Data Protection, Software Licenses and other Legal Issues in the Cloud

Size: px
Start display at page:

Download "Data Protection, Software Licenses and other Legal Issues in the Cloud"

Transcription

1 Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012

2 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management

3 History Federal Data Protection Act outdated Intitially planned as protection against the state (1977) Way behind technical development Federal Constitutional Court has to fill the gaps Many unclear and open terms and clauses Data protection law fragmented and incomplete 3/46

4 Roots European legal sources: Data Protection Directive Directive concerning the processing of personal data and the protection of privacy in the telecommunications sector E-Commerce Directive Directive on privacy and electronic communications 4/46

5 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management

6 Data Protection Introduction Only personal data is being protected Section 3 Federal Data Protection Act (BDSG) (1) Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject). Examples: name, address, address, account details, etc. Very broad interpretation by courts/supervisory authorities (Google Street View, IP addresses etc.) 6/46

7 IP address as personal data Static IP address: Personal data Dynamic IP address: Data that can be related to individuals Link to a person easily possible personal data (example: access provider, local administrator) Link not possible or only possible with difficulties no personal data In doubt: treat it as personal data 7/46

8 Processing The processing of personal data is not allowed, unless it is explicitly permitted i.e. each processing of personal data requires a justification Processing is also defined very broadly: Includes e.g. storage, modification, transfer and deletion of data Consequence: almost every dealing with personal data requires a justification! 8/46

9 Justification Possible justifications Consent of the data subject (in the future only restrictedly allowed regarding employees) must be on an informed and voluntary basis revocable at any time Processing covered by the purpose of a contract (Sec. 28 Para. 1 no. 1 BDSG) Overriding interests (Sec. 28 Para. 1 no. 2 BDSG) Special regulations for employees (Sec. 32 Para. 1 BDSG) Company agreement ( Betriebsvereinbarung ) 9/46

10 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues

11 Special Requirements of Cloud Computing Data protection and privacy concerns primarily the relationship between the cloud user and the cloud provider Customer/Employee Cloud User Customer-/Employment contract Service contract/adv Cloud Provider 11/46

12 Special Requirements of Cloud Computing Generally, the data protection supervisory authorities regard the user as the responsible entity Responsible entity is someone who: Collects personal data for himself, or processes or uses personal data (or has this done by subcontractors), and while acting alone, or jointly with others, has control over the purposes and means of processing personal data 12/46

13 Special Requirements of Cloud Computing Users should only take advantage of cloud services if: They are able to entirely perform their duties as a responsible entity, and They have checked and approved the requirements for data protection and information security implemented by the provider 13/46

14 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues

15 Applicability of German Data Protection Law According to 1 para 5 BDSG, German data protection law applies when a non- European cloud provider collects, uses or processes data in Germany If an EU Member State based cloud provider collects, uses or processes data from Germany, then the law of that EU Member State applies ( 1 para 5 BDSG) In practice, it is difficult to enforce German law against foreign providers 15/46

16 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues

17 Guidance of the Data Protection Supervisory Authorities In 2011, the supervisory authorities adopted a guidance regarding cloud computing on how to comply with data protection law According to 34, 35 BDSG, it is the cloud user who remains obliged to correct, delete or block data, and to provide such information to those persons concerned But: the user has (if at all) only a very limited administrative, operating and controlling access to the infrastructure of the cloud provider Data protection authorities require: Agreement on contractual penalty against provider Obligation of the provider to arrange such rights with respect to sub-providers This is difficult in practice 17/46

18 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Classification Applicability of German Data Protection Law Demands of the German Data Protection Supervisory Authorities Transfer of Data Software Licenses Other Issues

19 Transfer of Data Even according to the planned amendment of German law regarding protection of employees' data the following will still apply: Group members are not privileged ( kein Konzernprivileg )! This means: Each transfer between group companies is to be treated as a transfer to a third party Transfer and processing by a group member is only permitted if justification is given In practice commissioned data processing helps 19/46

