Data Protection, Software Licenses and other Legal Issues in the Cloud
|
|
- Russell Tucker
- 8 years ago
- Views:
Transcription
1 Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012
2 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management
3 History Federal Data Protection Act outdated Intitially planned as protection against the state (1977) Way behind technical development Federal Constitutional Court has to fill the gaps Many unclear and open terms and clauses Data protection law fragmented and incomplete 3/46
4 Roots European legal sources: Data Protection Directive Directive concerning the processing of personal data and the protection of privacy in the telecommunications sector E-Commerce Directive Directive on privacy and electronic communications 4/46
5 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management
6 Data Protection Introduction Only personal data is being protected Section 3 Federal Data Protection Act (BDSG) (1) Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject). Examples: name, address, address, account details, etc. Very broad interpretation by courts/supervisory authorities (Google Street View, IP addresses etc.) 6/46
7 IP address as personal data Static IP address: Personal data Dynamic IP address: Data that can be related to individuals Link to a person easily possible personal data (example: access provider, local administrator) Link not possible or only possible with difficulties no personal data In doubt: treat it as personal data 7/46
8 Processing The processing of personal data is not allowed, unless it is explicitly permitted i.e. each processing of personal data requires a justification Processing is also defined very broadly: Includes e.g. storage, modification, transfer and deletion of data Consequence: almost every dealing with personal data requires a justification! 8/46
9 Justification Possible justifications Consent of the data subject (in the future only restrictedly allowed regarding employees) must be on an informed and voluntary basis revocable at any time Processing covered by the purpose of a contract (Sec. 28 Para. 1 no. 1 BDSG) Overriding interests (Sec. 28 Para. 1 no. 2 BDSG) Special regulations for employees (Sec. 32 Para. 1 BDSG) Company agreement ( Betriebsvereinbarung ) 9/46
10 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues
11 Special Requirements of Cloud Computing Data protection and privacy concerns primarily the relationship between the cloud user and the cloud provider Customer/Employee Cloud User Customer-/Employment contract Service contract/adv Cloud Provider 11/46
12 Special Requirements of Cloud Computing Generally, the data protection supervisory authorities regard the user as the responsible entity Responsible entity is someone who: Collects personal data for himself, or processes or uses personal data (or has this done by subcontractors), and while acting alone, or jointly with others, has control over the purposes and means of processing personal data 12/46
13 Special Requirements of Cloud Computing Users should only take advantage of cloud services if: They are able to entirely perform their duties as a responsible entity, and They have checked and approved the requirements for data protection and information security implemented by the provider 13/46
14 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues
15 Applicability of German Data Protection Law According to 1 para 5 BDSG, German data protection law applies when a non- European cloud provider collects, uses or processes data in Germany If an EU Member State based cloud provider collects, uses or processes data from Germany, then the law of that EU Member State applies ( 1 para 5 BDSG) In practice, it is difficult to enforce German law against foreign providers 15/46
16 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues
17 Guidance of the Data Protection Supervisory Authorities In 2011, the supervisory authorities adopted a guidance regarding cloud computing on how to comply with data protection law According to 34, 35 BDSG, it is the cloud user who remains obliged to correct, delete or block data, and to provide such information to those persons concerned But: the user has (if at all) only a very limited administrative, operating and controlling access to the infrastructure of the cloud provider Data protection authorities require: Agreement on contractual penalty against provider Obligation of the provider to arrange such rights with respect to sub-providers This is difficult in practice 17/46
18 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues
19 Transfer of Data Even according to the planned amendment of German law regarding protection of employees' data the following will still apply: Group members are not privileged ( kein Konzernprivileg )! This means: Each transfer between group companies is to be treated as a transfer to a third party Transfer and processing by a group member is only permitted if justification is given In practice commissioned data processing helps 19/46
