{"id":41195,"date":"2025-09-22T06:44:43","date_gmt":"2025-09-22T05:44:43","guid":{"rendered":"https:\/\/highpowerlasertherapy.com\/law\/?p=41195"},"modified":"2026-01-21T05:23:13","modified_gmt":"2026-01-21T04:23:13","slug":"right-of-access-under-the-gdpr-the-scope-of-article-15-of-the-avg","status":"publish","type":"post","link":"https:\/\/highpowerlasertherapy.com\/law\/right-of-access-under-the-gdpr-the-scope-of-article-15-of-the-avg\/","title":{"rendered":"Right of Access Under the GDPR: What Article 15 AVG Covers"},"content":{"rendered":"<p>Article 15 of the General Data Protection Regulation\u2014embedded in Dutch law through the Algemene Verordening Gegevensbescherming (AVG)\u2014gives every person the unambiguous right to discover whether an organization processes their personal data, to obtain a copy, and to see the surrounding context such as purposes, recipients, and retention periods. This right is the backbone of transparency and accountability: it lets individuals check what is held about them and forces companies to keep their data practices clean, documented, and defensible.<\/p>\n<p>Whether you are requesting your own HR file or preparing to answer a customer\u2019s subject-access request, knowing the exact scope and limits of Article 15 cuts the risk of fines, disputes, and reputational damage. In the pages that follow we translate the legal text into plain English, walk data subjects through a step-by-step request template, guide controllers on timelines, fees, and redaction duties, flag the Dutch-specific rules the Autoriteit Persoonsgegevens enforces, and close with practical checklists for both sides.<\/p>\n<h2>Decoding Article 15 AVG in Plain English<\/h2>\n<blockquote>\n<p>\u201cThe data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data\u2026\u201d \u2014 Article 15(1) <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/general-data-protection\/\">GDPR<\/a><\/p>\n<\/blockquote>\n<p>In plain language: you may ask any organization <em>\u201cDo you store data about me? If yes, show me what, why, with whom you share it, and how long you keep it.\u201d<\/em> That is the essence of the right of access under the GDPR; the scope of Article 15 of the AVG in the Netherlands is identical because the Dutch Uitvoeringswet AVG merely localizes enforcement without changing the substance.<\/p>\n<p>When you file a request, you are entitled to eight concrete items:<\/p>\n<ol>\n<li>Confirmation of processing<\/li>\n<li>A copy of the personal data<\/li>\n<li>The processing purposes<\/li>\n<li>Data categories involved<\/li>\n<li>Recipients or recipient categories<\/li>\n<li>Planned storage period or the criteria to determine it<\/li>\n<li>Other GDPR rights you can exercise<\/li>\n<li>Safeguards for any transfers outside the EEA<\/li>\n<\/ol>\n<p>The right is personal\u2014only the data subject (or a valid representative) can invoke it\u2014and it is <em>absolute<\/em> as to receiving your own data. Controllers may, however, trim or refuse access when other fundamental rights (trade secrets, privacy of third parties) would be harmed.<\/p>\n<h3>Legal Text vs. Layman\u2019s Terms<\/h3>\n<table>\n<thead>\n<tr>\n<th>Article 15 clause<\/th>\n<th>What it really means<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>15(1) <em>confirmation<\/em><\/td>\n<td>Ask \u201cyes\/no\u201d if they process your data.<\/td>\n<\/tr>\n<tr>\n<td>15(1) <em>access<\/em><\/td>\n<td>Get the actual data plus context.<\/td>\n<\/tr>\n<tr>\n<td>15(1)(c) <em>recipients<\/em><\/td>\n<td>Learn who sees or gets the data, inside or outside the firm.<\/td>\n<\/tr>\n<tr>\n<td>15(2) <em>third-country transfers<\/em><\/td>\n<td>Find out about data sent outside the EEA and the protections used.<\/td>\n<\/tr>\n<tr>\n<td>15(3) <em>copy<\/em><\/td>\n<td>Receive the information in a reusable digital format, free of charge.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Key Takeaways at a Glance<\/h3>\n<ul>\n<li>How long may a controller take? <strong>One month<\/strong>, extendable to three for complex cases.<\/li>\n<li>Can they charge me? <strong>No<\/strong>, unless the request is \u201cmanifestly unfounded or excessive.\u201d<\/li>\n<li>In what format will I receive the data? <strong>Secure electronic file<\/strong> (e.g., PDF or CSV) unless you ask otherwise.<\/li>\n<li>Must I use a special form? <strong>No<\/strong>; email, letter, or even a phone call counts.<\/li>\n<li>What if they hold nothing on me? They must say so in writing within the same deadline.<\/li>\n<\/ul>\n<h2>Who Can Exercise the Right and Towards Whom?<\/h2>\n<p>Under Article 4(1) GDPR a <em>data subject<\/em> is any living, identifiable natural person\u2014whether customer, employee, patient, or minor pupil. Each of them can invoke the right of access under the GDPR: the scope of Article 15 of the AVG does not discriminate by age, nationality, or residence. Requests must be addressed to the <em>controller<\/em>: the party that decides <strong>why<\/strong> and <strong>how<\/strong> the data are processed. A cloud provider or payroll bureau that merely stores the data is a <em><a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/controller-and-a-processor-roles-under-gdpr\/\">processor<\/a><\/em>; it must pass the request to the controller but cannot refuse direct instruction.<\/p>\n<p>Dutch residents may also aim their request at a foreign company that targets the Dutch market (e.g., an Irish-based social network). The one-month clock starts the moment that controller receives the request, regardless of where its servers live.<\/p>\n<h3>Special Situations: Representatives, Deceased Persons, Parents and Guardians<\/h3>\n<ul>\n<li>Minors and incapacitated adults: a parent, guardian, or curator may act on their behalf under Book 1 of the Dutch Civil Code.<\/li>\n<li>Schools and <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/employers-obligations-under-law\/\">employers<\/a>: pupils and employees <em>themselves<\/em> can file a Subject Access Request (SAR); representatives are optional, not required.<\/li>\n<li>Deceased persons fall outside GDPR, yet doctors, notaries, and insurers must still honor professional-secrecy rules before disclosing related files.<\/li>\n<\/ul>\n<h3>Controllers\u2019 Joint Responsibility in Shared Systems<\/h3>\n<p>When two or more organizations <em>jointly<\/em> determine the purposes or means of processing (Article 26 GDPR)\u2014for instance, an employer and its HR-software vendor\u2014they are <em>joint controllers<\/em>. They must transparently agree who answers Article 15 requests, and inform the data subject, but each remains liable if the other drops the ball.<\/p>\n<h2>What Must Be Disclosed: Data and Supplementary Information<\/h2>\n<p>When you invoke the right of access under the GDPR, the scope of Article 15 of the AVG obliges the controller to hand over two things: the <em>actual personal data<\/em> and a package of <em>contextual details<\/em>. Think of it as receiving both the photo and its caption. The legislation breaks the disclosure duty into eight buckets, listed below.<\/p>\n<table>\n<thead>\n<tr>\n<th>Art. 15(1) item<\/th>\n<th>What you should receive<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>(a) Confirmation<\/td>\n<td>A clear <strong>yes\/no<\/strong> whether your data is processed<\/td>\n<\/tr>\n<tr>\n<td>(b) Purposes<\/td>\n<td>The reasons the data exist (e.g., payroll, marketing)<\/td>\n<\/tr>\n<tr>\n<td>(c) Categories<\/td>\n<td>Types such as contact details, purchase history, GPS logs<\/td>\n<\/tr>\n<tr>\n<td>(d) Recipients<\/td>\n<td>Internal teams <strong>and<\/strong> external partners or processors<\/td>\n<\/tr>\n<tr>\n<td>(e) Retention<\/td>\n<td>Exact period or criteria (e.g., \u201c7 years for tax law\u201d)<\/td>\n<\/tr>\n<tr>\n<td>(f) Rights<\/td>\n<td>Reminder you may rectify, erase, restrict, object, complain<\/td>\n<\/tr>\n<tr>\n<td>(g) Source<\/td>\n<td>Where the data came from if not collected from you<\/td>\n<\/tr>\n<tr>\n<td>(h) Transfers<\/td>\n<td>Safeguards for any shipment outside the EEA<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Personal data is more than name and number. It covers behavioural profiles, inferred credit scores, CCTV footage, voice recordings, device IDs, and even seemingly dull metadata such as log-in timestamps\u2014anything that can be tied, directly or indirectly, to an identifiable person.<\/p>\n<h3>\u201cCopy of the Personal Data\u201d Explained<\/h3>\n<p>A <em>copy<\/em> means an intelligible reproduction, not the original paper file. Expect:<\/p>\n<ul>\n<li>A PDF of your payroll record<\/li>\n<li>CSV export of CRM notes<\/li>\n<li>ZIP with audio files of support calls<br \/>\nIf you emailed the request, the default delivery should also be electronic and in a \u201ccommonly used\u201d format unless you ask for paper.<\/li>\n<\/ul>\n<h3>Personal Data vs. Documents: Where to Draw the Line<\/h3>\n<p>Controllers must extract only the snippets that relate to you. For example, in a meeting memo containing several employees, your spoken remarks can be disclosed while colleagues\u2019 comments are redacted. Conversely, a signed <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/general-terms-and-conditions-explained\/\">employment contract<\/a> is disclosed in full because every clause concerns you.<\/p>\n<h3>Mandatory Supplementary Information<\/h3>\n<p>Beyond the data copy, the controller must explain: purposes, categories, recipients, retention, available rights, data sources, logic behind automated decisions (if any), and transfer safeguards. Keep an eye on vague answers\u2014\u201cfor business purposes\u201d or \u201cstored as long as necessary\u201d are unlikely to satisfy the Autoriteit Persoonsgegevens. Comprehensive, plain-language explanations are the best shield against complaints and fines.<\/p>\n<h2>How to Submit and Handle a Subject Access Request (SAR) in the Netherlands<\/h2>\n<p>A Subject Access Request can be made any way the data subject likes\u2014by phone, <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/email-data-protection-under-gdpr\/\">email<\/a>, letter, social-media DM, or even a chat bot. Article 12 GDPR forbids controllers from demanding a specific form, so \u201cI want a copy of all personal data you hold about me\u201d is enough to start the clock. Best practice, however, is to lodge a written record so both sides can track deadlines. Once the request lands, the controller must immediately (1) acknowledge receipt, and (2) diary the <strong>one-month<\/strong> response period. Silence or delay after that first month risks an Autoriteit Persoonsgegevens (AP) complaint and potential fines.<\/p>\n<p>Below is a concise, bilingual template data subjects can copy-paste; no legal jargon required.<\/p>\n<pre><code class=\"language-text\">Subject: Subject Access Request \u2013 Article 15 GDPR\/AVG\n\nDear [Controller],\n\nI hereby request, under Article 15 GDPR\/AVG, confirmation of whether you process my personal data. \nIf so, please provide a copy and the supplementary information listed in Article 15(1)(a-h).\n\nKind regards,\n[Name] | [Email] | [Any reference number]\n\n---\n\nOnderwerp: Verzoek om inzage \u2013 Artikel 15 AVG\/GDPR\n\nGeachte [Verwerkingsverantwoordelijke],\n\nIk verzoek u op grond van artikel 15 AVG om bevestiging of u mijn persoonsgegevens verwerkt. \nIndien dit het geval is, ontvang ik graag een kopie en de aanvullende informatie zoals genoemd in artikel 15 lid 1 onder a-h.\n\nMet vriendelijke groet,\n[Naam] | [E-mail] | [Eventuele referentie]\n<\/code><\/pre>\n<p>Controllers should create a simple intake workflow\u2014<a href=\"mailto:privacy@company.nl\">privacy@company.nl<\/a> mailbox, ticket number, automated confirmation\u2014to prove compliance later.<\/p>\n<h3>Identity Verification Without Over-Collecting<\/h3>\n<p>The controller must be \u201creasonable\u201d in checking who is asking without grabbing more data than it needs. The AP recommends:<\/p>\n<ul>\n<li>Match request details with existing account data (username, client ID) wherever possible.<\/li>\n<li>If extra proof is unavoidable, request a redacted passport or <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/fingerprint-scanning-gdpr\/\">driving-license scan<\/a> with the BSN, photo, and MRZ blacked out.<\/li>\n<li>Never keep copies longer than required for verification; log the fact of the check, then delete the file.<\/li>\n<\/ul>\n<h3>Logging and Record-Keeping for Accountability<\/h3>\n<p>A basic SAR log keeps regulators\u2014and your DPO\u2014happy. Record:<\/p>\n<ol>\n<li>Date received and channel (email, call, etc.)<\/li>\n<li>Identity-verification steps taken<\/li>\n<li>Scope of data located<\/li>\n<li>Internal teams involved<\/li>\n<li>Date and method of reply + any extensions claimed<\/li>\n<li>Summary of information provided or reasons for refusal<\/li>\n<\/ol>\n<p>Maintaining this register supports the Article 5 \u201caccountability\u201d principle and gives a ready-made audit trail if the AP knocks on your door.<\/p>\n<h2>Controllers\u2019 Timelines, Fees, and Delivery Formats<\/h2>\n<p>When the clock starts, controllers have <strong>one month<\/strong> to answer a subject-access request. They may extend once by <em>up to two additional months<\/em>, but only for complex or numerous requests <strong>and<\/strong> they must explain the delay within the first month. If no personal data is held, the controller must still reply within the same deadline and say so explicitly.<\/p>\n<p>Article 12(5) sets a zero-fee rule: access is free. A charge is allowed only when a demand is <em>\u201cmanifestly unfounded or excessive\u201d<\/em>\u2014think of an employee asking for identical copies every week, or a spammer requesting data on hundreds of fake profiles.<\/p>\n<p>Delivery must be in a \u201ccommonly used\u201d secure format. A quick comparison:<\/p>\n<table>\n<thead>\n<tr>\n<th>Format<\/th>\n<th>Pros<\/th>\n<th>Cons<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Encrypted PDF<\/td>\n<td>Readable; easy redaction<\/td>\n<td>Weak passwords possible<\/td>\n<\/tr>\n<tr>\n<td>CSV export<\/td>\n<td>Machine-readable; small size<\/td>\n<td>Harder for laypersons<\/td>\n<\/tr>\n<tr>\n<td>Secure portal<\/td>\n<td>2FA and audit trail<\/td>\n<td>Costly to maintain<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Whichever route is chosen, controllers should honor reasonable preferences and avoid proprietary lock-in.<\/p>\n<h3>Secure Transmission and Data Minimization<\/h3>\n<p>Never send unprotected spreadsheets by email. Use password-protected files (share the key separately), HTTPS portals with two-factor authentication, or registered mail for paper bundles. Before transmission, scrub third-party data with redaction software and remove surplus fields. This meets Article 5(1)(c) minimization while shielding co-workers, trade secrets, and bystanders.<\/p>\n<h2>Legitimate Grounds to Restrict or Refuse Access<\/h2>\n<p>Article 15 is powerful, yet not limitless. Paragraph 4 and Recital 63 make clear that a controller may trim or even refuse disclosure when handing over the information would collide with other fundamental rights or be plainly unreasonable. The burden of proof sits with the controller: you must <strong>document<\/strong> why full access would undermine those competing interests and how you mitigated the impact (e.g., partial redaction).<\/p>\n<h3>Protecting Third-Party Privacy<\/h3>\n<p>Disclosing an email chain that also names colleagues or customers can reveal <em>their<\/em> personal data. Dutch case law (Rb. Midden-Nederland, ECLI:NL:RBMNE:2023:1204) confirms that controllers may blank out or summarise third-party identifiers, provided the requester still understands the context. Techniques:<\/p>\n<ul>\n<li>Black-line names and phone numbers<\/li>\n<li>Replace with neutral terms (\u201canother employee\u201d)<\/li>\n<li>Supply extracts instead of the whole file<\/li>\n<\/ul>\n<h3>Trade Secrets, Intellectual Property, and Copyright<\/h3>\n<p>Companies need not open their algorithmic kimono. If revealing source code, pricing formulas, or copyrighted material would expose confidential know-how, Article 15(4) allows a calibrated response. Typical workaround: describe the logic of an automated decision in plain English, not the full code; give excerpts of a contract schedule, not the proprietary template. Always explain why deeper disclosure would harm commercial interests.<\/p>\n<h3>Preventing Abuse of Rights<\/h3>\n<p>A request is <em>manifestly unfounded or excessive<\/em> when it is repetitive, harassing, or deliberately burdensome\u2014think weekly copy-paste SARs after full data was already delivered. Controllers may then:<\/p>\n<ol>\n<li>Charge a \u201creasonable fee\u201d reflecting administrative cost, <strong>or<\/strong><\/li>\n<li>Refuse to act altogether.<br \/>\nEither way, you must justify the stance in writing and inform the data subject of their right to complain to the Autoriteit Persoonsgegevens.<\/li>\n<\/ol>\n<h2>Seeking Redress: Complaints and Litigation in the Netherlands<\/h2>\n<p>When a controller misses the mark, data subjects have quick, escalating options to enforce the right of access under the GDPR (the scope of Article 15 of the AVG).<\/p>\n<ol>\n<li><strong>Internal nudge.<\/strong> Send a dated reminder referencing Article 15 and the elapsed deadline; most organizations comply once prompted.<\/li>\n<li><strong>Autoriteit Persoonsgegevens complaint.<\/strong> File online. The AP can order disclosure, impose daily penalty payments, or levy administrative fines. Simple cases often close within three months.<\/li>\n<li><strong>Civil court action.<\/strong> Under Article 82 GDPR <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/dutch-law-preliminary-hearings-explained\/\">Dutch courts<\/a> may grant injunctions and award compensation. Recent rulings have granted \u20ac250\u2013\u20ac2 500 for distress, with fast-track <em>kort geding<\/em> relief available for urgent employment rows.<\/li>\n<\/ol>\n<h3>Cross-Border Cooperation and the One-Stop-Shop<\/h3>\n<p>A Dutch resident may still complain to the AP even if the controller\u2019s EU headquarters sits elsewhere. The AP forwards the file via the GDPR <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/cross-border-criminal-investigations-your-rights-and-defence-2\/\">One-Stop-Shop<\/a>, and the <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\/blog\/european-commission-demands\/\">European Data Protection Board<\/a> can break any regulatory deadlock\u2014so geography is no barrier to getting your data.<\/p>\n<h2>Compliance Blueprint for Organizations<\/h2>\n<p>A tidy SAR process starts long before the first request arrives. Build these essentials and 90 % of access headaches disappear:<\/p>\n<ul>\n<li>Publish a short, plain-English SAR policy and point staff to it.<\/li>\n<li>Keep your Records of Processing Activities (RoPA) up to date\u2014so you know where data lives.<\/li>\n<li>Map retention periods and deletion triggers; stale data is data you never need to hand over.<\/li>\n<li>Maintain a step-by-step redaction workflow with dual-control review.<\/li>\n<li>Log every request, decision, and deadline for Article 5 <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/vectorcare.com\/blog-posts\/healthcare-compliance-regulations\">accountability<\/a>.<\/li>\n<li>Run annual tabletop drills to test speed, clarity, and chain of command.<\/li>\n<\/ul>\n<p>Train front-office, HR, and IT on spotting and triaging verbal requests; one missed phone call can start the penalty clock.<\/p>\n<h3>Automation and Tools<\/h3>\n<p>Use data-discovery software, ID-verification APIs, and secure download portals to find, package, and transmit data quickly\u2014always leaving room for human sense-checking and context.<\/p>\n<h3>Integration with Other Data Subject Rights<\/h3>\n<p>Design the SAR workflow to branch into rectification, erasure, or portability actions; one coherent pipeline avoids duplicate searches and inconsistent answers.<\/p>\n<h2>Empowering Data Subjects: Practical Tips for Effective Requests<\/h2>\n<p>A clear, well-scoped SAR saves everyone time and makes it harder for the controller to stall. Try these tactics:<\/p>\n<ul>\n<li>Pinpoint <strong>what<\/strong> you want: \u201cAll e-mails between me and manager Jansen from 1 Jan \u2013 31 Mar 2024.\u201d<\/li>\n<li>Mention <strong>where<\/strong> it sits: \u201cHR system and help-desk tickets.\u201d<\/li>\n<li>State your <strong>preferred format<\/strong> (CSV, PDF) and secure channel.<\/li>\n<li>Flag urgency when relevant (\u201cupcoming <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/teachers-blog.com\/report-card-comments-for-struggling-students\/\">performance review<\/a> on 15 Oct\u201d).<\/li>\n<\/ul>\n<p>Once the data lands, scan for errors or gaps and immediately fire off a rectification or erasure request\u2014riding the same evidence trail keeps momentum.<\/p>\n<h3>Escalation Strategy if Ignored<\/h3>\n<p>Day 31 and still radio silence? Keep it polite but firm:<\/p>\n<pre><code class=\"language-text\">Subject: Reminder \u2013 Article 15 GDPR\/AVG request overdue\n\nDear [Controller],\n\nOn [date] I requested access to my personal data. The one-month term has passed without a response. \nPlease provide the information within seven days or explain the lawful basis for any refusal. \nFailing that, I will file a complaint with the Autoriteit Persoonsgegevens and consider civil action.\n\nRegards,\n[Name]\n<\/code><\/pre>\n<p>Document every step (dates, emails, phone logs). If the extra week expires, lodge an online complaint with the AP and attach your evidence bundle; courts and regulators favor well-organized claimants.<\/p>\n<h2>Wrapping Up Your Right of Access<\/h2>\n<p>Article 15 GDPR\/AVG puts individuals in the driver\u2019s seat: you can ask, see, and challenge what an organization does with your data. For controllers, clear procedures, tidy records, and sensible redactions are not optional\u2014they are the only way to hit the one-month deadline and dodge the Autoriteit Persoonsgegevens\u2019 glare.<\/p>\n<p>Remember the basic playbook:<\/p>\n<ul>\n<li>request can be informal,<\/li>\n<li>response must be free, timely, and complete,<\/li>\n<li>limits are narrow and must be justified,<\/li>\n<li>partial disclosure beats blanket refusal.<\/li>\n<\/ul>\n<p>Follow those rules and the right of access becomes a routine compliance task instead of a courtroom headache.<\/p>\n<p>Need a tailor-made SAR template, help untangling third-party data, or strategy for a stubborn controller? The privacy attorneys at <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/highpowerlasertherapy.com\/law\">Law &amp; More<\/a> are ready to step in\u2014whether you\u2019re a data subject seeking answers or a company seeking certainty.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Article 15 of the General Data Protection Regulation\u2014embedded in Dutch law through the Algemene Verordening Gegevensbescherming (AVG)\u2014gives every person the unambiguous right to discover whether an organization processes their personal data, to obtain a copy, and to see the surrounding context such as purposes, recipients, and retention periods. This right is the backbone of transparency [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":41449,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6404],"tags":[],"class_list":["post-41195","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-law"],"_links":{"self":[{"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/posts\/41195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/comments?post=41195"}],"version-history":[{"count":1,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/posts\/41195\/revisions"}],"predecessor-version":[{"id":259532,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/posts\/41195\/revisions\/259532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/media\/41449"}],"wp:attachment":[{"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/media?parent=41195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/categories?post=41195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/highpowerlasertherapy.com\/law\/wp-json\/wp\/v2\/tags?post=41195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}