Template · DSR REPLY
DSR reply template · GDPR Article 15 access request
Law: GDPR — General Data Protection Regulation
Free for any use
Template body
Subject: Re: Data Subject Access Request — {{ticket_id}}
Dear {{requestor_name}},
Thank you for your request received on {{request_received_date}}. This is our response under GDPR Article 15.
## Identity verification
We verified your identity via {{identity_method}} on {{identity_verified_date}}. Thank you for cooperating.
## What we hold about you
### Account data
| Field | Value |
|---|---|
| Email | {{user_email}} |
| Account created | {{account_created}} |
| Last login | {{last_login}} |
| Account status | {{account_status}} |
### Activity data
{{activity_summary}}
### Communications
We have the following correspondence on file: {{correspondence_list}}
### Sub-processors with access
{{sub_processors_list}}
### Retention
{{retention_per_category}}
## Categories of data we don't have
For completeness: we do not hold any of the following about you — payment card details (handled exclusively by {{payment_processor}}), biometric data, health data, racial/ethnic origin, political opinions.
## Source of data
All data was collected directly from you via the service interface, except {{enrichment_sources_or_none}}.
## Recipients of data
We have shared your data with the sub-processors listed above. We have not sold or transferred your data to third parties for their independent use.
## International transfers
{{transfer_summary}}
## Your other rights (Articles 16–22)
- **Rectification (Art 16)** — reply to this email with corrections
- **Erasure (Art 17)** — right to be forgotten in defined circumstances
- **Restriction (Art 18)** — pause processing while a dispute is resolved
- **Portability (Art 20)** — we can export your data in JSON format
- **Object (Art 21)** — to processing based on legitimate interest
## Right to complain
You may lodge a complaint with your supervisory authority. For your jurisdiction ({{user_jurisdiction}}), the contact is: {{dpa_contact}}.
If you believe any of this information is incorrect or incomplete, please reply within 14 days.
Best regards,
{{dpo_name}}
Data Protection Officer
{{controller_name}}
{{dpo_email}}
---
Sent in response to ticket {{ticket_id}} on {{response_date}}.
Within 30-day GDPR Art 12(3) timeframe ({{days_taken}} days).
Variables to fill in
| Variable | Type |
|---|---|
| {{dpo_name}} | string |
| {{dpo_email}} | string |
| {{ticket_id}} | string |
| {{days_taken}} | int |
| {{last_login}} | datetime |
| {{user_email}} | string |
| {{dpa_contact}} | string |
| {{response_date}} | date |
| {{account_status}} | string |
| {{requestor_name}} | string |
| {{account_created}} | date |
| {{controller_name}} | string |
| {{identity_method}} | string |
| {{activity_summary}} | string |
| {{transfer_summary}} | string |
| {{payment_processor}} | string |
| {{user_jurisdiction}} | string |
| {{correspondence_list}} | string |
| {{sub_processors_list}} | string |
| {{request_received_date}} | date |
| {{identity_verified_date}} | date |
| {{retention_per_category}} | string |
| {{enrichment_sources_or_none}} | string |