Article 28

1.          A person who is notified of personal data concerning him, in accordance with Article 26, may request the responsible party to improve, supplement, delete or shield these data if they are factually incorrect, are incomplete or irrelevant for the purpose or purposes of the processing or are processed in contravention of any statutory provision. The request shall contain the changes to be made.

2.          The responsible party shall notify the applicant in writing of whether, or the extent to which he shall comply with the request, within four weeks of its receipt. A rejection of the request shall state the reasons for this.

3.          The responsible party shall ensure that a decision on improvement, supplementation, deletion or shielding is executed at the earliest opportunity.

4.          If the personal data are recorded on a data carrier in which no changes can be made, he shall make the provisions necessary to inform the user of the data that improvement, supplementation, removal or shielding are not possible despite the fact that there are grounds to adjust the data on the basis of this article.

5.          The first to fourth paragraphs do not apply to the public registers instituted by national ordinance if that national ordinance includes a special procedure for the improvement, supplementation, deletion or shielding of data.