|
Post by juthi52943 on Jan 4, 2024 4:35:03 GMT
Nordax by Iper did not allow the identification of the persons concerned. Moreover, Nordax did not process or store the complainants personal data, so the complainant should contact Iper directly with requests regarding his personal data. However, IMY stated that in order to be considered the controller of personal data in the case of processing, the entity does not have to have access to or store it. What matters is that such an entity decides on the purposes and Job Function Email List method of data processing. In the case at hand, such action took place on Nordaxs part although the data was processed by Iper, the data processing was carried out on behalf of Nordax and based on the selection criteria established by this entity. Due to the fact that Nordax determined the purposes and means of processing. Nordax had to be considered the data controller for the processing. In practice, this meant that Nordax was responsible for handling the complainants requests. Moreover, IMY found that the fact of receiving deidentified data from Iper had no bearing on Nordaxs responsibility for examining the complainants application. IMY pointed out that even information that can, even indirectly.
|
|