20 Data Transfer Cloud User Cloud Provider Customer/Employee ( data subject ) Cloud User( controller ) Cloud Provider ( processor ) Data transfer between cloud user and cloud provider is either Transfer pursuant to Section 28 BDSG OR Possible If: Necessary for a contractual relationship between data subject and controller (generally not given) or Necessary for legitimate interests of the controller, if no reason given that legitimate interests of the data subject regarding the exclusion of the processing prevails (risky solution as the supervisory authority could evaluate interests differently) Commissioned data processing pursuant to Section 11 BDSG Possible If: Agreement on commissioned data processing exists which was concluded in writing, meets the other requirements of Sec. 11 BDSG as well as is complied with. Company is then regarded as controller s right hand, i.e. no third party 20/46

21 Commissioned Data Processing Cloud User Cloud Provider Important requirement of commissioned data processing: Data processing must in fact be commissioned by cloud user According to the Düsseldorf Working Group the following criteria indicate commissioned data processing: No decision-making power by the processor concerning the data The controller is processing data under its own responsibility with respect to third parties Absence of an independent legal relationship by the processor to the data subjects 21/46

22 Commissioned Data Processing Cloud User Cloud Provider The following criteria argue against a commissioned data processing: Controller provides an independent right to use the data to processor Controller's lack of reasonable control to parts of the data processing The responsibility for the legitimacy of the data processing and the accuracy of the data shifts to the processor Processing of data, which were collected only on the basis of an independent legal relationship by the processor 22/46

23 Commissioned Data Processing Requirements of 11 Para. 2, sent. 2 BDSG The contract shall be in writing and has to specify in detail: Subject and duration of the contract The extent, nature and purpose of the data processing Technical and organizational security measures Process for the correction, deletion and blocking of data Controls Eligibility for subcontracting 23/46

24 Cross-Border Data Transfer Data processing in the Cloud is not localized Generally, users will not know, where their data is currently being processed Therefore: the provider must inform the users of all possible processing sites before the conclusion of the contract! 24/46

25 Data Transfer to EU Countries Within the EU/EEA If the data processing is physically held within the EU/EEA, it is generally not subject to any special requirements Provider as a data processor is not a third party Contractual obligation required, obliging the cloud provider to use only technical infrastructure within the EEA (also applying to possible subprocessors) 25/46

26 Data Transfer to non EU Countries Customer/Employee Cloud Provider Group member Data transfer in countries outside the EU: EU Commission: in general no adequate level of data protection is given outside the EU Background: only few other countries in the world have data protection standards comparable to those in the EU Consequence: each transfer of personal data from an EU member state to a non EU country requires additional measures 26/46

27 Data Transfer to non EU Countries Possible measures: Obtaining consent of the data subject (i.e. customers) Safe Harbor certification (only USA) maybe not sufficient any more in the near future Corporate binding rules Best solution: Agreement based on the EU model contracts between service provider and group member The transfer of personal data into non EU countries is generally not permitted without one of these measures! 27/46

28 Consequences of Data Protection Law Infringements Penalties Fines up to EUR 300, (+ skimming off excess profits) Possible compensation claims of those affected Criminal relevance in the case of intent + intended profits/damages / secrecy of telecommunications Injunctive relief and and claims for damages concerning employment law Inadmissibility of (improperly obtained) evidence Prohibition of specific processing of data Damage of reputation / bad press Especially in the case of customer data Highest risk in the practice 28/46

29 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management

30 Software Licenses the copy decides on license requirements Any reproduction of software requires the consent of the copyright holder, 69c Nr. 1 Copyright Law (Urheberrechtsgesetz - UrhG). Already the execution of software requires consent for its reproduction In the case of Cloud Computing, the question of who reproduces the software is difficult to answer 30/46

