data rights
22 min read
15 Jan 2025

Understanding Your Rights Under GDPR/CCPA

Complete legal guide to your data protection rights under GDPR, CCPA, and other privacy laws

Understanding Your Rights Under GDPR/CCPA

Comprehensive guide to your data protection rights under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy laws.

Overview of Applicable Privacy Laws

General Data Protection Regulation (GDPR)

Applies to: All EU residents and citizens, regardless of location Key Features:

  • Comprehensive data protection framework
  • Strong individual rights and controls
  • Significant penalties for violations
  • Global impact on privacy practices

California Consumer Privacy Act (CCPA)

Applies to: California residents and their personal information Key Features:

  • Consumer privacy rights and business obligations
  • Right to know, delete, and opt-out
  • Non-discrimination provisions
  • Business transparency requirements

Other International Laws

Additional Protections:

  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • UK: Data Protection Act 2018 (UK-GDPR)
  • Australia: Privacy Act 1988
  • Brazil: Lei Geral de Proteção de Dados (LGPD)

Your Fundamental Data Rights

Right to Information (Transparency)

What This Means:

  • Clear information about how your data is processed
  • Purpose and legal basis for data collection
  • Categories of data we collect and process
  • Who we share your data with and why
  • How long we retain your information

How Tabbio Complies:

  • Comprehensive privacy policy in plain language
  • Clear data collection notices during signup
  • Regular updates when processing practices change
  • Accessible information about data use

Right of Access (Data Portability)

What This Means:

  • Request a copy of all personal data we hold about you
  • Receive data in a structured, machine-readable format
  • Information about how your data is being processed
  • Details about third parties who have received your data

How to Exercise This Right:

  1. Email Request: Send to ahmed@tabbio.com
  2. Subject Line: "GDPR/CCPA Data Access Request"
  3. Include: Full name, registered email, specific data requested
  4. Response Time: Within 30 days (GDPR) or 45 days (CCPA)
  5. Format: JSON or CSV files with all your data

Right to Rectification (Correction)

What This Means:

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update outdated information
  • Challenge automated decision-making based on incorrect data

How to Exercise This Right:

  • Self-Service: Update most information in Account Settings
  • Support Request: Email ahmed@tabbio.com for complex corrections
  • Verification: We may request proof for significant changes
  • Timeline: Corrections made within 72 hours when possible

Right to Erasure ("Right to be Forgotten")

What This Means:

  • Request deletion of your personal data
  • Withdraw consent for data processing
  • Object to processing for legitimate interests
  • Data no longer necessary for original purpose

When This Right Applies:

  • ✅ You withdraw consent for processing
  • ✅ Data no longer needed for original purpose
  • ✅ You object to processing and no overriding interests exist
  • ✅ Data has been unlawfully processed
  • ❌ Legal obligations require us to keep certain data
  • ❌ Freedom of expression and information rights apply

Right to Restrict Processing

What This Means:

  • Limit how we use your data while maintaining storage
  • "Freeze" your data during disputes or verification
  • Maintain data but stop active processing
  • Apply restrictions to specific data categories

When You Can Request This:

  • Accuracy of data is contested
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of grounds

Right to Data Portability

What This Means:

  • Receive your data in a portable format
  • Transfer data directly to another service (where technically feasible)
  • Move your professional profile to competitors
  • Maintain control over your career data

Technical Implementation:

  • Export Format: JSON, CSV, or PDF
  • Data Included: Profile, connections, messages, application history
  • Transfer Options: Direct download or API transfer (where available)
  • Timeline: Available within 30 days of request

Right to Object

What This Means:

  • Object to processing based on legitimate interests
  • Stop direct marketing communications
  • Object to profiling for marketing purposes
  • Challenge automated decision-making

Absolute Right to Object:

  • ✅ Direct marketing (including profiling for marketing)
  • ✅ Scientific/historical research (with exceptions)
  • ✅ Automated decision-making with significant effects

Conditional Right to Object:

  • Processing based on legitimate interests (we must demonstrate compelling grounds)
  • Public interest or official authority tasks

