I. Personal data and its use in the business to business environment.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "I. Personal data and its use in the business to business environment."

Transcription

1 RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH DATA. A. INTRODUCTION The Direct Marketing Association (UK) Ltd (DMA) welcomes the opportunity to respond to the consultation in connection with the preparation of the European Commission's first report on the implementation of the Data Protection Directive ("the Directive") The DMA and its Members The DMA is Europe's largest trade association in the marketing and communications sector, with over 870 corporate members and positioned in the top 5% of UK trade associations by income billion was spent on direct marketing activity in 2001 (DMA Census of the Direct Marketing Industry 2001/2). The DMA represents both advertisers, who market their products using direct marketing techniques, and specialist suppliers of direct marketing services to those advertisers - for example, advertising agencies, mailing houses, list brokers, computer bureaux, database companies, etc. The DMA also administers the Mailing Preference Service and other self-regulatory mechanisms designed to protect consumers. On behalf of its membership, the DMA promotes best practice, through its Codes, in order to maintain and enhance consumers' trust and confidence in the direct marketing industry. The Direct Marketing Authority is an independent body that monitors industry compliance. B SUMMARY OF DMA's RESPONSE I. Personal data and its use in the business to business environment. The DMA is concerned that the current definition of personal data may catch data such as job title and business address, which should not be considered personal data if it is simply used to ensure that communications reach the right employee

2 II. Applicable law and jurisdiction Differences between the national laws in the Member States mean that multinational companies with branches and subsidiary companies throughout the EEA should only have to comply with the data protection legislation in the EEA country where their principal office is located. III Transfer of Personal Data to third countries and use of contracts Globalisation and the growth of the Internet mean that the Directive needs to be amended to allow greater use of company group wide security/privacy policies as a method of allowing transfers to third countries. IV. Sensitive Personal Data The definition causes problems for business in that they may be inadvertently holding sensitive personal data. Data subjects do not gain any real benefit from the extra protection. The category should therefore be deleted. V. Right of Access - Data Subject Access Requests Owing to the increase in the amount of data held on data subjects, data controllers should be exempt from providing a full data subject access request when to do so would involve a disproportionate effort on the part of the data controller VI. Notification The notification system is a regulatory burden on businesses and ties up resources at the national data protection authorities. Our view is that the requirement to notify should be removed. C SPECIFIC COMMENTS ON THE DIRECTIVE 1. Personal Data and its use in the business-to-business environment (Article 2 Definitions) We are concerned about the issue that name, job title and workplace addresses may be considered to be personal data. This poses problems for companies as often they only hold this information for the purpose of ensuring that the communication reaches the correct person in the other organisation. The growth of Internet and usage since the Directive was passed makes reform in this area essential. The Direct Marketing Association (UK)

3 Limited in their Code of Practice (2 nd Edition) suggest a simple test for determining whether or not such data is personal or business data which is as follows:" if the job holder changes will there be any changes to the data other than the change in the jobholder's name, If the answer is yes then the data is personal data, if no then it is business data." DMA recommendation is for an exemption from the definition of personal data for basic contact information (name, job title and workplace address) about an employee held either by the employer or by another organisation, which has a relationship with the employer. We accept that in the case of sole traders and partnerships this basic information would remain personal data. Employees already have sufficient protection through the duty of trust and confidence between an employer and an employee to cover unlawful disclosure of an employee's address by an employer. We are aware that the European Commission has launched a first stage consultation on the protection of workers personal data. We believe that Directive 95/46 provides sufficient protection for workers personal data. The UK Information Commissioner is in the final stages of producing The Employment Practices Data Protection Code, which deals with issues of workers personal data. We would suggest that there is no need for action at the European level in this field and it should be left up to national data protection authorities to clarify the application of Directive 95/46 to workers personal data. DMA recommendation is that there is no need for further action to protect workers personal data. 2. Applicable law and jurisdiction (Article 4) The Directive was introduced under the Internal Market provisions and was designed to harmonise data protection legislation throughout the EEA. However there are differences in implementation between Member States, for example some require an opt -in approach fo personal data being passed on to third parties, whereas others require an opt -out approach. This makes it difficult for members of the DMA, who are increasingly becoming involved in pan European marketing programmes. Many companies, particularly SMEs, do not have the resources either to check the data protection legislation in the 15 Member States internally or to afford the costs for professional advice in this area. This position will only worsen with expansion of the EU to include the current candidate countries from Central and Eastern Europe. Furthermore there is a problem for companies who have offices throughout the EEA. Each individual office may have to notify the relevant data protection authority and comply with the national law in the country where the office is located. The company is likely also to be transferring personal data relating to employees and customers between different countries within the EEA. Clearly the current legislative situation is not practical in today's business world.

