Rule 13
Rights of Data Principal
U/s 11(1), 12(3), 13(2) & 14(1)
| No | Description |
| (1) | For enabling data principals to exercise their rights under Chapter III of the Act, the Data Fiduciary and, where applicable, the Consent Manager, shall publish on her website or app or both, as the case may be,- |
| (a)The details of the means using which a Data Principal may make a request for the exercise of such rights | |
| (b)the particulars such as the user name or other identifier of such a data principal, which may be required to identify her under the terms of service of such data fiduciary or consent manager | |
| (c)the particulars, under the terms of service of such data fiduciary or Consent Manger which may be required to locate the previously given consent referred to in the Act in relation to the right to access information, right to correction of personal data or right to erasure of personal data, which may include the sequence of characters that uniqely identifies the consent artifact pertaining to such consent ; and | |
| (d)The details, under the terms of service of such data fiduciary or consent manager, regarding the form in which a request for nomination may be made, changed or withdrawn, and whether the data principal may nominate one or more individuals for the exercise of her rights in respect of processing of her personal data | |
| (2) | The information under sub-rule (1) shall be published in like manner as is provided in sub rule (2) of rule 5 |
| (3) | Rights of the Data Principal may be exercised by her using the means and furnishing the particulars and , where applicable, the details referred to in sub-rule (1) and making a request that describes- |
| (a) the information sought under the Right to Access information | |
| (b)the correction, completion or updating to be carried out under the right to correction of personal data | |
| (c)the erasure to be carried out under the right to erasure of personal data | |
| (d)the redressal sought under the right to grievance redressal or | |
| (e)the nomination sought under the right to nominate | |
| (4) | The Data Fiduciary or the Consent Manager, as the case may be, shall , on receipt of a grievance from any data principal,- |
| (a)Where any period is provided under any other law for the time being in force for the redressal of or response to such grievance, communicate its response to the grievance within such period; or | |
| (b)Where no such period is provided, communicate its response to the grievance within a period of seventy two hours of receipt of the grievance | |
| (5) | In this rule, the expression- |
| (a)"Identifier" means any sequence of charecters issued by the Data Fiduciary to identify the data principal and includes a customer identification file number, customer acquisition form number, application reference number enrolment ID or license number that enables such identification | |
| (b)"Right to Access Information" means the right referred to in Section 11 | |
| (c)"Right to correction of Personal Data" means the right of the data principal under section 12 to have her personal data corrected, completed or updated | |
| (d)"Right to erasure of personal Data" means the right of the Data Principal under Section 12 to erasure of her personal data | |
| (e)"Right to Grievance Redressal" means the right referred to in Section 13 | |
| (f)" Right to nominate" means the right referred to in section 14 | |
| (g)"user name" means the sequence of characters, issued by the Data fiduciary or generated by or using her computer resource that identifies the user account of the Data principal. | |