Section 65 – Recording of information provided

(1) The register authority shall draw up records of the information it has provided, containing the following data:

1. the legal provision on which the information is based

2. the data of the corporation or the person used in the request and the provided information

3. the name of the person or body requesting or having requested the information and the name of the receiving person or body

4. the date on which the information was provided,

5. the name of the person who supplied the information or an identifier, except in the case of retrievals by automated means, and

6. the file number or the purpose of the information, if no information pursuant to Section 58 is available

(2) The protocol data may only be processed for internal auditing purposes and for data protection control. They shall be protected against misuse by suitable precautions. The protocol data shall be deleted after one year, unless they are still needed for purposes pursuant to sentence 1. Thereafter they shall be deleted immediately.

(3) If a person pursuant to article 15 of Regulation (EU) 2016/679 requests information on the protocol data stored in respect of him and if it emerges from the protocol data that information from the register has been provided to a body pursuant to Section 60 (1), the register authority shall decide on the provision of information in agreement with that body.