20 Data Transfer Cloud User Cloud Provider Customer/Employee ( data subject ) Cloud User( controller ) Cloud Provider ( processor ) Data transfer between cloud user and cloud provider is either Transfer pursuant to Section 28 BDSG OR Possible If: Necessary for a contractual relationship between data subject and controller (generally not given) or Necessary for legitimate interests of the controller, if no reason given that legitimate interests of the data subject regarding the exclusion of the processing prevails (risky solution as the supervisory authority could evaluate interests differently) Commissioned data processing pursuant to Section 11 BDSG Possible If: Agreement on commissioned data processing exists which was concluded in writing, meets the other requirements of Sec. 11 BDSG as well as is complied with. Company is then regarded as controller s right hand, i.e. no third party 20/46
21 Commissioned Data Processing Cloud User Cloud Provider Important requirement of commissioned data processing: Data processing must in fact be commissioned by cloud user According to the Düsseldorf Working Group the following criteria indicate commissioned data processing: No decision-making power by the processor concerning the data The controller is processing data under its own responsibility with respect to third parties Absence of an independent legal relationship by the processor to the data subjects 21/46
22 Commissioned Data Processing Cloud User Cloud Provider The following criteria argue against a commissioned data processing: Controller provides an independent right to use the data to processor Controller's lack of reasonable control to parts of the data processing The responsibility for the legitimacy of the data processing and the accuracy of the data shifts to the processor Processing of data, which were collected only on the basis of an independent legal relationship by the processor 22/46
23 Commissioned Data Processing Requirements of 11 Para. 2, sent. 2 BDSG The contract shall be in writing and has to specify in detail: Subject and duration of the contract The extent, nature and purpose of the data processing Technical and organizational security measures Process for the correction, deletion and blocking of data Controls Eligibility for subcontracting 23/46
24 Cross-Border Data Transfer Data processing in the Cloud is not localized Generally, users will not know, where their data is currently being processed Therefore: the provider must inform the users of all possible processing sites before the conclusion of the contract! 24/46
25 Data Transfer to EU Countries Within the EU/EEA If the data processing is physically held within the EU/EEA, it is generally not subject to any special requirements Provider as a data processor is not a third party Contractual obligation required, obliging the cloud provider to use only technical infrastructure within the EEA (also applying to possible subprocessors) 25/46
26 Data Transfer to non EU Countries Customer/Employee Cloud Provider Group member Data transfer in countries outside the EU: EU Commission: in general no adequate level of data protection is given outside the EU Background: only few other countries in the world have data protection standards comparable to those in the EU Consequence: each transfer of personal data from an EU member state to a non EU country requires additional measures 26/46
27 Data Transfer to non EU Countries Possible measures: Obtaining consent of the data subject (i.e. customers) Safe Harbor certification (only USA) maybe not sufficient any more in the near future Corporate binding rules Best solution: Agreement based on the EU model contracts between service provider and group member The transfer of personal data into non EU countries is generally not permitted without one of these measures! 27/46
28 Consequences of Data Protection Law Infringements Penalties Fines up to EUR 300, (+ skimming off excess profits) Possible compensation claims of those affected Criminal relevance in the case of intent + intended profits/damages / secrecy of telecommunications Injunctive relief and and claims for damages concerning employment law Inadmissibility of (improperly obtained) evidence Prohibition of specific processing of data Damage of reputation / bad press Especially in the case of customer data Highest risk in the practice 28/46
29 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management
30 Software Licenses the copy decides on license requirements Any reproduction of software requires the consent of the copyright holder, 69c Nr. 1 Copyright Law (Urheberrechtsgesetz - UrhG). Already the execution of software requires consent for its reproduction In the case of Cloud Computing, the question of who reproduces the software is difficult to answer 30/46
31 Software Licenses - transferable decision? Who makes the copy? The question of who is making the reproduction, has only to be regarded from a technical point of view. The reproduction as a physical definition of a work is a technical-mechanical process [...]. Therefore, manufacturer of reproductions is the one who technically takes care of this physical definition. It does not matter whether he uses technical means, even if these are provided by third parties." Federal Supreme Court, Judgment of 22. April 2009, I ZR 216/06 ("shift.tv") Transferability to Cloud Computing is controversial 31/46
32 Software Licenses Consequences of this Decision If, from a legal perspective, the user makes the copy: Cloud Computing users need usage rights for the software. The Provider must have these rights himself. The Provider must also be legally capable to transfer these rights to its customers. 32/46