31 Software Licenses - transferable decision? Who makes the copy? The question of who is making the reproduction, has only to be regarded from a technical point of view. The reproduction as a physical definition of a work is a technical-mechanical process [...]. Therefore, manufacturer of reproductions is the one who technically takes care of this physical definition. It does not matter whether he uses technical means, even if these are provided by third parties." Federal Supreme Court, Judgment of 22. April 2009, I ZR 216/06 ("shift.tv") Transferability to Cloud Computing is controversial 31/46

32 Software Licenses Consequences of this Decision If, from a legal perspective, the user makes the copy: Cloud Computing users need usage rights for the software. The Provider must have these rights himself. The Provider must also be legally capable to transfer these rights to its customers. 32/46

33 Software Licenses Open Source and Cloud Computing Open Source Software under the GPL: Under the GPL, whoever changes and distributes software, must make the changes, including the source code, available to all third parties also under the GPL ( viral effect of the GPL). Is the use of customized open source software as part of cloud computing considered as distribution? Customizing services should be free and the source code should be available to third parties. Otherwise, according to the GPL, all usage rights terminate. Any such further use will constitute copyright infringement. 33/46

34 Software Licenses - GPLv3 Regulation of GPLv3: "Mere interaction with a user through a computer network with no transfer of a copy, is not conveying", Number 0 ("Definitions") Para. 7 GPLv3. If there is no transmission of a binary code, then GPLv3 does not apply The interpretation is uncertain. So far, no court desicions. Google, etc. use the uncertainty in order to avoid publication of sources for software used in cloud services The customer should insure themselves by contract (exemption, warranty) 34/46

35 Software Licenses - Best Practices As a supplier, be prepared that the traditional software license has become obsolete As a customer, get the provider to guarantee that he will give you the necessary rights to use the solution Agree on an indemnification for any claims from third parties with regard to license violations 35/46

36 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management

37 Standard of Liability A person acts negligently if he fails to exercise reasonable care. ( 276 Para. 2 German Civil Code) 37/46

38 Liability of the Company From production delays: Compensation from the delay, contractual penalties Breach of confidentiality agreements: Damages for Breach of Contract under 280 BGB If the recipient is not a contractual partner: Compensation for damages under 823 BGB Data compromised = Property infrigement (functionality and internal order) Organizational negligence of the management Contributory negligence 254 BGB ( Mitverschulden ) 38/46

39 Recommended Course of Action No security policy = Breach of care Insufficient IT security measures = Breach of care (i.e. Business-critical data in a public cloud) Cologne District Court 2003: In order for external service providers to develop an IT security policy: A written security policy is necessary for the implementation of security measures Clarification of legal issues in creating an IT security policy, or legal due diligence of the completed IT security policy before implementation Compliance with applicable IT security standards 39/46

40 Overview Introduction Data Protection Principles Special Requirements of Cloud Computing Software Licenses Other Issues Liability Exit Management

41 Change of Provider and Exit Duties of the old Provider The private contract is fulfilled The old provider is not obliged to help, but must only execute his contract and stop provision of services at the effective date of termination 41/46

42 Change of Provider and Exit Responsibilities of third parties Relevant with respect to software publishers as copyright holders There is no obligation to transfer their licenses at the request of customers, provided there has been no exhaustion of the distribution right 42/46

43 Change of Provider and Exit Conclusion Customer has only limited possibilities to exert influence on the old provider After all: Even the old provider should be concerned about his reputation 43/46

44 Change of Provider and Exit - Problems Support Services The old provider fulfils the contract, and does not support the transition. He is not required to support the transition to a new provider. Complete change of provider may fail 44/46

45 Change of Provider and Exit Best Practice Temporary maintenance of service Oblige old provider to provide further services after termination of the agreement Agree on fixed rates for transition services from the beginning. These conditions should remain unchanged Give the customer a contractual right to order separate services 45/46

46 Data Protection, Software Licenses and other Legal Issues in the Cloud OSDC 2012, Nuremberg 26. April 2012 Dr. Hendrik Schöttle Rechtsanwalt Fachanwalt für IT-Recht T +49 (0) M