4 DMA recommendation is that, if notification is retained, there should be a system whereby a company can have one notification in the EEA country where its principal office is located. This would cover it for all the other countries in the EEA, where it has offices. Similarly the Data Protection Authority in the country where the company had notified would take the lead in any enforcement action. The company would only have to comply with the data protection legislation in the country where the notification was made and the Directive. 3. Sensitive Personal Data - (Article 8) In the direct marketing arena it is perfectly possible for a data controller to inadvertently hold sensitive personal data, such as medical or health information, about a data subject, which is for the benefit of the individual. The data controller may not always have the explicit consent of the data subject or be able to process the sensitive data under one of the exemptions. DMA recommendation is for the definition of sensitive personal data to be abolished. Whether or not the processing of sensitive personal data was fair could be dealt with under the fair processing code in Article Right of Access - Data Subject Access Requests ( Article 12) There are problems with this right for both data controllers and data subjects. Data controllers, particularly SMEs can find it expensive in time and resources to comply with a data subject access request, especially if they hold a large amount of information about the data subject. The increasing use of has caused part of the problem. It is quite likely that the data subject is only interested in one particular piece of information or is looking for confirmation from the data controller that the data subject' s record has been changed as requested. DMA recommendation is for there to be a exemption for data controllers where a disproportionate effort would be required on the part of the data controller to comply with a data subject access request. 5. Notification (Article 18) We do not see the need for the notification provisions to remain. The national data protection authorities can take enforcement action against companies, who are in breach of data protection legislation, regardless of whether the companies have notified or not. Many businesses see notification as a regulatory burden. We accept that there may be certain benefits for consumers and other businesses in knowing that a particular company has notified its national data protection authorities of its activities, but on balance we believe that the requirement to notify should be removed. This would free up resources at the national protection authorities and allow more resources to be diverted to enforcement action. DMA recommendation is for this article to be deleted.

5 6. Transfer of Personal Data to third countries and use of contracts (Articles 25 and 26) Developments since 1995 have meant that these Articles need revision. Firstly the growth of the Internet, in particular and online shopping, since 1995 has been one of the profound changes to the way business-to-business and business to consumers communicate with each other. Secondly globalisation has meant an increase in the number of global companies who have branches or subsidiary companies within the EEA and need to store and access customer and employee information on a global basis. This has meant that there is a far greater amount of personal data, which is being transmitted from the EEA to other third countries than was the case in Although the agreement with the USA on the Safe Harbor Principles is a welcome development, there are problems with it, in particular the fact that it does not extend to the financial services. industry. The number of countries that have been given adequate level of protection status is limited. It is also not practical to expect companies with multiple branches and subsidiaries to enter into multiple contractual arrangements within the group for the transfer of personal data. Many global companies have sought to develop group wide security and privacy policies, and rely on the provisions in Article 26 (2). It is interesting to note that the use of these policies has been one of the reasons why the 1995 Directive has become the global standard. DMA recommendation is that there should be specific reference to group wide security and privacy policies as a means of complying with Article 26(2). The national data protection authorities clearly do not have the resources to approve every security/privacy policy and therefore prior approval by the authority should not be required. Rather there should be a presumption that such a security or privacy policy provides an adequate level of protection until proved otherwise through enforcement action taken as a result of a complaint by an individual. D. COMMENTS ON ISSUES RAISED IN THE QUESTIONNAIRES 1.Use of the Internet. As already noted above in the comments on Articles 25 and 26, the growth of the internet has been one of the major developments in the online world since The DMA has actively been involved in giving consumers confidence to shop online, through its membership of the Alliance for Electronic Business (AEB), a partnership between the following UK organisations, Confederation of British Industry, Intellect, and the e-centre. The AEB, together with the UK Consumers Association has set up Trust UK as an initiative to accredit the on -line codes of practice of associations and organisations whose members' websites display an e-hallmark. This initiative has the endorsement of the UK Government.. The DMA has achieved Trust UK approval for its codes of Practice on Electronic Commerce and Commercial Communications to Children Online. All DMA members have to comply

6 with the codes, and those who carry out e-business must therefore display the Trust UK logo, which provides a means for consumers to complain about web trading activities. The DMA believes that the use of such codes of practice is way to encourage consumer confidence rather than a specific legislation dealing with data protection issues and the Internet. E.CONCLUSION The DMA welcomes the extensive consultation process, which the European Commission is engaging in this revision of the Directive. A representative from the DMA will be attending the conference at the end of September. Please contact us if you wish to discuss any of the points raise in this consultation in greater detail. The Direct Marketing Association (UK) Limited 30 August 2002

