This schema refers to the necessity and consequences of non-disclosure of personal data. According to Art. 13 (2e), this refers to the information whether the provision of the personal data is required by law or contract or is required for the conclusion of a contract, whether the data subject is obliged to provide the personal data and the possible consequences of not providing it.
{
"legalRequirement": false,
"contractualRegulation": false,
"obligationToProvide": false,
"consequences": "If the data is not disclosed, the shipment cannot be delivered."
}
Is there a legal requirement to collect these data?
false
true
Is there a contractual regulation to collect these data?
false
true
Is there an obligation for the data subject to provide these data?
false
true
Description of the consequences in the case of non-disclosure.
"If the data is not disclosed, the shipment cannot be delivered."
Additional Properties of any type are allowed.
Type: objectAdditional Properties of any type are allowed.
Type: object[
{
"_id": "f1424f86-ca0f-4f0c-9438-43cc00509931",
"category": "E-mail address",
"purposes": [
{
"purpose": "Marketing",
"description": "Newsletter will be sent out once a month."
}
],
"legalBases": [
{
"reference": "GDPR-99-1-a",
"description": "The data are processed on the basis of Art. 99 GDPR which states..."
},
{
"reference": "BDSG-42-5",
"description": "BDSG-42-5 refers to the processing of personal data within..."
}
],
"legitimateInterests": [
{
"exists": true,
"reasoning": "There is an legitimate interest based on ... and is not overwritten because ..."
}
],
"recipients": [
{
"name": "Yellow Company AG",
"division": "Product line e-mobility",
"address": "Triana 123, 9999 Seville",
"country": "ES",
"representative": {
"name": "Jane Super",
"email": "contact@yellowcompany.de",
"phone": "0049 151 1234 9876"
},
"category": "Marketing content provider"
},
{
"category": "Responsible Statistical Institutes"
}
],
"storage": [
{
"temporal": [
{
"description": "Creating backups.",
"ttl": "2005-08-09T18:31:42P3Y6M4DT12H30M17S"
},
{
"description": "Finishing ordering process.",
"ttl": "2020-07-12T18:31:42P3Y6M4DT12H30M17S"
}
],
"purposeConditional": [
"Data is stored until the end of the ordering process."
],
"legalBasisConditional": [
"SGB-100-42"
],
"aggregationFunction": "max"
}
],
"nonDisclosure": {
"legalRequirement": false,
"contractualRegulation": false,
"obligationToProvide": false,
"consequences": "If the data is not disclosed, the shipment cannot be delivered."
}
}
]
This schema refers to the adequacy decisions of any third country transfers.
{
"country": "ES",
"adequacyDecision": {
"available": true,
"description": "An adequacy decision was made on the 23rd April 2020 by..."
},
"appropriateGuarantees": {
"available": true,
"description": "Here the appropriate guarantee was formulated by..."
},
"presenceOfEnforceableRightsAndEffectiveRemedies": {
"available": true,
"description": "These rights are given because of..."
},
"standardDataProtectionClause": {
"available": true,
"description": "The standard data protection clause which applies here can be found here: ..."
}
}
The country code of the third country.
Must match regular expression:^[A-Z][A-Z]$ Must be at least 2 characters long
Must be at most 2 characters long
"ES"
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "An adequacy decision was made on the 23rd April 2020 by..."
}
Adequacy decision by the European commission exists?
true
false
Description of the adequacy decision by the European commission.
"An adequacy decision was made on the 23rd April 2020 by..."
Additional Properties of any type are allowed.
Type: objectSuitable guarantees according to Art. 45
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "Here the appropriate guarantee was formulated by..."
}
Do suitable guarantees according to Art. 45 exist?
true
false
Description of suitable guarantees according to Art. 45
"Here the appropriate guarantee was formulated by..."
Additional Properties of any type are allowed.
Type: objectPresence of enforceable rights and effective remedies
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "These rights are given because of..."
}
Presence of enforceable rights and effective remedies?
true
false
Description of enforceable rights and effective remedies.
"These rights are given because of..."