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

GENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014

GENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014 GENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014 Section 1 Preamble The following software licence terms and conditions stipulate the extent of the rights

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

Binding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group

Binding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom

More information

Domain Name Registration Policy,

Domain Name Registration Policy, 1. General a. The Registry operates and administers the generic Top Level Domain (TLD).BAYERN and makes possible the registration of Domain Names under this TLD. b. Registrants wishing to register one

More information

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn

More information

Domain Name Registration Policy,

Domain Name Registration Policy, 1. General a. The Registry operates and administers the generic Top Level Domain (TLD).NRW and makes possible the registration of Domain Names under this TLD. b. Registrants wishing to register one or

More information

General Conditions of Business INET-CASH with Webmaster. (As of August 09, 2013)

General Conditions of Business INET-CASH with Webmaster. (As of August 09, 2013) 1 General Conditions of Business with Webmaster (As of August 09, 2013) A. General Conditions of Business... 2 1. Contract partners, contractual object... 2 2. Relationship between the parties... 2 3.

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy & Data Security: The Future of the US-EU Safe Harbor Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

General Terms and Conditions of Trade for the use of the Bitplaces management platform and the Bitplaces software

General Terms and Conditions of Trade for the use of the Bitplaces management platform and the Bitplaces software General Terms and Conditions of Trade for the use of the Bitplaces management platform and the Bitplaces software I. Definitions, application area / conclusion of contract 1. Definitions 1.1 "App" in the

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

ELECTRONIC SIGNATURE LAW

ELECTRONIC SIGNATURE LAW ELECTRONIC SIGNATURE LAW (Published in the Official Gazette ref 25355, 2004-01-23) SECTION ONE Purpose, Scope and Definitions Purpose Article 1 The purpose of this Law is to define the principles for the

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

General Terms and Conditions GTC

General Terms and Conditions GTC General Terms and Conditions GTC OnlineFootballManager ( OFM ) is an offer by OnlineFussballManager GmbH, Eupener Str. 60, D-50933 Cologne (referred to as OFM GmbH below), consisting of a browser-based

More information

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century Panel 1 Greater Regulation of Special Threats to Privacy Data Protection in the 21st Century Questions for Panel 1 Greater Regulation of Special Threats to Privacy I. Need for reform What are currently

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

Terms of Use 1. [Preliminary provision] 1. All capitalized expressions and other terms contained and used in the Terms are primarily meanings assigned to them below: 1) Application - Software made available

More information

Terms and Conditions for PDF24-Fax-Service

Terms and Conditions for PDF24-Fax-Service THIS TRANSLATION IS FOR YOUR INFORMATION ONLY! THE LEGALLY BINDING DOCUMENT ARE THE TERMS OF USE IN GERMAN, CF. FIGURE 6.2 OF THE TERMS OF USE Terms and Conditions for PDF24-Fax-Service 1 General (1) The

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Standard business terms

Standard business terms Standard business terms Cybertec Schönig & Schönig GmbH Gröhrmühlgasse 26 2700 Wiener Neustadt (Named Cybertec resp. contractor below) Edition 2014-01 1. General remarks 1.1 As contractor Cybertec provides

More information

HOB_Software_License_en 002 20120508

HOB_Software_License_en 002 20120508 Software License Agreement I. Scope of this Agreement The terms and conditions in this agreement apply to all software sold or provided for use by HOB and only to merchant as stated in sec. 310 para (1)

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Error! U nkno wn do cu ment prop ert y name. DOC Report. SIX Repo AG. Terms of Use for the Trading Platform of SIX Repo AG

Error! U nkno wn do cu ment prop ert y name. DOC Report. SIX Repo AG. Terms of Use for the Trading Platform of SIX Repo AG Error! U nkno wn do cu ment prop ert y name. DOC Report SIX Repo AG Terms of Use for the Trading Platform of SIX Repo AG 1 Purpose 1 The Terms of Use contain provisions on the use of the trading platform