33 Software Licenses Open Source and Cloud Computing Open Source Software under the GPL: Under the GPL, whoever changes and distributes software, must make the changes, including the source code, available to all third parties also under the GPL ( viral effect of the GPL). Is the use of customized open source software as part of cloud computing considered as distribution? Customizing services should be free and the source code should be available to third parties. Otherwise, according to the GPL, all usage rights terminate. Any such further use will constitute copyright infringement. 33/46
34 Software Licenses - GPLv3 Regulation of GPLv3: "Mere interaction with a user through a computer network with no transfer of a copy, is not conveying", Number 0 ("Definitions") Para. 7 GPLv3. If there is no transmission of a binary code, then GPLv3 does not apply The interpretation is uncertain. So far, no court desicions. Google, etc. use the uncertainty in order to avoid publication of sources for software used in cloud services The customer should insure themselves by contract (exemption, warranty) 34/46
35 Software Licenses - Best Practices As a supplier, be prepared that the traditional software license has become obsolete As a customer, get the provider to guarantee that he will give you the necessary rights to use the solution Agree on an indemnification for any claims from third parties with regard to license violations 35/46
36 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management
37 Standard of Liability A person acts negligently if he fails to exercise reasonable care. ( 276 Para. 2 German Civil Code) 37/46
38 Liability of the Company From production delays: Compensation from the delay, contractual penalties Breach of confidentiality agreements: Damages for Breach of Contract under 280 BGB If the recipient is not a contractual partner: Compensation for damages under 823 BGB Data compromised = Property infrigement (functionality and internal order) Organizational negligence of the management Contributory negligence 254 BGB ( Mitverschulden ) 38/46
39 Recommended Course of Action No security policy = Breach of care Insufficient IT security measures = Breach of care (i.e. Business-critical data in a public cloud) Cologne District Court 2003: In order for external service providers to develop an IT security policy: A written security policy is necessary for the implementation of security measures Clarification of legal issues in creating an IT security policy, or legal due diligence of the completed IT security policy before implementation Compliance with applicable IT security standards 39/46
40 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management
41 Change of Provider and Exit Duties of the old Provider The private contract is fulfilled The old provider is not obliged to help, but must only execute his contract and stop provision of services at the effective date of termination 41/46
42 Change of Provider and Exit Responsibilities of third parties Relevant with respect to software publishers as copyright holders There is no obligation to transfer their licenses at the request of customers, provided there has been no exhaustion of the distribution right 42/46
43 Change of Provider and Exit Conclusion Customer has only limited possibilities to exert influence on the old provider After all: Even the old provider should be concerned about his reputation 43/46
44 Change of Provider and Exit - Problems Support Services The old provider fulfils the contract, and does not support the transition. He is not required to support the transition to a new provider. Complete change of provider may fail 44/46
45 Change of Provider and Exit Best Practice Temporary maintenance of service Oblige old provider to provide further services after termination of the agreement Agree on fixed rates for transition services from the beginning. These conditions should remain unchanged Give the customer a contractual right to order separate services 45/46
46 Data Protection, Software Licenses and other Legal Issues in the Cloud OSDC 2012, Nuremberg 26. April 2012 Dr. Hendrik Schöttle Rechtsanwalt Fachanwalt für IT-Recht T +49 (0) M hendrik.schoettle@osborneclarke.de
Article 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationGENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014
GENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014 Section 1 Preamble The following software licence terms and conditions stipulate the extent of the rights
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationBinding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationDomain Name Registration Policy,
1. General a. The Registry operates and administers the generic Top Level Domain (TLD).BAYERN and makes possible the registration of Domain Names under this TLD. b. Registrants wishing to register one
More informationDomain Name Registration Policy,
1. General a. The Registry operates and administers the generic Top Level Domain (TLD).NRW and makes possible the registration of Domain Names under this TLD. b. Registrants wishing to register one or
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationGeneral Conditions of Business INET-CASH with Webmaster. (As of August 09, 2013)
1 General Conditions of Business with Webmaster (As of August 09, 2013) A. General Conditions of Business... 2 1. Contract partners, contractual object... 2 2. Relationship between the parties... 2 3.
