The Law on the Protection of Personal Data requires that controllers, whether public or private, notify KDIMDP of certain specific information according to a standard approved by the Commissioner’s Authority. This information may contain personal data of the persons who are charged by the controllers to fulfill this obligation, in order to authenticate the authenticity of the declaration and to maintain contacts in order to exhaust the legal powers of the Commissioner’s Authority. When companies complete their notification forms, they are asked to provide the contact details of a significant member of staff. The AZHBR authority will use this for its own purposes, for example when we have a question about a notification, but does not make this data public.
These data, processed automatically (due to the computerized notification-registration system) and manually (due to the legal requirements of administrative procedures), are limited to access to a well-defined number of specialists, as well as maintaining the confidentiality of these data is guaranteed by law.
The information obtained from the notification procedures is then made public, as a legal requirement, on the pages of the Register of Controlling Entities, but in the content of these pages there is no personal data. The only personal data that can appear on the pages of this register are the names of entities that are legally registered as natural persons and that must legally be made public if they process personal data.
However, in these cases, since the register is available to the public, AZHBR cannot give any guarantee for the data contained in it, if it is used by those who have access to it. Also, when we request information as part of the notification process, we have made it clear when providing information is required by law and when it is voluntary.