More information

Journal of Laws No. 19-2117 - Item 101. The Act on Concession for Works or Services 1 2 of 9 January 2009. Chapter 1 General Provisions

Journal of Laws No. 19-2117 - Item 101. The Act on Concession for Works or Services 1 2 of 9 January 2009. Chapter 1 General Provisions Journal of Laws No. 19-2117 - Item 101 101 The Act on Concession for Works or Services 1 2 of 9 January 2009 Chapter 1 General Provisions Art. 1.1. This Act specifies the rules and procedures for concluding

More information

General software license conditions for permanent and temporary software licenses

General software license conditions for permanent and temporary software licenses General software license conditions for permanent and temporary software licenses 1 Subject matter of the agreement 1.1. The conditions on hand rule the licensing and maintenance of the computer programs

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Services Agreement between Client and Provider

Services Agreement between Client and Provider Services Agreement between Client and Provider This Services Agreement is part of the Member Contract between Client and Provider, effective upon Client s award and Provider s acceptance of a Job on the

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

Information Technology - Switzerland

Information Technology - Switzerland Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

General Terms and Conditions

General Terms and Conditions General Terms and Conditions 1. General remarks (1) These General Terms and Conditions apply to all legal relations established between the company JUTEC Biegesysteme GmbH (the "Provider"), Ottostr. 22,

More information

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS This document is a rough draft aiming at presenting key provisions, current clauses used in Cloud computing contracts and first drafts on possible

More information

.RUHR Domain Name Registration Policy

.RUHR Domain Name Registration Policy These registration conditions govern the rights and obligations of regiodot GmbH & Co. KG ("the registry") and the accredited registrars ("the registrars") and each party ("registrants") registering a

More information

3. "Consumer reporting agency" has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f).

3. Consumer reporting agency has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f). Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.

More information

Please fax, email or snail mail all five pages back to us at the above as soon as possible or by May 17 th at the latest.

Please fax, email or snail mail all five pages back to us at the above as soon as possible or by May 17 th at the latest. Phone: 970.259.6960 Fax: 970.259.5331 2530 Colorado Ave, Suite 2B Durango, CO 81301 Email: info@payrolldept.biz Hello Payroll Department Client: We need your signature! Attached you will find changes to

More information

Overview of Employment and Employee Privacy Laws and Key Trends in Austria

Overview of Employment and Employee Privacy Laws and Key Trends in Austria P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment

More information

Explanatory Notes Data Protection

Explanatory Notes Data Protection Explanatory Notes Data Protection Information booklet for staff members GDD Gesellschaft für Datenschutz und Datensicherheit e. V. Bibliographic Information of the German Library The German Library records

More information

Terms and Conditions for Embedded Software Products and Embedded Software Services

Terms and Conditions for Embedded Software Products and Embedded Software Services 1 Terms and Conditions for Embedded Software Products and Embedded Software Services I. Delivery of Embedded Software Products of Vector (Standard Software) 1 Scope of Delivery 1.1 Vector shall deliver

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

Terms of Service. 1. Content

Terms of Service. 1. Content This Web Hosting Agreement ("Agreement") sets forth the terms and conditions governing customer use of Fozzy Inc. ("Service Provider") for web hosting services. When you agree to these terms and conditions,

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)

Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015) Unofficial Translation Ministry of Employment and the Economy, Finland September 2015 Section 1. Objectives of the Act Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006)

More information

Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments

Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Andrew J. Hall Fenwick & West LLP April 16, 2013 Linux Foundation Collaboration Summit Presentation Topics Introduction

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

Data Security and Breach in Outsourcing Agreements

Data Security and Breach in Outsourcing Agreements Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel Digital, Technology, ecommerce & Privacy Practice Group November 19, 2015 Akiba Stern Partner,

More information

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the

More information

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions ELECTRONIC SIGNATURE LAW Purpose (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions Article 1 The purpose of this Law is to regulate the legal and technical

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment

DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment Service provider: (in the following Service Provider ) Street, number: Country: ZIP code, city: E-mail address: Website: www...

