Last reviewed: 2 December 2024

☒       the identity and the contact details of the controller and, where applicable, of the controller's representative
☒       the purposes of the processing for which the personal data is intended
☒       the recipients or categories of recipients of the personal data, if any
☒       the existence of data subjects' rights, such as the right to access, rectification, erasure, data portability, etc.
☒       the right to lodge a complaint with a supervisory authority
☒       whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data
☒       other

• The existence of any relevant file, record, electronic database or database of any other kind and the identity and domicile of the individual or entity having responsibility over the database
• The procedure for data subjects to exercise their rights
• Consequences for providing inaccurate personal data

Moreover, DPA's Disposition No. 18/2015, which approves the "Guidelines on good privacy practices for the development of applications," recommends, among other things, clearly indicating the data protection principles applicable to the data processing, any transfer of personal data, any data processing service and any information related to the Data Protection Officer.

Although not expressly envisaged by Personal Data Protection Law No. 25,326, it is best practice (and a clear expectation of the DPA) to inform data subjects of the categories of personal data that will be collected/processed and to provide information on assignments and cross-border data transfers.

Last reviewed: 2 December 2024

☒ Yes

Data subjects have the following data privacy rights, although the specifics of the scope and conditions for each of these vary depending on the circumstances and local law:

☒       right to access the data subject's own personal data
☒       right to rectify/correct the data subject's own personal data where inaccurate or incomplete
☒       right to erasure of personal data
☒       right to withdraw consent
☒       other

• Right to information, defined as the ability of the data subject to request information from the DPA on the existence of databases, their purposes and the identity of those having responsibility over the databases
• Right to access, rectify or erase personal data collected through video surveillance systems
• Right to request an explanation of an automated-decision making
• Right to opt out from marketing communications

Last reviewed: 2 December 2024

There are accountability and governance requirements to:

☒       maintain a record of processing activities
☒       implement appropriate measures to comply with data privacy and cybersecurity
☒       demonstrate compliance with data privacy and cybersecurity

The remaining requirements (e.g., privacy by default and design, DPIAs, appointing local representatives in the jurisdiction) are included under certain guidelines, resolutions or dispositions of the DPA and the Draft Bill.