Frequently asked questions

Do you have questions? We have answers.

  1. What is Dataguardian? #

    We are a Personal Information Management System, or "PIMS" for short, an intermediary between individuals and entities (public or private), which allows you to identify who holds your data and regain control of it by claiming the rights provided for in EU Regulation 2016/679 (GDPR). The "PIMS" service delivery model has been validated by the European Data Protection Supervisor (EDPS) in its Opinion 9/2016.

  2. What is the GDPR? #

    EU Regulation 2016/679 is the regulation governing the processing of personal data of individuals within the European Economic Area (EEA).

  3. What are the GDPR claims? #

    The protection of personal data is a fundamental right enshrined in the Charter of Fundamental Rights of the European Union. In this context, the GDPR gives individuals up to six rights to regain control of their data:

    1. Access
    2. Rectification
    3. Erasure
    4. Limitation
    5. Portability
    6. Opposition

  4. Copy of your data #

    With the right of access, they must confirm whether they have (or not) your personal data, and if so, send you a copy of it. For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency.

  5. Modify your data #

    With the right of rectification, they must correct your incorrect, incomplete or inaccurate personal data. Have you changed your telephone number or e-mail address? This is your right. For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency (AEPD).

  6. Erase your data #

    With the right to erasure ("right to be forgotten"), they must delete your personal data. Please note that this right does not always apply (e.g. if you are being provided with a service, you must unsubscribe first). For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency (AEPD).

  7. Preserve your data #

    With the right of limitation, your personal data must not be deleted. This right is useful when you want to file a complaint and the retention period of your data is about to expire. For more information, you can consult the Frequently Asked Questions of the Spanish Data Protection Agency.

  8. Export your data #

    With the right of portability, you should receive the personal data they hold about you in a commonly used open format file (e.g. XML, JSON, CSV, etc.) together with useful metadata at the best possible level of granularity. For more information, you can consult the Guidelines of the European Data Protection Board (EDPB).

  9. No more advertising #

    With the right to object, they must stop using your data to send you advertising or receive commercial calls (direct marketing). For more information, you can consult the Further questions of the Spanish Data Protection Agency (AEPD).

  10. How does it work? #

    With reclamadatos, you can identify who holds your personal data and select the entities to which you want to exercise your GDPR rights. We act as your representative, so you don't have to worry about anything. We will notify you when we receive responses from the entities and you can check the status of your requests at any time by accessing the My claims section of your account.

  11. How much does it cost? #

    Following the approach of the European Data Protection Supervisor, our services are offered on a freemium basis. The basic plan is free, allows you to identify which entities have your data and claim your rights, with no small print or hidden costs. The Premium plan is offered on a subscription basis, you will get personalised assistance and the possibility to raise your complaints to the supervisory authorities.

    We do not exploit or sell your personal data to third parties. Our service is made possible by the entities that subscribe to our rights management tool. This project has received funding from Enisa, part of the Directorate-General for Industry and Small and Medium-sized Enterprises, which in turn is part of the Ministry of Industry, Trade and Tourism (Spanish Government).

  12. How does the "Find out who has your data" service work? #

    In order to show you who holds your personal information, we will ask your permission to identify the entities that have - on occasion - sent you an email. Specifically, these are the requests we make to the APIs of supported email providers:

    Google
    Detail:
    https://gmail.googleapis.com/gmail/v1/users/{userId}/messages/{id}
    Scope:
    https://www.googleapis.com/auth/gmail.metadata

    Microsoft
    Detail:
    https://graph.microsoft.com/v1.0/me/messages/{id}
    Scope:
    Mail.ReadBasic

    We take your privacy very seriously and, for this reason, we have developed our service with data protection in mind from the design and by default.

    . From the requests made, we only process the domain names (e.g. entity.com), so that you can see who has your personal information and make your own decisions, nothing more.

    From the My profile section of your account, you can revoke the permissions granted to your email, as well as delete your account from reclamadatos.

  13. Which email providers support Reclamadatos? #

    We currently support all email accounts managed by Google or Microsoft, including: Gmail, G Suite, Googlemail, Outlook, Office 365, Microsoft 365, Live, Hotmail and MSN.

  14. How do I authorise reclamadatos to claim on my behalf? #

    The regulations allow you to appoint a representative to make a claim on your behalf. For this reason, the first time you make a claim, we will ask you for a copy of your identity document (ID card, passport or similar document) and the signature of the Authorisation document.

  15. Are entities obliged to respond? #

    Yes, according to data protection regulations, entities must reply within the legal deadline of 30 days.

  16. Which entities can I claim to? #

    In reclamadatos we make our best efforts to expand and keep updated the catalogue of entities, based on national (ESP500) or international (Forbes) rankings, as well as, the requests of our users. If you do not find an entity, contact us and we will add it as soon as possible.

  17. How can I report an issue? #

    You can contact us, at any time, through the following form and we will answer your request as soon as possible.

  18. How often can I claim a right? #

    During the six-month period, you may not exercise the same right on more than one occasion with the same entity, in accordance with the data protection legislation.

  19. What if an entity does not respond to me or I do not agree with the response? #

    You can file a complaint with the competent Data Protection Authority. Soon you will be able to enjoy this functionality with the premium plan.

  20. Can I enter multiple email addresses on my account? #

    No, at the moment it is only possible to use one email (Google or Microsoft) per account.

  21. Can I delete my account? #

    Of course. Personal data is yours and only you can decide what to do with it, no one else. You can revoke permissions to your Google or Microsoft account, as well as remove your account from reclaiming data by going to My profile. Please see our Privacy Policy for more information on data retention periods.

If you have any suggestions for improving the Dataguardian service, we would be delighted to hear from you. Please contact us through our contact page.