Do you have questions? We have answers.
We are a Personal Information Management System, or "PIMS" for short, an intermediary between individuals and entities (public or private), which allows you to identify who holds your data and regain control of it by claiming the rights provided for in EU Regulation 2016/679 (GDPR). The "PIMS" service delivery model has been validated by the European Data Protection Supervisor (EDPS) in its Opinion 9/2016.
EU Regulation 2016/679 is the regulation governing the processing of personal data of individuals within the European Economic Area (EEA).
The protection of personal data is a fundamental right enshrined in the Charter of Fundamental Rights of the European Union. In this context, the GDPR gives individuals up to six rights to regain control of their data:
With the right of rectification, they must correct your incorrect, incomplete or inaccurate personal data. Have you changed your telephone number or e-mail address? This is your right. For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency (AEPD).
With the right to erasure ("right to be forgotten"), they must delete your personal data. Please note that this right does not always apply (e.g. if you are being provided with a service, you must unsubscribe first). For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency (AEPD).
With the right of limitation, your personal data must not be deleted. This right is useful when you want to file a complaint and the retention period of your data is about to expire. For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency.
With the right of portability, you should receive the personal data they hold about you in a commonly used open format file (e.g. XML, JSON, CSV, etc.) together with useful metadata at the best possible level of granularity. For more information, you can consult the Guidelines of the European Data Protection Board (EDPB).
With reclamadatos, you can identify who holds your personal data and select the entities to which you want to exercise your GDPR rights. We act as your representative, so you don't have to worry about anything. We will notify you when we receive responses from the entities and you can check the status of your requests at any time by accessing the My claims section of your account.
Following the approach of the European Data Protection Supervisor, our services are offered on a freemium basis. The basic plan is free, allows you to identify which entities have your data and claim your rights, with no small print or hidden costs. The Premium plan is offered on a subscription basis, you will get personalised assistance and the possibility to raise your complaints to the supervisory authorities.
We do not exploit or sell your personal data to third parties. Our service is made possible by the entities that subscribe to our rights management tool. This project has received funding from Enisa, part of the Directorate-General for Industry and Small and Medium-sized Enterprises, which in turn is part of the Ministry of Industry, Trade and Tourism (Spanish Government).
In order to show you who holds your personal information, we will ask your permission to identify the entities that have - on occasion - sent you an email. Specifically, these are the requests we make to the APIs of supported email providers:
We take your privacy very seriously and, for this reason, we have developed our service with data protection in mind from the design and by default.
. From the requests made, we only process the domain names (e.g. entity.com), so that you can see who has your personal information and make your own decisions, nothing more.
From the My profile section of your account, you can revoke the permissions granted to your email, as well as delete your account from reclamadatos.
We currently support all email accounts managed by Google or Microsoft, including: Gmail, G Suite, Googlemail, Outlook, Office 365, Microsoft 365, Live, Hotmail and MSN.
The regulations allow you to appoint a representative to make a claim on your behalf. For this reason, the first time you make a claim, we will ask you for a copy of your identity document (ID card, passport or similar document) and the signature of the Authorisation document.
Yes, according to data protection regulations, entities must reply within the legal deadline of 30 days.
In reclamadatos we make our best efforts to expand and keep updated the catalogue of entities, based on national (ESP500) or international (Forbes) rankings, as well as, the requests of our users. If you do not find an entity, contact us and we will add it as soon as possible.
No, at the moment it is only possible to use one email (Google or Microsoft) per account.
If you have any suggestions for improving the Dataguardian service, we would be delighted to hear from you. Please contact us through our contact page.