Data Subject Access Request

This document describes our procedure for handling Data Subject Access Requests under GDPR.

This procedure sets out the key features regarding handling or responding to requests for access to personal data made by data subjects, their representatives or other interested parties. This procedure enables us, Layerise ApS (“Company”, “we,” “us,” or “our”), to comply with EU GDPR 2016/679 General Data Protection Regulation (“GDPR”) obligations and enable individuals to verify that information held about them is accurate.


A Data Subject Access Request (“DSAR”) is any request made by an individual or an individual’s legal representative for information held by the Company about that individual. The Data Subject Access Request provides the right for data subjects to see or view their own personal data as well as to request copies of the data.

A Data Subject Access Request must be made in writing. In general, verbal requests for information held about an individual are not valid DSARs. In the event a formal Data Subject Access Request is made verbally to a staff member of the Company, the request will not be considered valid and no further actions will be taken by the Company.

Making an Request

A Data Subject Access Request can be sent to us by email at or by posting a letter the then-current address of our corporate headquarters set forth on our corporate website at

Requirements for Valid DSAR

In order to be able to respond to the DSAR in a timely manner, the data subject should provide the Company with sufficient information to validate their identity to ensure that the person requesting the information is the data subject or their authorized person.

Subject to the exemptions referred to in this document, the Company will provide information to data subjects whose requests are in writing, and are received from an individual whose identity can be validated by Company.

However, Company will not provide data where the resources required to identify and retrieve it would be excessively difficult or time-consuming. Requests are more likely to be successful where they are specific and targeted at particular information.


The Company is not required to respond to requests for information unless it is provided with sufficient details to enable the location of the information to be identified and to satisfy itself as to the identity of the data subject making the request.

In principle, the Company will not normally disclose the following types of information in response to a Data Subject Access Request:

  • Information about other people – A Data Subject Access Request may cover information which relates to an individual or individuals other than the data subject. Access to such data will not be granted unless the individuals involved consent to the disclosure of their data.
  • Publicly available information – The Company is not required to provide copies of documents which are already in the public domain.
  • Repeat requests – Where a similar or identical request in relation to the same data subject has previously been complied with within a reasonable time period, and where there is no significant change in personal data held in relation to that data subject, any further request made within a twelve (12) month period of the original request will be considered a repeat request. The Company will not provide a copy of the same data.


If the Company acts as a data controller towards the data subject making the request, then the DSAR will be addressed based on the provisions of this procedure.

If the Company acts as a data processor, Layerise will forward the request to the appropriate data controller on whose behalf the Company processes personal data of the data subject making the request.

Contact Us

If you have any questions about this DSAR, you can contact through our contact options here.

Have a question?


Trusted by companies like


Copyright © 2022 Layerise ApS. Made with 🧁  in Denmark · LinkedIn