Specific Rights Under GDPR

Automated Decision-Making and Profiling

Your Rights:

  • Not to be subject to solely automated decision-making
  • Human review of automated decisions that significantly affect you
  • Explanation of automated decision-making logic
  • Challenge automated decisions

How Tabbio Uses Automation:

  • AI Profile Enhancement: Optional, user-controlled
  • Job Matching: Algorithm-assisted, not solely automated
  • Spam Detection: Automated but with human review option
  • Security Monitoring: Automated alerts with manual review

Data Protection Officer (DPO) Contact

Our Commitment:

  • Designated Data Protection Officer for EU operations
  • Direct contact for privacy concerns and requests
  • Independent oversight of data protection practices
  • Regular compliance auditing and reporting

Contact Information:

  • Email: dpo@tabbio.com
  • Response Time: 5 business days for DPO-specific issues
  • Languages: English, Arabic (translation available for other EU languages)

Specific Rights Under CCPA

Right to Know (Categories and Sources)

What Information You Can Request:

  • Categories of personal information collected
  • Categories of sources of personal information
  • Business purpose for collecting personal information
  • Categories of third parties we share information with
  • Specific pieces of personal information about you

Right to Delete

Broader Than GDPR:

  • Request deletion of personal information
  • Apply to information collected from you directly
  • Include information collected about you from third parties
  • Exceptions for necessary business operations

Right to Opt-Out of Sale

What This Means:

  • Tabbio Position: We do not sell personal information
  • If We Did: You could opt-out at any time
  • Monitoring: We continuously ensure no data sales occur
  • Global Privacy Control: We honor GPC signals automatically

Right to Non-Discrimination

Protection Against Retaliation:

  • Cannot deny services for exercising privacy rights
  • Cannot charge different prices for privacy choices
  • Cannot provide different service levels
  • Cannot suggest you'll receive lesser service

Financial Incentives:

  • Any data-for-value programs must be clearly disclosed
  • Must provide clear opt-in and opt-out mechanisms
  • Calculate and disclose value of personal information
  • Currently, Tabbio offers no financial incentive programs

How to Exercise Your Rights

Self-Service Options

Account Settings:

  • Profile Data: Edit directly in your profile
  • Privacy Settings: Control visibility and sharing
  • Communication Preferences: Manage email and notifications
  • Data Download: Basic profile export available
  • Account Deletion: Immediate self-service option

Formal Rights Requests

Email Process:

  1. Email: ahmed@tabbio.com
  2. Subject: Specify your request type (e.g., "GDPR Access Request")
  3. Include:
    • Full legal name
    • Registered email address
    • Specific rights you want to exercise
    • Any relevant details or timeframes
    • Proof of identity (for significant requests)

Identity Verification

For Security and Legal Compliance:

  • Low-Risk Requests: Email verification sufficient
  • High-Risk Requests: Government-issued ID required
  • Third-Party Requests: Power of attorney or legal documentation
  • Emergency Requests: Expedited verification process available

Response Timelines

Legal Requirements:

  • GDPR: 1 month (extendable to 3 months for complex requests)
  • CCPA: 45 days (extendable to 90 days with notice)
  • Tabbio Standard: We aim to respond within 7-14 days
  • Urgent Requests: Same-day response for security issues

Limitations and Exceptions

When We Cannot Fulfill Requests

Legal Limitations:

  • Legal Obligations: Required to retain data by law
  • Vital Interests: Protection of life, health, or safety
  • Public Interest: Official authority or public task
  • Legitimate Interests: Compelling reasons override your interests
  • Freedom of Expression: Journalism, academic, artistic expression

Business-Specific Exceptions

Professional Networking Context:

  • Legal Claims: Data needed for potential legal proceedings
  • Security Monitoring: Fraud prevention and platform security
  • Regulatory Compliance: Employment law, financial regulations
  • Third-Party Rights: Other users' privacy and legitimate interests

Technical Limitations

What We Cannot Always Provide:

  • Data from before our current systems (legacy data)
  • Information that would reveal other users' personal data
  • Data that exists only in aggregate or anonymized form
  • Information processed by third-party integrated services