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationGeneral Terms and Conditions of Trade for the use of the Bitplaces management platform and the Bitplaces software
General Terms and Conditions of Trade for the use of the Bitplaces management platform and the Bitplaces software I. Definitions, application area / conclusion of contract 1. Definitions 1.1 "App" in the
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationQualified Electronic Signatures Act (SFS 2000:832)
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationPanel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century
Panel 1 Greater Regulation of Special Threats to Privacy Data Protection in the 21st Century Questions for Panel 1 Greater Regulation of Special Threats to Privacy I. Need for reform What are currently
More informationStandard business terms
Standard business terms Cybertec Schönig & Schönig GmbH Gröhrmühlgasse 26 2700 Wiener Neustadt (Named Cybertec resp. contractor below) Edition 2014-01 1. General remarks 1.1 As contractor Cybertec provides
More informationExplanatory Notes Data Protection
Explanatory Notes Data Protection Information booklet for staff members GDD Gesellschaft für Datenschutz und Datensicherheit e. V. Bibliographic Information of the German Library The German Library records
More informationOverseas Game Policies and Regulations - OFM GmbH Online
General Terms and Conditions GTC OnlineFootballManager ( OFM ) is an offer by OnlineFussballManager GmbH, Eupener Str. 60, D-50933 Cologne (referred to as OFM GmbH below), consisting of a browser-based
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationGeneral software license conditions for permanent and temporary software licenses
General software license conditions for permanent and temporary software licenses 1 Subject matter of the agreement 1.1. The conditions on hand rule the licensing and maintenance of the computer programs
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationHOB_Software_License_en 002 20120508
Software License Agreement I. Scope of this Agreement The terms and conditions in this agreement apply to all software sold or provided for use by HOB and only to merchant as stated in sec. 310 para (1)
More informationTerms of Use 1. [Preliminary provision] 1. All capitalized expressions and other terms contained and used in the Terms are primarily meanings assigned to them below: 1) Application - Software made available
More information.RUHR Domain Name Registration Policy
These registration conditions govern the rights and obligations of regiodot GmbH & Co. KG ("the registry") and the accredited registrars ("the registrars") and each party ("registrants") registering a
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationTerms and Conditions for PDF24-Fax-Service
THIS TRANSLATION IS FOR YOUR INFORMATION ONLY! THE LEGALLY BINDING DOCUMENT ARE THE TERMS OF USE IN GERMAN, CF. FIGURE 6.2 OF THE TERMS OF USE Terms and Conditions for PDF24-Fax-Service 1 General (1) The
More informationServices Agreement between Client and Provider
Services Agreement between Client and Provider This Services Agreement is part of the Member Contract between Client and Provider, effective upon Client s award and Provider s acceptance of a Job on the
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationAct on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)
Unofficial Translation Ministry of Employment and the Economy, Finland September 2015 Section 1. Objectives of the Act Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006)
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationA How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1
A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register
More informationJournal of Laws No. 19-2117 - Item 101. The Act on Concession for Works or Services 1 2 of 9 January 2009. Chapter 1 General Provisions
Journal of Laws No. 19-2117 - Item 101 101 The Act on Concession for Works or Services 1 2 of 9 January 2009 Chapter 1 General Provisions Art. 1.1. This Act specifies the rules and procedures for concluding
More informationOPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)
OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1
More informationELECTRONIC SIGNATURE LAW
ELECTRONIC SIGNATURE LAW (Published in the Official Gazette ref 25355, 2004-01-23) SECTION ONE Purpose, Scope and Definitions Purpose Article 1 The purpose of this Law is to define the principles for the
More informationGeneral Terms and Conditions
General Terms and Conditions 1. General remarks (1) These General Terms and Conditions apply to all legal relations established between the company JUTEC Biegesysteme GmbH (the "Provider"), Ottostr. 22,
More informationTerms and Conditions for Embedded Software Products and Embedded Software Services
1 Terms and Conditions for Embedded Software Products and Embedded Software Services I. Delivery of Embedded Software Products of Vector (Standard Software) 1 Scope of Delivery 1.1 Vector shall deliver
More informationPlease fax, email or snail mail all five pages back to us at the above as soon as possible or by May 17 th at the latest.
Phone: 970.259.6960 Fax: 970.259.5331 2530 Colorado Ave, Suite 2B Durango, CO 81301 Email: info@payrolldept.biz Hello Payroll Department Client: We need your signature! Attached you will find changes to
More informationWhat is This Web Hosting Agreement?