Additional Properties of any type are allowed.
Type: objectSchema on Standard Data Protection clauses.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "The standard data protection clause which applies here can be found here: ..."
}
Does a standard data protection clause exist?
true
false
An explanation about the standard data protection clause (may include link).
"The standard data protection clause which applies here can be found here: ..."
Additional Properties of any type are allowed.
Type: objectAdditional Properties of any type are allowed.
Type: object[
{
"country": "ES",
"adequacyDecision": {
"available": true,
"description": "An adequacy decision was made on the 23rd April 2020 by..."
},
"appropriateGuarantees": {
"available": true,
"description": "Here the appropriate guarantee was formulated by..."
},
"presenceOfEnforceableRightsAndEffectiveRemedies": {
"available": true,
"description": "These rights are given because of..."
},
"standardDataProtectionClause": {
"available": true,
"description": "The standard data protection clause which applies here can be found here: ..."
}
}
]
Defining the right to access and data portability.
{
"available": true,
"description": "Data access is possible through...",
"url": "https://green-bikes.de/access",
"email": "access@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
],
"administrativeFee": {
"amount": 0,
"currency": "EUR"
},
"dataFormat": "json"
}
The information is subject to the requirements of Art. 20 (right to data portability) GDPR.
true
Description of the requirements according to Art. 20 GDPR.
"Data access is possible through..."
"In the event that the requirements of Art. 20 Para. 1 GDPR are met, you have the right to store your data in a structured, common .."
URL to relevant resources such as access portals.
"https://green-bikes.de/access"
Contact email address
"access@greencompany.de"
ID evidences
"ID card copy"
"Email verification"
[
"ID card copy",
"Email verification"
]
The fee that refers to several copies.
{
"amount": 0,
"currency": "EUR"
}
The amount of money to be paid for a copy.
0
The currency in which the amount of money for one copy has to be provided acc. to ISO 4217.
Must be at least 3 characters long
Must be at most 3 characters long
"EUR"
Additional Properties of any type are allowed.
Type: objectAn explanation about the data format(s) the data is provided in.
"json"
"xml"
"json"
"xml"
Additional Properties of any type are allowed.
Type: objectThis duty to provide information is limited to the collection of personal data that does not take place from the data subject (Art. 14).
{
"_id": "f1423cc00509931",
"dataCategory": "Creditworthiness",
"sources": [
{
"description": "This information could be retrieved from...",
"url": "https://blueCompany.org",
"publiclyAvailable": false
}
]
}
This refers to an locally unique ID in an arbitrary but deterministic format.
"f1423cc00509931"
The category the data refer to.
"Creditworthiness"
Specify the source(s) where the data come from.
{
"description": "This information could be retrieved from...",
"url": "https://blueCompany.org",
"publiclyAvailable": false
}
Description of the source the data is taken from.
"This information could be retrieved from..."
URL (reference) where the data is taken from.
"https://blueCompany.org"
Are these data publicly available?
false
true
Additional Properties of any type are allowed.
Type: object[
{
"description": "This information could be retrieved from...",
"url": "https://blueCompany.org",
"publiclyAvailable": false
}
]
Additional Properties of any type are allowed.
Type: object[
{
"_id": "f1423cc00509931",
"dataCategory": "Creditworthiness",
"sources": [
{
"description": "This information could be retrieved from...",
"url": "https://blueCompany.org",
"publiclyAvailable": false
}
]
}
]
Refers to the right of information.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "For the right to information please use this contact form and...",
"url": "https://greencompany.org/rightToInformation",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
]
}
Possibility available?
true
Description of the right.
"For the right to information please use this contact form and..."
URL to an online portal.
"https://greencompany.org/rightToInformation"
"contact@greencompany.de"
"ID card copy"
"Email verification"
[
"ID card copy",
"Email verification"
]
Additional Properties of any type are allowed.
Type: objectThis schema refers to the right to rectification or deletion (Art. 16 GDPR).
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "For the right to rectification please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
]
}
Possibility available?
true
false
"For the right to rectification please use this contact form and..."