More information

GENERAL TERMS AND CONDITIONS OF PURCHASE

GENERAL TERMS AND CONDITIONS OF PURCHASE GENERAL TERMS AND CONDITIONS OF PURCHASE of EGSTON Eggenburger System Elektronik Gesellschaft m.b.h. and EGSTON System Electronic spol. s.r.o. (hereinafter referred to as "EGSTON") Table of contents Clause

More information

General Terms and Conditions of Business for the online store of H. Stoll AG & Co. KG

General Terms and Conditions of Business for the online store of H. Stoll AG & Co. KG General Terms and Conditions of Business for the online store of H. Stoll AG & Co. KG Section 1 Scope of application, Definition of terms 1) The following terms and conditions of business (hereinafter

More information

Software Licence Terms and Conditions for the Provision of Software of WIELAND Dental + Technik GmbH & Co. KG for an Indefinite Period

Software Licence Terms and Conditions for the Provision of Software of WIELAND Dental + Technik GmbH & Co. KG for an Indefinite Period Software Licence Terms and Conditions for the Provision of Software of WIELAND Dental + Technik GmbH & Co. KG for an Indefinite Period as of: April 2014 A. General License Terms 1. SCOPE 1.1 Object of

More information

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1

More information

DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009)

DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009) DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009) Service provider: (in the following Service Provider ) Street, number ZIP code, city E-mail address Internet addresses

More information

T: +43-(0)590900-3540 F: +43-(0)590900-3178 e-mail: ubit@wko.at http://www.ubit.at

T: +43-(0)590900-3540 F: +43-(0)590900-3178 e-mail: ubit@wko.at http://www.ubit.at Professional Association of Management Consultancy and Information Technology (Fachverband Unternehmensberatung und Informationstechnologie) Wiedner Hauptstraße 63 A-1045 Vienna T: +43-(0)590900-3540 F:

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Collision of subsidiary clauses in insurance contracts

Collision of subsidiary clauses in insurance contracts Dr. Anja Mayer Versicherungspraxis, June 2014 Insurance contract law Collision of subsidiary clauses in insurance contracts Insurance contracts often contain subsidiary clauses. Theses clauses have the

More information

General Terms and Conditions of Irlbacher Blickpunkt Glas GmbH

General Terms and Conditions of Irlbacher Blickpunkt Glas GmbH General Terms and Conditions of 1. Scope 1.1 All supplies and services by (in the following: Irlbacher) are subject exclusively to the following terms and conditions: 1.2 Terms and conditions of commercial

More information

MOBILE SERVICES AGREEMENT. Effective Date: 11 April 2013

MOBILE SERVICES AGREEMENT. Effective Date: 11 April 2013 MOBILE SERVICES AGREEMENT Effective Date: 11 April 2013 LMAX Mobile Services Agreement Effective date: 11 April 2013 We provide password protected software applications from which you can access your Account

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Terms and Conditions (AGB) for Internet Trading of the Company Karl Kaps Optik-Feinmechanik-Gerätebau GmbH & Co. KG (B2C)

Terms and Conditions (AGB) for Internet Trading of the Company Karl Kaps Optik-Feinmechanik-Gerätebau GmbH & Co. KG (B2C) Terms and Conditions (AGB) for Internet Trading of the Company Karl Kaps Optik-Feinmechanik-Gerätebau GmbH & Co. KG (B2C) 1 Area of Validity (1) The present terms and conditions contain the only terms

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

Regulation on Credit Reporting Industry

Regulation on Credit Reporting Industry Translated from Chinese Order of the State Council (No. 631) The Regulation on the Credit Reporting Industry, as adopted at the 228th session of the executive meeting of the State Council on December 26,

