Lensym← Back home

Your Rights

GDPR rights and how to exercise them

Your Data Protection Rights

Under GDPR and Dutch privacy law, you have comprehensive rights over your personal data. This page explains each right and how to exercise them with Lensym.

Last updated: September 14, 2024
Version 1.1

Overview of Your Rights

The fundamental data protection rights you have under GDPR

The General Data Protection Regulation (GDPR) grants you comprehensive rights over your personal data. As a Netherlands-based company, we are committed to making these rights easy to understand and exercise.

Your Rights at a Glance

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent

Right to Be Informed

Your right to clear information about how we use your data

What This Means

You have the right to clear, transparent information about how we collect, use, and protect your personal data.

How We Fulfill This Right

  • Privacy Policy: Comprehensive information about our data practices
  • Collection notices: Clear information when collecting data
  • Purpose statements: Explicit explanation of why we need your data
  • Plain language: No legal jargon - everything in clear, understandable terms
  • Regular updates: Notifications when our practices change

Right of Access

Your right to see what personal data we have about you

What You Can Request

  • Confirmation of whether we process your personal data
  • A copy of all personal data we hold about you
  • Information about how we use your data
  • Details about who we share your data with
  • How long we keep your data

How to Request Access

1
Self-service: Export your data directly from your account settings
2
Email request: Contact privacy@lensym.com with "Data Access Request"
3
Identity verification: We may ask for ID to protect your privacy
4
Response: We'll provide your data within 30 days (usually much faster)

Right to Rectification

Your right to correct inaccurate personal data

When to Use This Right

  • Your personal information is incorrect or outdated
  • Your survey data contains errors
  • Your account information needs updating
  • Any other personal data is inaccurate or incomplete

How to Correct Your Data

Account Information

Update directly in your account settings:

  • Name and email address
  • Organization details
  • Profile preferences
Survey Data

Manage through survey tools:

  • Edit survey questions
  • Correct response data
  • Update survey settings

Right to Erasure (Right to be Forgotten)

Your right to have your personal data deleted

When You Can Request Deletion

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • Your data has been unlawfully processed
  • Deletion is required for legal compliance
  • You object to processing and there are no overriding legitimate grounds

Deletion Options

Partial Deletion
Self-service

Delete specific data through your account:

  • Individual surveys and responses
  • Specific personal information
  • Account preferences
Complete Account Deletion
Contact us

Permanently delete your entire account:

  • All personal data removed
  • All surveys and responses deleted
  • 30-day recovery period available

Important Notes

  • Some data may be retained for legal compliance (anonymized where possible)
  • Backup data is purged according to our retention schedule
  • Deletion is permanent and cannot be undone after the grace period

Right to Restrict Processing

Your right to limit how we use your data

When You Can Restrict Processing

  • You contest the accuracy of your data (while we verify it)
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing (while we consider your objection)

What Restriction Means

When processing is restricted, we can only:

  • Store your data (not use it)
  • Process it with your consent
  • Process it for legal claims
  • Process it to protect others' rights

Right to Data Portability

Your right to receive and transfer your personal data

What You Can Export

  • All your account and profile information
  • Survey questions and structure
  • All survey responses and data
  • Analytics and reporting data
  • Any other data you've provided

Export Formats Available

JSONMachine readable
CSV/ExcelSpreadsheet format
SPSS/RStatistical analysis
PDFHuman readable

Right to Object

Your right to object to certain types of processing

What You Can Object To

  • Marketing: Direct marketing communications (absolute right)
  • Legitimate interests: Processing based on our legitimate interests
  • Public task: Processing for public interest or official authority
  • Profiling: Automated decision-making or profiling

Our Current Processing

At Lensym, we make it easy to object because we:

  • No marketing: We don't send promotional emails
  • No profiling: We don't profile users for commercial purposes
  • No advertising: We don't use your data for ads
  • Minimal processing: We only process data necessary for our service

Right to Withdraw Consent

Your right to withdraw consent for data processing

When This Applies

You can withdraw consent for any processing that is based solely on your consent, including:

  • Optional data collection (like phone numbers)
  • Marketing communications (if any)
  • Optional analytics or tracking
  • Non-essential cookies

Important Note

Withdrawing consent doesn't affect the lawfulness of processing before you withdrew it. We may continue processing your data if we have another legal basis (like contract performance or legitimate interests).

How to Exercise Your Rights

Step-by-step guide to using your data protection rights

Contact Methods

Email (Preferred)

Address: privacy@lensym.com
Subject: [Right Name] Request
Response time: Within 30 days

Self-Service

Location: Account Settings
Available for: Access, rectification, deletion
Response time: Immediate

What to Include in Your Request

  • Clear identification: Your name and email address
  • Specific right: Which right you want to exercise
  • Specific data: What data you're referring to (if applicable)
  • Reason: Why you're making the request (helpful but not required)
  • Preferred format: How you'd like to receive information

Our Response Process

1
Acknowledgment: We confirm receipt within 48 hours
2
Verification: We may verify your identity for security
3
Processing: We review and process your request
4
Response: We provide our response within 30 days (usually faster)

If You're Not Satisfied

Your options if we don't handle your request properly

Internal Escalation

If you're not happy with our response, you can escalate to our Data Protection Officer:

Email: dpo@lensym.com
Subject: Privacy Request Escalation

Supervisory Authority

You can lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl

EU-Wide Rights

If you're in another EU country, you can also contact your local data protection authority. They can coordinate with the Dutch authority on your behalf.

Frequently Asked Questions

Common questions about your data protection rights

Do these rights cost anything?

No, exercising your data protection rights is completely free. We may charge a reasonable fee for excessive or repetitive requests, but this is rare.

How long do you have to respond?

We must respond within one month (30 days). In complex cases, we may extend this by another two months, but we'll tell you if this is necessary and why.

Can you refuse my request?

In some cases, yes. For example, if fulfilling your request would harm others' rights or if we have overriding legitimate grounds. We'll always explain our reasoning.

What if I'm not in the EU?

While GDPR specifically protects EU residents, we extend the same rights to all our users worldwide as part of our commitment to privacy.