"https://greencompany.org/rights"
"contact@greencompany.de"
"ID card copy"
"Email verification"
[
"ID card copy",
"Email verification"
]
Additional Properties of any type are allowed.
Type: objectThe right to data portability as stated in Art. 20 GDPR.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "Data portability is only possible when...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy"
]
}
false
true
"Data portability is only possible when..."
"https://greencompany.org/rights"
"contact@greencompany.de"
"ID card copy"
[
"ID card copy"
]
Additional Properties of any type are allowed.
Type: objectThis schema refers to the right to withdraw consent.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "For the right to withdraw consent please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"Email verification"
]
}
true
false
"For the right to withdraw consent please use this contact form and..."
"https://greencompany.org/rights"
"contact@greencompany.de"
"Email verification"
[
"Email verification"
]
Additional Properties of any type are allowed.
Type: objectThis schema refers to the right to complain.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"available": true,
"description": "For the right to complain please use this contact form and...",
"url": "https://greencompany.org/rights",
"email": "contact@greencompany.de",
"identificationEvidences": [
"ID card copy",
"Email verification"
],
"supervisoryAuthority": {
"name": "Commissioner for Data Protection",
"address": "Friedrichstrasse 219, 10969 Berlin",
"country": "DE",
"email": "mailbox@privacy-berlin.de",
"phone": "0049 444 222 111"
}
}
Is this right available?
true
false
"For the right to complain please use this contact form and..."
"https://greencompany.org/rights"
"contact@greencompany.de"
"ID card copy"
"Email verification"
[
"ID card copy",
"Email verification"
]
Defines the supervisory authority that has to be contacted in order to complain about the data controller's practices.
{
"name": "Commissioner for Data Protection",
"address": "Friedrichstrasse 219, 10969 Berlin",
"country": "DE",
"email": "mailbox@privacy-berlin.de",
"phone": "0049 444 222 111"
}
Name of the supervisory authority.
"Commissioner for Data Protection"
Adress of the supervisory authority.
"Friedrichstrasse 219, 10969 Berlin"
Country of the supervisory authority.
Must be at least 2 characters long
Must be at most 2 characters long
"DE"
Email adress of the supervisory authority.
"mailbox@privacy-berlin.de"
Phone number of the supervisory authority.
Must match regular expression:^[+]*[(]{0,1}[0-9]{1,4}[)]{0,1}[-\s\./0-9]*$ "0049 444 222 111"
Additional Properties of any type are allowed.
Type: objectAdditional Properties of any type are allowed.
Type: objectAutomated decision making and potentially involved logic. Does include profiling.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
true {
"inUse": true,
"logicInvolved": "The personal data are processed as follows...",
"scopeAndIntendedEffects": "From processing follows..."
}
Is automated decision making in use?
true
false
An explanation about the logic involved to automated decision making.
"The personal data are processed as follows..."
Scope and intended effects of such processing for the data subject.
"From processing follows..."
Additional Properties of any type are allowed.
Type: objectNotification of change of purpose.
{
"description": "Due to technical requirements...",
"affectedDataCategories": [
"Email adress",
"Credit score"
],
"plannedDateOfChange": "2020-08-20",
"urlOfNewVersion": "https://greencomp.de/privacypolicy/2"
}
Description of the change of purpose.
"Due to technical requirements..."
Data categories that are affected from the change of purpose.
"Email adress"
"Credit score"
[
"Email adress",
"Credit score"
]
Specify the planned date to the changes as ISO 8601 string.
Must match regular expression:^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$ "2020-08-20"
URL points to a document of the same as this one. That creates a chain of information requirements for seamless recognition of transparency information even over a longer period of time.
"https://greencomp.de/tilt/2"
Additional Properties of any type are allowed.
Type: object[
{
"description": "Due to technical requirements...",
"affectedDataCategories": [
"Email adress",
"Credit score"
],
"plannedDateOfChange": "2020-08-20",
"urlOfNewVersion": "https://greencomp.de/privacypolicy/2"
}
]
Additional Properties of any type are allowed.
Type: object