������Ƶ

A Subject Access Request is your legal right to ask any organization what personal data they have about you. Under Belgian privacy law and GDPR, companies must tell you what information they've collected, how they use it, and who they share it with. You can submit this request verbally or in writing, and organizations have 30 days to respond.

When you make this request, organizations must provide a copy of your data in a clear format. They should also explain their reasons for processing your information and tell you how long they plan to keep it. Belgian residents can file complaints with the Data Protection Authority if organizations don't properly handle their requests.

Use a Subject Access Request when you need to understand exactly what personal information an organization holds about you. Common situations include applying for jobs and wanting to see your candidate profile, checking what health data your medical providers maintain, or investigating suspicious financial transactions on your accounts.

This tool becomes especially valuable when dealing with Belgian government agencies, insurance companies, or employers who may have collected extensive data about you over time. It's particularly useful before taking legal action, when moving between service providers, or if you suspect your data isn't being handled properly under Belgian privacy laws.

• Basic written requests: The standard way to ask for your personal data, usually sent by email or letter to the organization's Data Protection Officer
• Online form submissions: Many Belgian companies now offer dedicated web forms for filing Subject Access Requests through their websites
• Verbal requests: While less common, you can make these in person or by phone, though it's harder to prove you made the request
• Third-party requests: When someone else (like a lawyer or guardian) makes the request on your behalf, requiring proof of authorization
• Specific data category requests: Targeted requests focusing on particular types of data, such as medical records or employment information

• Data Subjects: Any individual in Belgium can submit a Subject Access Request to learn what personal data organizations hold about them
• Data Protection Officers: Handle and coordinate responses to requests within their organizations, ensuring compliance with Belgian privacy laws
• Legal Representatives: Help individuals draft requests or represent them in disputes over access rights
• Company Privacy Teams: Process requests, gather relevant data, and prepare responses within the 30-day deadline
• Belgian Data Protection Authority: Oversees compliance and handles complaints when organizations fail to properly respond to requests

• Personal Details: Gather your full name, address, and any account numbers or reference codes related to the organization
• Organization Contact: Identify the correct Data Protection Officer or privacy team's contact information
• Data Scope: Specify exactly what personal information you're seeking - be specific about time periods and categories
• Identity Proof: Prepare a copy of your Belgian ID card or passport to verify your identity
• Request Format: Our platform generates legally-compliant Subject Access Requests, ensuring all required elements are included
• Delivery Method: Choose how you want to receive the information (email, post, or digital download)

• Identity Verification: Clear statement of your name and contact details, plus proof of identity
• Request Scope: Specific description of the personal data you're requesting access to
• Time Period: Clear indication of the relevant timeframe for the data request
• Response Format: Statement of how you want to receive the information
• Legal Basis: Reference to GDPR Article 15 and Belgian Data Protection Act rights
• Response Timeline: Mention of the 30-day legal response deadline
• Third-Party Authorization: If applicable, proof of authority to act on someone else's behalf

A Subject Access Request is often confused with an Authorization Letter, but they serve distinctly different purposes in Belgian privacy law. While both deal with personal information, their scope and legal effects differ significantly.

• Purpose: Subject Access Requests specifically demand access to personal data held by organizations, while Authorization Letters grant permission to third parties to act on your behalf
• Legal Framework: Subject Access Requests operate under GDPR and Belgian Data Protection Law, whereas Authorization Letters function under general contract law
• Response Requirements: Organizations must respond to Subject Access Requests within 30 days by law, but Authorization Letters have no mandatory response timeline
• Information Scope: Subject Access Requests cover all personal data processing activities, while Authorization Letters typically focus on specific actions or transactions
• Duration: Subject Access Requests are one-time inquiries, whereas Authorization Letters can remain valid for extended periods