§ 35 ThürDSG
Rectification and erasure of personal data
(1)and the restriction of processing (Article 4(1), Article 7(3), Article 5 of Directive (EU) 2016/680)
(2)The controller shall rectify personal data where they are inaccurate, and shall notify the body that previously transmitted the personal data to him or her of the rectification.
(3)The controller shall erase personal data without delay where their processing is unlawful, where they must be erased to comply with a legal obligation, or where knowledge of them is no longer necessary for the performance of his or her tasks.
(4)Instead of erasing the personal data, the controller may restrict their processing where 1. there is reason to believe that erasure would impair the legitimate interests of a data subject, 2. the personal data must be retained for the purposes of judicial proceedings, or 3. erasure is not possible or is possible only with disproportionate effort due to the particular nature of the storage. Data whose processing has been restricted pursuant to sentence 1 may only be processed for the purpose that precluded their erasure. In the case of automated filing systems, it shall be technically ensured that restriction of processing is clearly recognisable and that processing for other purposes is not possible without further review.
(5)In cases of rectification, erasure or restriction of processing pursuant to paragraphs 1 to 3, the controller shall notify other recipients to whom the data have been transmitted of these measures. The recipient shall rectify or erase the data or restrict their processing.
(6)Without prejudice to maximum storage or erasure periods laid down in legal provisions, the controller shall regularly review, at established intervals, whether the storage of personal data is still necessary for the performance of tasks or whether the data are to be erased (review period for disposal). Procedural safeguards shall be put in place to ensure that these periods are observed. zur Einzelansicht § 35