(1) The controller must give a data subject the following information -
(a) the identity and the contact details of the controller;
(b) the legal basis on which, and the purposes for which, the controller processes personal data;
(c) the categories of personal data relating to the data subject that are being processed;
(d) the recipients or the categories of recipients of the personal data (if applicable);
(e) the right to lodge a complaint with the Commissioner and the contact details of the Commissioner;
(f) how to exercise rights under this Chapter;
(g) any other information needed to secure that the personal data is processed fairly and transparently.
(2) The controller may comply with subsection (1) by making information generally available, where the controller considers it appropriate to do so.
(3) The controller is not required under subsection (1) to give a data subject information that the data subject already has.
(4) Where personal data relating to a data subject is collect
…