Skip to main content

Your Users' Rights – How We Support You

Who is this page for? This page is for companies and admins using Sally AI. If your employees or users ask what data Sally holds about them, or request that their data be deleted, you, as the company, are the right point of contact. Sally AI stores the data technically, but you decide what happens to it. We then carry out your instruction.

The 6 GDPR Rights

The GDPR gives every user specific rights over what happens to their personal data. When a user exercises one of these rights, you as the company are responsible for responding. Sally AI supports you technically. Here are the 6 rights at a glance:

👁️
Right of Access
Art. 15 GDPR

Users have the right to know what personal data is stored about them, how it is used, and who it is shared with.

We provide a full data export on instruction
✏️
Right to Rectification
Art. 16 GDPR

Users can request correction of inaccurate personal data held about them.

Corrections executed on documented instruction
🗑️
Right to Erasure
Art. 17 GDPR

Users have the right to be forgotten, meaning they can request deletion of their personal data where there is no longer a lawful basis to retain it.

Executed within 5 business days
⏸️
Right to Restriction
Art. 18 GDPR

Users can request that processing of their data is paused while a dispute over accuracy or lawfulness is resolved.

Processing paused on instruction
📦
Right to Data Portability
Art. 20 GDPR

Users can request their data in a structured, commonly used, machine-readable format for transfer to another service.

Export in machine-readable format
🚫
Right to Object
Art. 21 GDPR

Users may object to the processing of their personal data, in particular where processing is based on legitimate interests.

Objection handled on your instruction

Our Response SLA

When you send us a documented instruction to fulfil a data subject request, we commit to the following service levels:

5 business days
for technical execution of your instruction
Machine-readable
format for all data export requests
Full audit log
of every action executed by Sally AI

How It Works: Standard Workflow

1
User submits a rights request to you

Your end user contacts you, the Data Controller, with a request to access, correct, delete, or export their data.

2
You verify the user's identity

As the controller, you are responsible for confirming the identity of the person making the request before acting on it.

3
You instruct Sally AI, and we execute technically

You send a documented instruction to Sally AI. We carry out the technical action (export, correction, or erasure) with full logging.

4
You receive confirmation and respond to your user

We send you confirmation and full documentation of the action taken. You then close the loop with your user within the statutory deadline.

Meeting Participants

Are you looking for information about rights for meeting participants who are not your employees (external participants)? → Meeting Participant Privacy

Contact

Questions about executing rights requests?
Our data protection team is happy to help.
📧 privacy@sally.io