Data Protection and the Rights of Data Owners
Home Data Protection and the Rights of Data Owners

Data Protection and the Rights of Data Owners

Lorestan University, in accordance with data protection principles, has established clear rights for you as the data subject. This page explains these rights and how to exercise them.

1. Principles Governing Data Processing

  • Transparency: Any data collected from you is accompanied by clear information about the purpose, basis, and retention period.
  • Purpose Limitation: Data is used solely for the purposes stated in the privacy statement.
  • Data Minimization: Only data essential for providing the service is collected.
  • Accuracy: Data is kept up-to-date and corrected if necessary.
  • Retention Limitation: Data is deleted or anonymized after the legal need has ended.
  • Integrity and Confidentiality: Data is protected against unauthorized access, alteration, disclosure, and loss.
  • Accountability: The university is responsible for complying with these principles and makes evidence available to legal authorities.

2. Your Rights

  1. Right of Access: You can request to be informed of the list of personal data we have about you, the purpose of processing, and its recipients.
  2. Right to Rectification: If any of your data is incorrect or incomplete, request its correction.
  3. Right to Erasure ("Right to be Forgotten"): In situations where the data is no longer necessary for the original purpose, you have withdrawn your consent, or the data has been processed unlawfully, you can request its deletion. (Except in cases where the law mandates retention.)
  4. Right to Restriction of Processing: While your objection is being reviewed or data is being corrected, you can request that processing be stopped.
  5. Right to Object: You can object to processing based on legitimate interests.
  6. Right to Data Portability: Receive the data you have provided in a machine-readable format or transfer it to another party.
  7. Right to Withdraw Consent: In processing based on consent, you can withdraw your consent at any time (without affecting previous processing).

3. Request Procedure

To exercise any of the above rights, send your request with the following details to the Data Protection Officer:

  • Email: privacy@lu.ac.ir
  • Subject: "Data Subject Rights Request — [Type of Request]"
  • Text: Type of request, description of the data in question, preferred method of response.
  • Attachment: Valid identification document (to prevent disclosure of your data to others).

4. Response Time

Responses to requests are usually sent within 15 working days. In complex requests, this period may be extended to a maximum of 45 days with prior notification. Responding is free of charge; except for unfounded repetitive requests, where a reasonable fee for preparing a copy will be charged.

5. Right to Complain

If you do not find the response satisfactory, you can refer the matter to the following bodies:

  • Lorestan University Inspection Office
  • Working Group for Determining Instances of Criminal Content
  • Prosecutor's Office for Computer Crimes of Lorestan Province

6. Data Breaches

In the event of any data breach that threatens the rights and freedoms of users, the university will report the matter to affected users and supervisory bodies within 72 hours of notification and will inform them of the necessary measures to reduce harm.

7. Data Protection Officer (DPO)

The Data Protection Officer of Lorestan University is your point of contact for all data protection matters:

  • Email: privacy@lu.ac.ir
  • Phone: 066-33120106 IT Department Extension
  • Address: Lorestan, Khorramabad, Lorestan University, IT Management