This Web Hosting Agreement ("Agreement") sets forth the terms and conditions governing customer use of Fozzy Inc. ("Service Provider") for web hosting services. When you agree to these terms and conditions,
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationLIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS
LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS This document is a rough draft aiming at presenting key provisions, current clauses used in Cloud computing contracts and first drafts on possible
More informationGeneral Terms and Conditions of Purchase and Cooperation for Services
General Terms and Conditions of Purchase and Cooperation for Services 1. General principles / Scope of application 1.1 Solely these General Terms and Conditions of Purchase and Cooperation for Services
More informationIMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE.
Terms & conditions for the use of this Website IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE. By using this website you are deemed to have full
More informationELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING
ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationError! U nkno wn do cu ment prop ert y name. DOC Report. SIX Repo AG. Terms of Use for the Trading Platform of SIX Repo AG
Error! U nkno wn do cu ment prop ert y name. DOC Report SIX Repo AG Terms of Use for the Trading Platform of SIX Repo AG 1 Purpose 1 The Terms of Use contain provisions on the use of the trading platform
More informationFree and Open-Source Software Diligence in Mergers, Acquisitions, and Investments
Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Andrew J. Hall Fenwick & West LLP April 16, 2013 Linux Foundation Collaboration Summit Presentation Topics Introduction
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationCloud Computing and Risk: A look at the EU and the application of. Protection Directive to cloud computing
Infopreneurship Journal (IJ) Available online at www.infopreneurship.net Infopreneurship Journal (IJ), 2013, Vol.1, No.1 Cloud Computing and Risk: A look at the EU and the application of the Data Protection
More informationSTATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM
STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business
More informationOverview of Employment and Employee Privacy Laws and Key Trends in Austria
P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment
More informationMOBILE SERVICES AGREEMENT. Effective Date: 11 April 2013
MOBILE SERVICES AGREEMENT Effective Date: 11 April 2013 LMAX Mobile Services Agreement Effective date: 11 April 2013 We provide password protected software applications from which you can access your Account
More informationSoftware Licence Terms and Conditions for the Provision of Software of WIELAND Dental + Technik GmbH & Co. KG for an Indefinite Period
Software Licence Terms and Conditions for the Provision of Software of WIELAND Dental + Technik GmbH & Co. KG for an Indefinite Period as of: April 2014 A. General License Terms 1. SCOPE 1.1 Object of
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationGENERAL TERMS AND CONDITIONS OF PURCHASE
GENERAL TERMS AND CONDITIONS OF PURCHASE of EGSTON Eggenburger System Elektronik Gesellschaft m.b.h. and EGSTON System Electronic spol. s.r.o. (hereinafter referred to as "EGSTON") Table of contents Clause
More informationContractor s Obligations and Liability when Work is Contracted Out
Contractor s Obligations and Liability when Work is Contracted Out Introduction There are many ways of combating the negative effects caused to enterprises by the grey or undeclared economy and unhealthy
More information3. "Consumer reporting agency" has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f).
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationInformation Technology - Switzerland
Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a
More informationGESIS Datenservice Unter Sachsenhausen 6-8 50667 Köln Fax: +49-221-47694-8420
GESIS Datenservice Unter Sachsenhausen 6-8 50667 Köln Fax: +49-221-47694-8420 Unless stated differently, please send this agreement to the address of the GESIS Data Service (see above). Should a different
More informationPrivacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.
Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud
More informationTerms and Conditions (AGB) for Internet Trading of the Company Karl Kaps Optik-Feinmechanik-Gerätebau GmbH & Co. KG (B2C)
Terms and Conditions (AGB) for Internet Trading of the Company Karl Kaps Optik-Feinmechanik-Gerätebau GmbH & Co. KG (B2C) 1 Area of Validity (1) The present terms and conditions contain the only terms
More informationGeneral Terms and Conditions of Irlbacher Blickpunkt Glas GmbH
General Terms and Conditions of 1. Scope 1.1 All supplies and services by (in the following: Irlbacher) are subject exclusively to the following terms and conditions: 1.2 Terms and conditions of commercial
More informationGeneral Terms and Conditions for Working Capital Insurance for Loans to Sub-Contractors GTC WC-SC
General Terms and Conditions for Working Capital Insurance for Loans to Sub-Contractors GTC WC-SC Valid from 31 March 2012 (Version 2.2/2012) Table of Contents 1 Object and Scope of the Insurance 3 2 Liability
More informationKey issues in data protection: a pan-european view
Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,
More informationGeneral Business Terms and License Conditions of Paessler AG
TERMS General Business Terms and License Conditions of Paessler AG The following Terms and Conditions can be downloaded from Paessler AG s website and be printed: http://www.paessler.com/order/terms. Upon
More informationGENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE
GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE IF YOU HAVE A MEDICAL EMERGENCY, YOU ARE INSTRUCTED IMMEDIATELY TO CALL EMERGENCY PERSONNEL (911). DO NOT RELY ON THIS WEBSITE OR THE INFORMATION PROVIDED
More informationCode of Conduct. Code of Conduct, 2009 Version 1.0
Code of Conduct Code of Conduct, 2009 Version 1.0 Contents A. Introduction... 3 B. Application of the Code... 3 C. Basic Rules of Conduct... 4 Avoidance of Conflicts of Interest... 5 Mutual Respect...
