1-The Controller may set time frames for exercising the right to access Personal Data stated in Paragraph (2) of Article (4) herein as stipulated in the Regulations. The Controller may limit the exercise of this right in the following cases:

a) If this is necessary to protect the Data Subject or other parties from any harm, according to the provisions set forth the Regulations.

b) If the Controller is a Public Entity and the restriction is required for security purposes, required by another law, or required to fulfill judicial requirements.

2-The Controller shall prevent the Data Subject from accessing Personal Data in any of the situations stated in Paragraphs (1, 2, 3, 4, 5) and (6) of Article (16) herein.