International Data Transfers

GDPR Transfer Mechanisms

How We Protect Your Data:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contract terms
  • Binding Corporate Rules: Internal data protection policies
  • Derogations: Specific situations allowing transfers

Your Rights Regarding Transfers

What You Can Request:

  • Information about which countries receive your data
  • Details about safeguards in place for transfers
  • Copy of transfer agreements (with redactions for confidentiality)
  • Object to transfers that don't meet adequacy standards

Current Tabbio Transfer Practices

Our Global Operations:

  • Primary Processing: EU/EEA and UK
  • Cloud Services: Major providers with adequate protections
  • Support Operations: UAE (adequacy decision pending)
  • Development: Limited access with strict contractual safeguards

Enforcement and Complaints

Internal Complaints Process

First Steps:

  1. Contact: ahmed@tabbio.com with detailed complaint
  2. Escalation: Request DPO review if unsatisfied
  3. Timeline: Response within 30 days
  4. Documentation: Keep records of all communications

Supervisory Authority Complaints

GDPR Complaints (EU Residents):

  • Lead Authority: Country where you habitually reside
  • Alternative: Country where alleged violation occurred
  • Ireland: Our EU lead supervisory authority
  • Timeline: No time limit, but file promptly

Popular EU Data Protection Authorities:

  • Ireland: Data Protection Commission (dataprotection.ie)
  • Germany: Federal Commissioner for Data Protection
  • France: CNIL (Commission Nationale de l'Informatique et des Libertés)
  • Netherlands: Autoriteit Persoonsgegevens

CCPA Complaints

California Residents:

  • Attorney General: California Department of Justice
  • Timeline: File within reasonable time of violation
  • Requirements: Must usually attempt resolution with business first
  • Remedies: Statutory damages, injunctive relief

Class Action Rights

Collective Legal Action:

  • GDPR: Representative actions by approved organizations
  • CCPA: Private right of action for data breaches
  • International: Various collective remedy mechanisms
  • Legal Costs: Many jurisdictions allow cost recovery

Practical Tips for Exercising Rights

Before Making a Request

Preparation Steps:

  • [ ] Check if you can address the issue through account settings
  • [ ] Clearly identify which rights you want to exercise
  • [ ] Gather any relevant documentation or evidence
  • [ ] Consider whether you want to consult with a privacy lawyer
  • [ ] Understand potential consequences (e.g., service limitations after deletion)

Documentation Best Practices

Keep Records Of:

  • All communications with Tabbio about privacy rights
  • Screenshots of relevant account settings or data
  • Copies of any documentation you provide
  • Timeline of events leading to your request
  • Any responses or actions taken by Tabbio

Working with Privacy Advocates

When to Seek Help:

  • Complex legal questions about your rights
  • Disputes with our responses to requests
  • Understanding implications of exercising rights
  • Coordinating with other users for collective action

Future-Proofing Your Privacy Rights

Staying Informed

Regular Updates:

  • Subscribe to our privacy policy update notifications
  • Follow developments in privacy law in your jurisdiction
  • Understand how new technologies affect your rights
  • Join privacy advocacy organizations if desired

Proactive Privacy Management

Best Practices:

  • [ ] Regular review of privacy settings (quarterly)
  • [ ] Annual data access request to understand what we hold
  • [ ] Keep contact information updated for privacy notices
  • [ ] Use privacy-enhancing features when available
  • [ ] Consider privacy implications of new features before using

Your privacy rights are fundamental protections, not just legal technicalities. We're committed to making these rights meaningful and accessible, regardless of the complexity of privacy law.

Next Steps

Was this article helpful?

Table of Contents

Related Articles

Data Privacy Rights: Request, Access, Delete

20 min read

How to Delete Your Tabbio Account

15 min read

How to Control Your Contact Information

15 min read

Tags

GDPR rightsCCPA compliancedata protection lawsprivacy rightsdata subject rights

Need More Help?

Your SmartCV works 24/7: live, trackable, shareable, with recruiter tools built in.

LinkedIn

Platform

Legal

TABBIO TECHNOLOGY © 2025