DeleteFreely

Your data. Your right to delete it. Free tools. No tracking.

← Your Rights

EU / EEA: GDPR Rights

The General Data Protection Regulation gives EU and EEA residents some of the strongest data rights in the world. Here is what you can do.

Deadline: Companies must respond within 30 days. They can extend to 90 days for complex requests, but must notify you within the first 30 days and explain why.

Your rights under the GDPR

Right of Access (Article 15)

Ask any company whether they process your personal data, and if so, receive a copy of it — what data they hold, why, who they share it with, where it came from, and how long they keep it.

Right to Rectification (Article 16)

Request correction of inaccurate personal data. If your data is incomplete, you can request it be completed.

Right to Erasure — "Right to Be Forgotten" (Article 17)

Request deletion of your personal data. Applies when the data is no longer needed for its original purpose, you withdraw consent, you object and the company has no overriding interest, or the data was processed unlawfully.

Right to Restriction of Processing (Article 18)

Tell a company to stop using your data while a dispute is pending — for example, while you contest the accuracy of data or challenge a deletion refusal.

Right to Data Portability (Article 20)

Receive your data in a machine-readable format (JSON, CSV) and transfer it to another service. Applies to data you provided and that is processed automatically.

Right to Object (Article 21)

Object to processing of your data for direct marketing (always succeeds) or for legitimate interests (company must show compelling grounds to continue).

Who the GDPR applies to

The GDPR applies to any company that processes personal data of people in the EU or EEA — regardless of where the company is based. A US company with EU customers is covered. A global platform with EU users is covered.

How to send a request

Use the company directory to find the privacy contact. Use the GDPR deletion template or access template. Send it directly to the company's data protection officer or privacy team.

If the company ignores you

File a complaint with your national Data Protection Authority. Find yours at the European Data Protection Board member list. See our escalation guide for what to include.

Cross-border requests

If a company operates in multiple EU countries, you can file a complaint with any DPA where you live or work, or where the alleged violation occurred. For companies headquartered in Ireland (Google, Meta, Apple), the Irish Data Protection Commission (DPC) is the lead supervisory authority.