More informationData Security and Breach in Outsourcing Agreements
Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel Digital, Technology, ecommerce & Privacy Practice Group November 19, 2015 Akiba Stern Partner,
More informationCloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationContractor s liability and tax number in the construction sector
Contractor s liability and tax number in the construction sector 2 Introduction This guide provides information on the contractor s obligation to check and the tax number used at construction sites. Construction-related
More informationGeneral Terms and Conditions of Business for the online store of H. Stoll AG & Co. KG
General Terms and Conditions of Business for the online store of H. Stoll AG & Co. KG Section 1 Scope of application, Definition of terms 1) The following terms and conditions of business (hereinafter
More informationCollision of subsidiary clauses in insurance contracts
Dr. Anja Mayer Versicherungspraxis, June 2014 Insurance contract law Collision of subsidiary clauses in insurance contracts Insurance contracts often contain subsidiary clauses. Theses clauses have the
More informationTERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE
TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained
More informationSaaS Terms & Conditions
SaaS Terms & Conditions TERMS OF USE: BY CLICKING THE REGISTER BUTTON DISPLAYED AS PART OF THE REGISTRATION PROCESS, YOU AGREE TO THE FOLLOWING TERMS AND CONDITIONS (THE AGREEMENT ) GOVERNING YOUR USE
More informationCompliance Management Systems
Certification Scheme Y03 Compliance Management Systems ISO 19600 ONR 192050 Issue V2.1:2015-01-08 Austrian Standards plus GmbH Dr. Peter Jonas Heinestraße 38 A-1020 Vienna, Austria E-Mail: p.jonas@austrian-standards.at
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationPrivacy Rules for Customer, Supplier and Business Partner Data
Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com
More informationGeneral Terms and Conditions of the Saxoprint GmbH Digital- & Offsetdruckerei partner programme
General Terms and Conditions of the Saxoprint GmbH Digital- & Offsetdruckerei partner programme By applying for a publisher job with the Saxoprint GmbH (in the following: Saxoprint) partner programme,
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationGENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE
GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE By using the Genoa Online system (the System ), you acknowledge and accept the following terms of use: This document details the terms of
More informationImproving self-regulation through (law-based) Corporate Data Protection Officials *
Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for
More informationPHOTOGRAPH LICENSE BETWEEN YOU AND DEATH TO THE STOCK PHOTO
PHOTOGRAPH LICENSE BETWEEN YOU AND DEATH TO THE STOCK PHOTO The Photograph (defined below) is provided to you ( you or Licensee ) by DTTSP LLC, an Ohio limited-liability company doing business as Death
More informationLEGAL NOTICES ~ 1. ACCESS TO THE WEBSITE
LEGAL NOTICES ~ N/réf. BL.CHOC.0001.BE/DR 17.09.2015 Welcome on the website : www.cafe-tasse.com éditd by CHOC AND CO SA. Dénomination sociale : CHOC AND CO SA Company Number : 0440.001.995 Head Office:
More informationTerms and Conditions for Embedded Software Products and Embedded Software Services
1 Terms and Conditions for Embedded Software Products and Embedded Software Services I. Delivery of Embedded Software Products of Vector (Standard Software) 1 Scope of Delivery 1.1 Vector shall deliver
More informationA clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries
A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries Questions marked with an asterisk * require an answer to be given.
More information