More information

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

GESIS Datenservice Unter Sachsenhausen 6-8 50667 Köln Fax: +49-221-47694-8420

GESIS Datenservice Unter Sachsenhausen 6-8 50667 Köln Fax: +49-221-47694-8420 GESIS Datenservice Unter Sachsenhausen 6-8 50667 Köln Fax: +49-221-47694-8420 Unless stated differently, please send this agreement to the address of the GESIS Data Service (see above). Should a different

More information

Key issues in data protection: a pan-european view

Key issues in data protection: a pan-european view Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision Software as a Service (SaaS) Contract By completing the registration form (ordering bexio), you shall become subject to the following General Terms and Conditions ("General Terms and Conditions"). I. Subject

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Contractor s liability and tax number in the construction sector

Contractor s liability and tax number in the construction sector Contractor s liability and tax number in the construction sector 2 Introduction This guide provides information on the contractor s obligation to check and the tax number used at construction sites. Construction-related

More information

Article 1: Subject. Article 2: Orders - Order Confirmation

Article 1: Subject. Article 2: Orders - Order Confirmation GENERAL CONDITIONS OF PURCHASE Article 1: Subject 1.1 The following general conditions of purchase (the "General Conditions") establish the contractual conditions governing the purchase of raw materials,

More information

IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE.

IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE. Terms & conditions for the use of this Website IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE. By using this website you are deemed to have full

More information

Service Description for the Registration and Administration of Domain Names by Swisscom

Service Description for the Registration and Administration of Domain Names by Swisscom Service Description for the Registration and Administration of Domain Names by Swisscom 1 Area of application This Service Description govern the conditions for the registration, administration, and use

More information

Improving self-regulation through (law-based) Corporate Data Protection Officials *

Improving self-regulation through (law-based) Corporate Data Protection Officials * Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for

More information

General Terms and Conditions of Purchase and Cooperation for Services

General Terms and Conditions of Purchase and Cooperation for Services General Terms and Conditions of Purchase and Cooperation for Services 1. General principles / Scope of application 1.1 Solely these General Terms and Conditions of Purchase and Cooperation for Services

More information

Act on Background Checks

Act on Background Checks NB: Unofficial translation Ministry of Justice, Finland Act on Background Checks (177/2002) Chapter 1 General provisions Section 1 Scope of application (1) This Act applies to background checks, which

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

Real Estate Agent Website Linking Agreement

Real Estate Agent Website Linking Agreement Real Estate Agent Website Linking Agreement Please fill in this form and fax it to the Toll Brothers Marketing Department Fax # - (215) 938-8217 [Date] [Address] [Telephone] Fax: Attn: [Name and title]

More information

Privacy Rules for Customer, Supplier and Business Partner Data

Privacy Rules for Customer, Supplier and Business Partner Data Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com

More information

Cloud Computing and Risk: A look at the EU and the application of. Protection Directive to cloud computing

Cloud Computing and Risk: A look at the EU and the application of. Protection Directive to cloud computing Infopreneurship Journal (IJ) Available online at www.infopreneurship.net Infopreneurship Journal (IJ), 2013, Vol.1, No.1 Cloud Computing and Risk: A look at the EU and the application of the Data Protection

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

General Business Terms and License Conditions of Paessler AG

General Business Terms and License Conditions of Paessler AG TERMS General Business Terms and License Conditions of Paessler AG The following Terms and Conditions can be downloaded from Paessler AG s website and be printed: http://www.paessler.com/order/terms. Upon

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

SaaS Terms & Conditions

SaaS Terms & Conditions SaaS Terms & Conditions TERMS OF USE: BY CLICKING THE REGISTER BUTTON DISPLAYED AS PART OF THE REGISTRATION PROCESS, YOU AGREE TO THE FOLLOWING TERMS AND CONDITIONS (THE AGREEMENT ) GOVERNING YOUR USE

More information