Skip to main content
grid_view
Skode

Data Subject Access Requests (DSAR)

Last updated: March 15, 2026

Skode Technologies ("Skode," "we," "us," or "our") respects your rights over your personal data. This page explains the data rights available to you, how to submit a Data Subject Access Request (DSAR), and how we process these requests in compliance with applicable data protection laws including the GDPR, UK GDPR, CCPA/CPRA, and India's DPDPA.

1. Your Data Rights

Depending on your location and the applicable data protection laws, you may have some or all of the following rights regarding your personal data:

  • Right of Access (GDPR Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how and why we process it.
  • Right to Rectification (GDPR Article 16): You have the right to request correction of inaccurate personal data and completion of incomplete personal data we hold about you.
  • Right to Erasure (GDPR Article 17): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, when you withdraw consent, or when the data has been unlawfully processed.
  • Right to Restriction (GDPR Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you object to processing pending verification of legitimate grounds.
  • Right to Data Portability (GDPR Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to Object (GDPR Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • Right Related to Automated Decision-Making (GDPR Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

2. How to Submit a Request

You may submit a data subject request using any of the following methods:

When submitting a request, please provide:

  • Your full name.
  • The email address associated with your Skode account (if applicable).
  • The specific right(s) you wish to exercise.
  • Any additional information that helps us locate your data (e.g., account ID, company name).
  • Your country of residence (to determine applicable data protection law).

3. Identity Verification Process

To protect your privacy and prevent unauthorized access to your personal data, we must verify your identity before processing any data subject request. Our verification process varies based on the type of request:

  • Account Holders: If you have a Skode account, we will verify your identity by sending a verification code to the email address on file or by asking you to log in to your account and submit the request from within the platform.
  • Non-Account Holders: If you do not have a Skode account, we will ask you to provide at least two pieces of identifying information that match the data we hold (e.g., name, email, phone number, company).
  • Sensitive Requests: For requests involving sensitive data categories or requests for specific pieces of personal information, we may require additional verification such as government-issued ID or a signed declaration.

If we are unable to verify your identity, we will notify you and explain what additional information is needed. We will not process unverified requests.

4. Response Timeline

We are committed to responding to data subject requests within the timeframes required by applicable law:

  • GDPR (EU/EEA): Within 30 days of receiving a verified request. This period may be extended by an additional 60 days for complex or numerous requests. We will inform you of any extension within the initial 30-day period.
  • UK GDPR: Within 30 days, with the same extension provisions as the GDPR.
  • CCPA/CPRA (California): Within 45 calendar days of receiving a verified request. This period may be extended by an additional 45 days. We will inform you of any extension.
  • DPDPA (India): As specified by the rules issued under the Digital Personal Data Protection Act, 2023.
  • Other Jurisdictions: We will respond within the timeframe required by the applicable local data protection law. Where no specific timeframe is prescribed, we aim to respond within 30 days.

5. Request Categories

We process the following categories of data subject requests:

  • Access Requests: Provide a copy of your personal data and information about how it is processed.
  • Rectification Requests: Correct inaccurate or incomplete personal data.
  • Erasure Requests: Delete personal data (subject to legal exceptions).
  • Restriction Requests: Restrict processing of personal data.
  • Portability Requests: Provide personal data in a machine-readable format (JSON or CSV).
  • Objection Requests: Stop processing based on legitimate interests or for direct marketing.
  • Automated Decision-Making Requests: Provide information about automated decisions and request human review.

6. What We Provide

In response to a verified access request, we will provide:

  • The categories of personal data we process about you.
  • The specific pieces of personal data we hold.
  • The purposes of processing.
  • The categories of third parties with whom your data is shared.
  • The source of the data (if not collected directly from you).
  • The retention period or criteria used to determine it.
  • Information about any automated decision-making, including profiling.
  • Information about cross-border data transfers and safeguards.

Data will be provided in a commonly used electronic format (PDF for reports, JSON or CSV for data exports). We will deliver the response securely via encrypted email or a secure download link.

7. Exemptions

Certain exemptions may apply to your request under applicable law. We may be unable to fulfill your request in whole or in part if:

  • Compliance would adversely affect the rights and freedoms of others.
  • The data is subject to legal privilege (attorney-client privilege).
  • We are required to retain the data for legal, tax, or accounting obligations.
  • The data is necessary for the establishment, exercise, or defense of legal claims.
  • The request is manifestly unfounded or excessive (e.g., repetitive requests for the same data within a short period).
  • Deletion would prevent us from detecting fraud or security incidents.

If we rely on an exemption, we will inform you of the specific exemption and the reasons for our decision.

8. Third-Party Requests

If you are submitting a request on behalf of another person (e.g., as a parent, guardian, or authorized agent), you must provide:

  • Written authorization from the data subject (signed by the data subject).
  • Proof of your identity and your authority to act on the data subject's behalf.
  • For CCPA requests: A power of attorney or written permission signed by the California consumer.

We may also contact the data subject directly to confirm the authorization before processing the request.

9. Fees

Data subject requests are generally processed free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, particularly if the request is repetitive. The fee will be based on the administrative cost of providing the information or taking the requested action.

Under the CCPA, we will not charge a fee for processing requests unless the requests are excessive, repetitive, or manifestly unfounded.

10. Appeals Process

If you are dissatisfied with our response to your data subject request, you may:

  • Request Internal Review: Contact our Data Protection Officer at dpo@skodeai.com to request a review of the decision. We will respond to appeal requests within 15 business days.
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority. See our EU and UK Representative page for supervisory authority contact information.
  • Seek Judicial Remedy: You may have the right to seek a judicial remedy in the courts of the country where you reside or where the alleged infringement occurred.

11. Contact DPO

For questions about this page, the data subject request process, or your data rights, please contact our Data Protection Officer: