THE TRANSFER OF PERSONAL DATA ABROAD

Size: px
Start display at page:

Download "THE TRANSFER OF PERSONAL DATA ABROAD"

Transcription

1 THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE CURRENT DATA PROTECTION OBLIGATION. THE PURPOSE OF THIS NOTE The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 (the Acts) govern the treatment of personal data by businesses and organisations in Ireland. This note considers:- the minimum legal standards for the transfer of personal data abroad without committing an offence under the relevant Acts; the concept of best practice in data protection of an organization or group; and the data protection obligation of an Irish organisation or business (Transferor) which controls personal data contemplating the transfer personal data abroad for storage or processing. It is not intended to cover all Irish data protection requirements. When referring to data being transferred, it is assumed for the purposes of any transfer discussed, that the requirements under the Acts have been complied with in respect of it up to the point of transfer. Three categories of transferee country are to be distinguished according to the Act: First Category: Second Category: Third Category: A country within the EEA or on the EU approved list The US A country outside the US and not on the EU approved list 1

2 RELEVANT POINTS The following points are relevant to this note:- Personal data means data relating to a living individual who is or can be identified either from the data, or from the data in conjunction with other information that is, or is likely to come into, the possession of a data controller. Every country in the European Economic Area (EEA) applies strict data protection policies in relation to the processing. Storage and exporting of personal data by organisations and businesses. With the growth of online trade, an increasing number of Irish organisations and businesses, like their counterparts elsewhere, transfer some of their functions and operations to subsidiaries or suppliers abroad. These functions can include customer services such as dealing with orders, invoicing services and marketing and support services. They can also include internal operational services such as services relating to personnel and human resources. A significant amount of these operations will involve transfers of personal data and not all of the countries to which the personal data is transferred are within the EEA. THE RESTRICTION ON THE TRANSFER OF PERSONAL DATA OUTSIDE THE EEA It is unlawful to transfer personal data outside the EEA unless either one of the 11 specified adequate protection exceptions below applies, or the Transferor has arranged that adequate legal protections will apply to the data transferred. a) The 11 Specified Adequate Protections The 11 specified adequate protections are:- (i) the transfer of the data or the information constituting the data is required or authorised by any law or treaty; (ii) the data subject has given his or her consent to the transfer; (iii) the transfer is necessary for the performance of a contract between the data subject and the data controller, or for the taking of steps at the request of the data subject with a view to his or her entering into a contract with the data controller; (iv) the transfer is necessary for the conclusion or performance of a contract between the data controller and a person other than the data subject that is 2

3 entered into at the request of the data subject, and is in the interests of the data subject; (v) the transfer is necessary for reasons of substantial public interest; (vi) the transfer is necessary for the purpose of obtaining legal advice, legal proceedings or prospective legal proceedings or establishing or defending legal rights; (vii) the transfer is necessary in order to prevent injury or other damage to the health of the data subject or serious loss of or damage to property of the data subject or otherwise to protect his or her vital interests, and informing the data subject of, or seeking his or her consent to, the transfer is likely to damage his or her vital interests; (viii) the transfer is part only of the personal data on a register established by law intended for consultation by the public or by persons having a legitimate interest; (ix) the transfer has been authorised by the Commissioner on terms of a kind approved by the Commissioner as ensuring privacy safeguards; (x) in the case of a transfer of personal data to a country in the Second Category, that the Safe Harbour arrangement applies; and (xi) in the case of a transfer to a country in the Third Category, that a contract in the appropriate form provided by the EU has been entered into with the transferee to provide adequate protection for the data transferred. If any one of the 11 Specified Adequate Protections apply and the data activity of the transferee is already compliant under the Acts, then it will not be an offence for a Transferor to transfer personal data to any country, whether within the EEA or not. b) Adequate Level of Protection If none of the 11 specified adequate protections apply, then the transfer of personal data by a Transferor to a transferee in a country not in the EEA is unlawful unless that country, effectively the transferee, ensures an adequate level of protection for the privacy and the fundamental rights and freedoms of data subjects in relation to the processing of personal data. In determining what constitutes an adequate level of protection, the Acts provide that the following 8 matters (the 8 Potentially Relevant Matters) may be relevant:- the nature of the data; 3

4 the purposes for which and the period during which the data are intended to be processed; the country of origin of the information contained in the data; the country of final destination of that information; the law in force in the country of final destination; any relevant codes of conduct or other rules which are enforceable in that country; or territory; any security measures taken in respect of the data in that country; and the international obligations of that country. c) What Standard is Adequate? The imposition of a standard of an adequate level of protection on a transferor is effectively an absolute standard of protection. If the transferor adopts a level of protection which on the best professional advice is regarded as adequate but subsequently, despite the protections in place, there is a data breach, the level of protection will then be regarded as inadequate and the data controller concerned may be at risk of prosecution for a breach of data legislation. The situation of a Transferor may be illustrated by the following example:- Example I X limited an Irish business wishes to transfer personal data relating to its employees pension scheme to a company in Ruritania, a non EEA country. If X limited complies with the Acts as regards data activities in Ireland and at least one of the 11 specified adequate protections applies, the transfer of the data to the company in Ruritania will not be prohibited. The issue of whether X has arranged an adequate level of protection is another matter. If it happens that there is a serious data breach in Ruritania, then although X limited may be prosecuted for not providing an adequate level of security, it cannot be prosecuted for wrongfully transferring personal data outside the EEA. Example II The situation is the same as in Example I except that this time X limited, although compliant with the Acts in Ireland, does not avail of any of the 11 specified adequate protection exceptions but chooses to rely on advice that in Ruritania, there will be an adequate level of protection. If this 4

5 advice is incorrect, X limited may be liable to prosecution on two counts- for an unlawful transfer of data and for a failure to provide an adequate level of protection. CAN A TRANSFEROR SAFELY RELY ON THE MINUMUM LEVEL OF DATA PROTECTION COMPLIANCE? A Transferor should consider this question in relation to the circumstances in which the Transferor finds itself. In order to answer this question besides the 8 potentially relevant matters, the Transferor may wish to take the following matters into account when considering whether any of the 9 specified adequate exception apply :- a) The scope of a consent from a data subject may be limited In many situations the data subject will have volunteered personal data and will have provided some form of consent. One of the main ligitimising features of a data processing activity is that the data subject has given consent to the use of the data. However, when a data subject gives consent to use personal data to a data controller, neither the data controller nor the data subject may foresee the technical and commercial developments which will take place after the date of the consent and which will be relevant to the use and treatment of the data provided. It is therefore possible that after a consent has been provided it will be found to be deficient in some respects as regards the treatment of the data concerned. b) Warning from EU Commission It is the express intention of the EU Commission that the personal rights under the Data Protection Directive 94/46/EC (the DP Directive) of a data subject in the EU should not be diluted or frustrated by the transfer out of the EU of personal data relating to him or her. Accordingly, the Directive imposes an obligation on data processors who transfer personal data outside the EEA to ensure that notwithstanding such transfer, the rights of the data subject derived from the DP Directive are fully preserved. The responsibility is imposed firmly on the shoulders of the data controller making the data transfer. In the words of the EC Working Party dealing with data protection issues:- When planning to transfer data to a third country, data controllers established in the European Union should favour solutions that provide data subjects with a guarantee that they will continue to benefit from the fundamental rights and safeguards to which they are entitled as regards processing of their data in the EU once this data has been transferred. 5

6 c) Different standards of compliance may apply in different EU Member States Different EU Member States may set different standards for data compliance. Personal data may be channeled back and forth through different EU Member States and other countries as part of the operations of an international group. In the case of the consent of a data subject, it may not be prudent to rely entirely on a consent taken in one EEA country as a legitimizing condition to the transfer of that personal data from another EEA to a country outside the EEA. d) Uncertainty regarding other specified protections The application of at least some of the 11 specified adequate protection exceptions may not be clear in all situations. Where the word necessary is used in a specified adequate exception (see paragraph 3 above, items (iii), (iv), (v), (vi), and Vii)), a Transferor who relies on a particular exception containing the word necessary may have concerns as to how the exception will be construed. For the exception to apply, must there be no other means of achieving the objective within the EEA? Accordingly, to be safe from prosecution in relation to transfer of data outside the EEA, it will often be prudent for a Transferor not to rely solely on one or more of the 11 specified adequate protection exceptions. CAN THE TRANSFEROR SAFETY RELY ON THE MINIMUM LEVEL OF ADEQUATE PROTECTION? In order to answer the same question in relation to whether the Transferor has arranged adequate legal protection the Transferor may wish to take the following into account:- I. Commercial repercussions Data breaches can occur for many reasons: computer hacking, theft of files, systems malfunction etc. Where a data breach occurs, there could be serious commercial as well as legal repercussions for the data controller. II. If a data breach occurs, a Court may be lenient if the Transferor has maintained high standards The obligation imposed under the Acts on an Irish data controller to ensure the integrity and security of data controlled (as mentioned above) is absolute. Even if the data controller has 6

7 not been personally at fault (for example, the data breach was the responsibility of a service provider operating abroad), this will not be valid as a defense for the data controller against a charge in respect of an offence under the Act. However, if a serious data breach occurs, by showing that it is pro-active and attentive to the rights of data subjects, a Transferor on my win the sympathy of data protection authorities and the courts and thus suffer a penalty that would apply where the standards of data protection are regarded as minimal. III. Desire for highest standards on moral or ethical grounds Even though the Transferor may be in a position to comply with at least the minimum legal standards required by the Acts in relation to the transfer of data out of the EEA, because of the nature of the Transferor s business or business culture, it may suit the Transferor to adopt best practice or at least a higher standard of data protection than is legally required. For these and other reasons, a Transferor should normally consider what additional data protection safeguards can be adopted over and above what is strictly necessary and particularly, in respect of a transfer of data abroad. BEST PRACTICE IN DATA PROTECTION GENERALLY Best practice in data protection for an organization or business is likely to involve the following:- appropriate data protection systems including qualified staff for advising and training on best practice; a policy protocol on information security regulations and reputation management; an updated employee website information, handbooks and practices which deal with data protection issues; appropriate employment and commercial contracts; website terms; rules for international transfers of personal data; employees who have received comprehensive training on an on-going basis in data protection principles and the Group's compliance strategy; regular internal audits of compliance with data protection policy; and a crises response plan. 7

8 Where the Transferor is a member of a group of companies, best practice would require the group to adopt and apply a group policy incorporating features such as those listed above. In deciding upon the level of protection which should be employed by an organization or business, besides the 8 potentially relevant matters, the following questions should be asked:- what is the worst thing that can happen in relation to the personal data being controlled and processed; and what preparatory work should be undertaken so as to be in a position to reduce the harm that can be caused by such an event. THE TRANSFER OF PERSONAL DATA TO A COUNTRY IN THE FIRST CATEGORY The prohibition on transfers of personal data out of Ireland does not apply in the case of transfers to countries in the First Category on the basis that such countries are assumed to have adequate protections in relation to personal data. Nevertheless, for the reasons provided above, on making transfers of personal data to a country in the First Category, it may not be considered sufficient to rely the minimum legal data protection safeguards are in place. The Transferor should consider whether:- its own level of protection will be sufficient for all reasonably foreseeable customers; if it is part of a group in which transfers of personal data are exchanged, there is a group data policy which will offer sufficient protection for all reasonably foreseeable outcomes; in the event of a data breach involving the foreign recipient of the personal data or any subcontractor to that recipient, sufficient protection policies, including a crisis management policy, will be in place; and in the event of a data breach for which the recipient or any subcontractor is responsible, the Transferor should be indemnified against any loss or damage thereby arising. THE TRANSFER OF PERSONAL DATA TO THE COUNTRY IN THE SECOND CATEGORY As the US is a major force in international trade and communications, to facilitate the transfer of personal data to US organisations, under an agreement between the EU Commission and the US, US organisations may register with the US Department of Commerce under the Safe Harbor Program (the Program). The Program sets out a framework of data standards to allow unrestricted transmission of data between data controllers in the EEA and US organisations 8

9 which participate in the Program. The Program establishes 7 principles 1 of data protection which are similar, but not identical to, those applying under the EU Data Protection Directive. A data protection policy under the Program must specify the:- statutory body which has jurisdiction to hear complaints against it; particular privacy program to which it belongs; and independent mechanism by which complaints may be investigated. When a US organisation has set up a data protection policy and declares that it is compliant with the Safe Harbour Principles, it may register as a participant in the Program. It must self-certify compliance with the US Department of Commerce annually. In 2013, the EU Commission expressed deep concerns regarding the Program and called on the US to take urgent steps to improve standards. 2 One of the concerns relates to a lack of rigour in the enforcement of the self-certification element contained in the Program. To date there has been no change in EU policy towards US organisations arising out of the concerns expressed. Bearing in mind the absolute responsibility of a Transferor for data protection, in any arrangement involving the transfer on personal data to the US, best practice should involve the matters set out in below:- a) The Contract of supply The Transferor should ensure that in any contract of supply with a data processor operating in the US (the US supplier), that the contract requires the US supplier to:- register under the Safe Harbor Program; have a privacy policy and to operate under the seven US recognized Safe Harbor Privacy Principles; produce a certificate of compliance with the standards of the seven US recognized Safe Harbor Privacy Principles, from a suitably qualified third party auditor; give the right to approve of all subcontractors and oblige them to maintain suitable privacy standards; and 1 2 Communication from the Commission to the European Parliament and Council, Rebuilding Trust in EU-US Data Flows, Brussels, 27/11/13. 9

10 update its Safe Harbor registration annually. b) Where subcontractors are used, or are to be used Where data is passed, or is intended to be passed by the US supplier to another US entity for storage or processing, the transferor should ensure that such other entity will likewise register and comply with the Safe Harbor Program and have a privacy policy. c) Renewal of certificate Each year, the transferor should ensure that the US supplier deliver to the organisation a copy of the renewed annual Safe Harbor certificate for itself and for each of the entities referred to at a) and b) above as such certificates are only valid for a year at a time. It may not be sufficient for transferor simply to rely on the website of the US government listing companies. d) Privacy policy The Transferor should obtain a copy of the privacy policy of the US suppliers and satisfy itself that it is in order. It may not be sufficient to rely on the privacy policy mentioned on a company s website. The transferor should obtain the policy governing his contract. e) Internal Verification Obtain from the supplier independent verification that under the self-assessment approach, the published Safe Harbor privacy policy of the supplier on any subcontractor is accurate, comprehensive, prominently displayed, completely implemented, accessible, and conforms to the Safe Harbor Privacy Principles. The independent verification should indicate that appropriate employee training, as well as internal procedures for periodic and objective reviews of compliance are in place. The statement verifying the self-assessment should be signed by a corporate officer or another authorized representative of the verification organization at least once a year. f) Auditor s statement At reasonably regular intervals, the transferor should oblige the US supplier and any other entity involved in the processing and storage of transferred data to produce from a suitably qualified 10

11 third party auditor, a certificate of compliance with the standards of the seven US recognised Safe Harbor Privacy Principles. g) Indemnity To avoid any cost in relation to claims, it would be prudent for the transferor to secure an indemnity against any legal or other costs of the transferor arising out of a data breach for which the US supplier or any subcontractor is responsible in respect of the data which the transferor has entrusted to the US supplier. Finally, the Transferor should consider the points made above in relation to transfers of personal data to a country in the First Category, namely dealing within a group and preparation to deal with any crisis which may occur as a result of a data breach. THE TRANSFER OF PERSONAL DATA TO A COUNTRY IN THE THIRD CATEGORY A country in the Third Category, namely, a country outside the EEA (other than to the US) which is not on the EU Approved List is permitted on the basis that Irish legal requirements have been complied with to the point of transfer and provided that either:- at least one of the 11 specified adequate protection exceptions apply; or adequate legal protection continue to apply to the data transferred. In order to assist in meeting the obligation to provide an adequate level of protection, when dealing with suppliers, the transferring organisation or business can use EU-approved model contracts which contain data protection safeguards sufficient to meet EU standards. In the case of a multinational group, the data controller can use EU-approved binding corporate rules for international transfers of personal data within the group. However, as mentioned above, it is prudent for a Transferor to consider employing higher standards of data protection than are necessary to confirm with the minimal legal requirements. In addition to usage of EU model contracts, the same points as apply in the case of transfer of data to a country in the First Category also apply to transfers a data to a country in the Third Category. 11

12 FUTURE DEVELOPMENTS A Transferor should be aware that it is shortly to enact to EU Regulation consolidating and expanding data protection law. DISCLAIMER This note is a general discussion of the law relating to agency in Ireland and does not purport to be a comprehensive examination of the law/legal advice. Before taking any action, full professional advice should be obtained. CONTACT INFORMATION For further information, including assistance on drafting privacy policies, please do not hesitate to contact us. URSULA TIPP Partner Tel: M: MICHAEL O CONNOR Partner Tel: M:

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE

CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE Welcome to the Textura Construction Payment Management ( CPM ) System. By clicking

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

2007 No. 991 BUILDING AND BUILDINGS, ENGLAND AND WALES

2007 No. 991 BUILDING AND BUILDINGS, ENGLAND AND WALES STATUTORY INSTRUMENTS 2007 No. 991 BUILDING AND BUILDINGS, ENGLAND AND WALES The Energy Performance of Buildings (Certificates and Inspections) (England and Wales) Regulations 2007 Made - - - - 23rd March

More information

H.M. TREASURY HELP TO BUY: ISA SCHEME RULES

H.M. TREASURY HELP TO BUY: ISA SCHEME RULES H.M. TREASURY HELP TO BUY: ISA SCHEME RULES 2 Contents PART I OVERVIEW OF THE HELP TO BUY: ISA SCHEME 4 PART II INTERPRETATION 5 1. Definitions and Interpretation 5 PART III ESTABLISHING THE HELP TO BUY:

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

Act CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure

Act CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure Act CLXV of 2013 on Complaints and Public Interest Disclosures The National Assembly, committed to increasing public confidence in the functioning of public bodies, recognising the importance of complaints

More information

Leads may be resubmitted within 4 months of the leads license renewal date.

Leads may be resubmitted within 4 months of the leads license renewal date. 1. LEAD GENERATION SERVICES (a) IBP agrees to collect and provide School with Leads as further specified herein and as described in the Lead Payment Schedule as may be executed by the parties from time

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Standard conditions of purchase

Standard conditions of purchase Standard conditions of purchase 1 OFFER AND ACCEPTANCE 2 PROPERTY, RISK & DELIVERY 3 PRICES & RATES The Supplier shall provide all Goods and Services in accordance with the terms and conditions set out

More information

Privacy Rules for Customer, Supplier and Business Partner Data

Privacy Rules for Customer, Supplier and Business Partner Data Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com

More information

Act on Background Checks

Act on Background Checks NB: Unofficial translation Ministry of Justice, Finland Act on Background Checks (177/2002) Chapter 1 General provisions Section 1 Scope of application (1) This Act applies to background checks, which

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

14 December 2006 GUIDELINES ON OUTSOURCING

14 December 2006 GUIDELINES ON OUTSOURCING 14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010

UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010 UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010 This translation and consolidation of laws is not official. It has been prepared

More information

Requirements made under the Intermediaries Byelaw

Requirements made under the Intermediaries Byelaw Chapter 2 Requirements made under the Intermediaries Byelaw Section 1 Delegated Underwriting Registers of coverholders and registered binding authorities Part B of the Intermediaries Byelaw Format and

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

1 L.R.O. 2001 Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

1 L.R.O. 2001 Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS 1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II

More information

Listing and Admission to Trading Rules for. Short Term Paper. Release 2

Listing and Admission to Trading Rules for. Short Term Paper. Release 2 Listing and Admission to Trading Rules for Short Term Paper Release 2 14 April 2014 Scope These Listing and Admission to Trading Rules ( Rules ) relate to the Listing and admission to trading on the Main

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

THE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION

THE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION CLIENT MEMORANDUM THE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION The ICC Report analyzes the use of binding

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Firm Registration Form

Firm Registration Form Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

NOTICE ON OUTSOURCING

NOTICE ON OUTSOURCING CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing

More information

2004 No. 2095 FINANCIAL SERVICES AND MARKETS. The Financial Services (Distance Marketing) Regulations 2004

2004 No. 2095 FINANCIAL SERVICES AND MARKETS. The Financial Services (Distance Marketing) Regulations 2004 STATUTORY INSTRUMENTS 2004 No. 2095 FINANCIAL SERVICES AND MARKETS The Financial Services (Distance Marketing) Regulations 2004 Made - - - - 4th August 2004 Laid before Parliament 5th August 2004 Coming

More information

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001

More information

PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction

PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal

More information

SUBSIDIARY LEGISLATION 373.01 PREVENTION OF MONEY LAUNDERING AND FUNDING OF TERRORISM REGULATIONS

SUBSIDIARY LEGISLATION 373.01 PREVENTION OF MONEY LAUNDERING AND FUNDING OF TERRORISM REGULATIONS AND FUNDING OF TERRORISM [S.L.373.01 1 SUBSIDIARY LEGISLATION 373.01 PREVENTION OF MONEY LAUNDERING AND FUNDING OF TERRORISM REGULATIONS 31st July, 2008 LEGAL NOTICE 180 of 2008, as amended by Legal Notices

More information

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Merchant Gateway Services Agreement

Merchant Gateway Services Agreement Merchant Gateway Services Agreement This Merchant Gateway Services Agreement ( Agreement ) is made as of, 20 ( Effective Date ), by and between American POS Alliance, LLC ( Reseller ) and the merchant

More information

Access to Information by Succeeding Auditors

Access to Information by Succeeding Auditors AA Access to Information by Succeeding Auditors September 2011 The Institute of Certified Public Accountants in Ireland Disclaimer This document has been developed by the Consultative Committee of Accountancy

More information

Custodian-Node data provision terms and conditions

Custodian-Node data provision terms and conditions Custodian-Node data provision terms and conditions Parties Node Operator Data Custodian Background A B C D E [Insert legal name of node][insert ACN/ABN/ARBN] of [Insert address]\ [Insert legal name of

More information

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant

More information

GUERNSEY FINANCIAL SERVICES COMMISSION

GUERNSEY FINANCIAL SERVICES COMMISSION GUERNSEY FINANCIAL SERVICES COMMISSION LICENCE APPLICATIONS FOR ENTITIES ACTING IN RESPECT OF QUALIFYING INVESTOR FUNDS OR REGISTERED CLOSED-ENDED INVESTMENT FUNDS GUIDANCE In recent years, the Commission

More information

Co-operative Energy, Co-operative House Warwick Technology Park, Warwick CV34 6DA.

Co-operative Energy, Co-operative House Warwick Technology Park, Warwick CV34 6DA. Terms and Conditions May 2014 Co-operative Energy: General Terms and Conditions for Domestic Customers Only Applicable from 1st June 2014. Co-operative Energy Limited is a limited liability company registered

More information

2006 No. 246 TERMS AND CONDITIONS OF EMPLOYMENT. The Transfer of Undertakings (Protection of Employment) Regulations 2006

2006 No. 246 TERMS AND CONDITIONS OF EMPLOYMENT. The Transfer of Undertakings (Protection of Employment) Regulations 2006 STATUTORY INSTRUMENTS 2006 No. 246 TERMS AND CONDITIONS OF EMPLOYMENT The Transfer of Undertakings (Protection of Employment) Regulations 2006 Made - - - - 6th February 2006 Laid before Parliament 7th

More information

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision Software as a Service (SaaS) Contract By completing the registration form (ordering bexio), you shall become subject to the following General Terms and Conditions ("General Terms and Conditions"). I. Subject

More information

ACT ON LIABILITY FOR NUCLEAR DAMAGE

ACT ON LIABILITY FOR NUCLEAR DAMAGE ACT ON LIABILITY FOR NUCLEAR DAMAGE Published in the Official Gazette of the Republic of Slovenia - International Treaties, No. 77/2010 UNOFFICIAL TRANSLATION I. GENERAL PROVISIONS Article 1 (Contents)

More information

Electronic Documents Law

Electronic Documents Law Disclaimer: The English language text below is provided by the Translation and Terminology Centre for information only; it confers no rights and imposes no obligations separate from those conferred or

More information

Cloud Computing Legal Considerations for Data Controllers

Cloud Computing Legal Considerations for Data Controllers Cloud Computing Legal Considerations for Data Controllers CLOUD COMPUTING LEGAL CONSIDERATIONS FOR DATA CONTROLLERS What is cloud computing and why is it relevant? Cloud computing can be described as technology

More information

NOBLE TRUST COMPANY LTD. GENERAL TERMS OF BUSINESS. The following definitions and rules of interpretation shall apply:

NOBLE TRUST COMPANY LTD. GENERAL TERMS OF BUSINESS. The following definitions and rules of interpretation shall apply: NOBLE TRUST COMPANY LTD. GENERAL TERMS OF BUSINESS 1. Definitions and interpretation The following definitions and rules of interpretation shall apply: 1.1 Agent means any person appointed by a Client

More information

Purchase Order Terms and Conditions

Purchase Order Terms and Conditions Wilmar Sugar Pty Ltd (ABN 44 081 051 792) Wilmar BioEthanol (Australia) Pty Ltd (ABN 85 009 660 191) (each referred to as Wilmar in this document) 1. Electronically Transmitted Purchase Order Documents

More information

FAQ on frozen assets of Politically Exposed Persons (PEPs) originating from Ukraine Federal Council ordinance

FAQ on frozen assets of Politically Exposed Persons (PEPs) originating from Ukraine Federal Council ordinance Federal Department of Foreign Affairs FDFA FAQ on frozen assets of Politically Exposed Persons (PEPs) originating from Ukraine Federal Council ordinance Situation April 2014 1. Why has Switzerland frozen

More information

White Paper Security. Data Protection and Security in School Management Systems

White Paper Security. Data Protection and Security in School Management Systems White Paper Security Data Protection and Security in School Management Systems This paper clarifies the roles and responsibilities of those dealing with the data that is central to school management systems.

More information

.eu Domain Name Registration Terms and Conditions

.eu Domain Name Registration Terms and Conditions .eu Domain Name Registration Terms and Conditions 1/15 TABLE OF CONTENTS Table of Contents...2 Definitions...3 Object and Scope...5 Section 1. Eligibility Requirements...5 Section 2. First Come, First

More information

SCOPE OF APPLICATION AND DEFINITIONS

SCOPE OF APPLICATION AND DEFINITIONS Unofficial translation No. 398/1995 Act on Foreign Insurance Companies Issued in Helsinki on 17 March 1995 PART I SCOPE OF APPLICATION AND DEFINITIONS Chapter 1. General Provisions Section 1. Scope of

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Insurance and compensation in the event of injury in Phase I clinical trials

Insurance and compensation in the event of injury in Phase I clinical trials Insurance and compensation in the event of injury in Phase I clinical trials Guidance developed by the Association for the British Pharmaceutical Industry, the BioIndustry Association and the Clinical

More information

LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND

LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND MARCH 2014 THE PURPOSE OF THIS NOTE IS TO EXPLAIN THE MAIN LEGAL REQUIREMENTS FOR A TRADER WHO WISHES TO CONDUCT ONLINE BUSINESS IN IRELAND THE EUROPEAN COMMUNITIES

More information

AGREEMENT WITH A SELF-EMPLOYED CONTRACTOR FOR CONSULTANCY SERVICES

AGREEMENT WITH A SELF-EMPLOYED CONTRACTOR FOR CONSULTANCY SERVICES AGREEMENT WITH A SELF-EMPLOYED CONTRACTOR FOR CONSULTANCY SERVICES Names of Parties 1. (Company Name) of (Company Address) ( Consultancy ). 2. Redline Group Ltd of 26-34 Liverpool Road, Luton. Beds LU1

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement*

The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement* The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement* No. Clause Reference Amendment Sanctions 1. Important notice Standard Chartered

More information

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C. Mexico Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López Market overview 1 What kinds of outsourcing take place in your jurisdiction? In Mexico, a subcontracting regime (understood as the regime

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

.eu Domain Name Registration. Terms and Conditions

.eu Domain Name Registration. Terms and Conditions .eu Domain Name Registration Terms and Conditions 1/15 TABLE OF CONTENTS Table of Contents... 2 Definitions...... 3 Object and Scope... 5 Section 1. Eligibility Requirements... 5 Section 2. First Come,

More information

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

The United States Federal Trade Commission (FTC) and the Office of the Data Protection Commissioner of Ireland (collectively, the Participants), MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

The Limited Partnership Bill, 2010 THE LIMITED LIABILITY PARTNERSHIP BILL 2010 ARRANGEMENT OF CLAUSES PART I PRELIMINARY. Clause

The Limited Partnership Bill, 2010 THE LIMITED LIABILITY PARTNERSHIP BILL 2010 ARRANGEMENT OF CLAUSES PART I PRELIMINARY. Clause THE LIMITED LIABILITY PARTNERSHIP BILL 2010 ARRANGEMENT OF CLAUSES 1 Short title and commencement. 2 Interpretation. PART I PRELIMINARY Clause PART II REGISTRAR AND REGISTRAR OF LIMITED LIABILITY PARTNERSHIPS

More information

CONSULTATION PAPER NO 2. 2004

CONSULTATION PAPER NO 2. 2004 CONSULTATION PAPER NO 2. 2004 REGULATION OF GENERAL INSURANCE MEDIATION BUSINESS This consultation paper explains the need for the Island to regulate general insurance mediation business and examines the

More information

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of. Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April

More information

Independent Contractor Agreement (ICA)

Independent Contractor Agreement (ICA) Financial Services: Purchasing & Payment Independent Contractor Agreement (ICA) ICA# This Letter of Agreement is made on 20 between Ryerson University ( RYERSON ) and (the "Contractor ) and is effective

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

Queensland WHISTLEBLOWERS PROTECTION ACT 1994

Queensland WHISTLEBLOWERS PROTECTION ACT 1994 Queensland WHISTLEBLOWERS PROTECTION ACT 1994 Act No. 68 of 1994 Queensland WHISTLEBLOWERS PROTECTION ACT 1994 Section PART 1 PRELIMINARY TABLE OF PROVISIONS Division 1 Title and commencement Page 1 Short

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

RULES OF ELECTRONIC PAYMENTS ASSOCIATION

RULES OF ELECTRONIC PAYMENTS ASSOCIATION RULES OF ELECTRONIC PAYMENTS ASSOCIATION These are the rules of Electronic Payments Association that have been made by the board of directors of EPA under Article 19 of the articles of association of EPA.

More information

BE IT ENACTED by the Queen s Most Excellent Majesty, by

BE IT ENACTED by the Queen s Most Excellent Majesty, by At a Tynwald held in Douglas, Isle of Man, the 21st day of October in the fifty-seventh year of the reign of our Sovereign Lady ELIZABETH THE SECOND by the Grace of God of the United Kingdom of Great Britain

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

Guidelines for the use of electronic signature

Guidelines for the use of electronic signature Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature

More information

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001

More information

The Mortgage Brokerages and Mortgage Administrators Act

The Mortgage Brokerages and Mortgage Administrators Act MORTGAGE BROKERAGES AND 1 The Mortgage Brokerages and Mortgage Administrators Act being Chapter M-20.1* of The Statutes of Saskatchewan, 2007 (effective October 1, 2010), as amended by the Statutes of

More information

ARTICLE 29 - DATA PROTECTION WORKING PARTY

ARTICLE 29 - DATA PROTECTION WORKING PARTY ARTICLE 29 - DATA PROTECTION WORKING PARTY 11639/02/EN WP 74 Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate

More information

Act on Investment Firms 26.7.1996/579

Act on Investment Firms 26.7.1996/579 Please note: This is an unofficial translation. Amendments up to 135/2007 included, May 2007. Act on Investment Firms 26.7.1996/579 CHAPTER 1 General provisions Section 1 Scope of application This Act

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information