Privacy Policy for Data Collected by Blue State Digital s Clients

Privacy Policy for Data Collected by Blue State Digital s Clients Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),

More information

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner Submission of the Office of the Data Protection Commissioner (DPC) on the data-sharing and Governance Bill: - Policy Proposals (dated the 1 st of August 2014) Public Consultation regarding Data Sharing

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive Oliver Brettle London Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive 6 th Annual Privacy Law Symposium April 27, 2006 The Focus Part I an overview on data

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Privacy Statement. What Personal Information We Collect. Australia

Privacy Statement. What Personal Information We Collect. Australia Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

d. Members shall not conduct their business in a manner which tends to bring either BRBA or the BMF or its membership into disrepute.

d. Members shall not conduct their business in a manner which tends to bring either BRBA or the BMF or its membership into disrepute. Boat retailers and brokers who are Members of the Boat Retailers and Brokers Association ( BRBA ), a Group Association of the British Marine Federation (BMF) must adhere to the following terms: 1. Standard

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

CONSULTATION ON A POSSIBLE STATUTE FOR A EUROPEAN PRIVATE COMPANY (EPC)

CONSULTATION ON A POSSIBLE STATUTE FOR A EUROPEAN PRIVATE COMPANY (EPC) EUROPEAN COMMISSION Internal Market and Services DG MARKT/ 19.07.2007 CONSULTATION ON A POSSIBLE STATUTE FOR A EUROPEAN PRIVATE COMPANY (EPC) Consultation by the Services of the Internal Market Directorate

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

QUESTIONNAIRE ON CONTRACT RULES FOR ONLINE PURCHASES OF DIGITAL CONTENT AND TANGIBLE GOODS

QUESTIONNAIRE ON CONTRACT RULES FOR ONLINE PURCHASES OF DIGITAL CONTENT AND TANGIBLE GOODS QUESTIONNAIRE ON CONTRACT RULES FOR ONLINE PURCHASES OF DIGITAL CONTENT AND TANGIBLE GOODS Information about the respondent 1. Please enter your full name OR the name of the organisation / company / institution

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision

Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision September 2014 1 The General Pharmaceutical Council is the regulator for pharmacists, pharmacy

More information

DailyMailz may collect and process the following personal information about you:

DailyMailz may collect and process the following personal information about you: Privacy Policy DailyMailz is committed to preserving the privacy of all visitors to its website www.dailymailz.nl ("Website"). This privacy policy along with DailyMailz s terms and conditions of use and

More information

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 You should read this guide if you. advertise goods or services online (i.e. via the Internet, interactive television or mobile telephone) sell goods or services

More information

PRIVACY POLICY. "Personal Information" comprising:

PRIVACY POLICY. Personal Information comprising: PRIVACY POLICY Uniqlo is committed to respecting the privacy rights of visitors to its website. This privacy policy ("Policy") explains how we collect, store and use personal data about you when you browse

More information

The Regulation of Unfair Practices in TV and Radio Advertisements

The Regulation of Unfair Practices in TV and Radio Advertisements The Regulation of Unfair Practices in TV and Radio Advertisements BCAP Consultation Document Issued: 24 June 2008 Closing date for responses: 22 July 2008 2 The Regulation of Unfair Practices in TV and

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include: ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Privacy Policy. Ignite your local marketing

Privacy Policy. Ignite your local marketing Privacy Policy Ignite your local marketing Contents 1) Introduction... 3 2) What is your personal information?... 3 3) What personal information do we collect and hold?... 3 4) How do we collect your personal

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Guidance Note. on the. Use of Internet for Insurance Activities

Guidance Note. on the. Use of Internet for Insurance Activities GN8 Guidance Note on the Use of Internet for Insurance Activities Office of the Commissioner of Insurance Table of Contents Page INTRODUCTION... 1 INTERPRETATION... 2 IDENTITY OF SERVICE PROVIDERS... 3

More information

Westpac Business Debit MasterCard Application

Westpac Business Debit MasterCard Application Westpac Business Debit MasterCard Application Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714 In order to apply for a Westpac Business Debit MasterCard, the following

More information

PRIVATE HEALTH INSURANCE INTERMEDIARIES. DOCUMENT 1: Self-Audit Guide for All Members of PHIIA JUNE 2015 VERSION 2

PRIVATE HEALTH INSURANCE INTERMEDIARIES. DOCUMENT 1: Self-Audit Guide for All Members of PHIIA JUNE 2015 VERSION 2 PRIVATE HEALTH INSURANCE INTERMEDIARIES DOCUMENT 1: Self-Audit Guide for All Members of PHIIA JUNE 2015 VERSION 2 9 For All Members of PHIIA Code Compliance Committee Private Health Insurance Intermediaries

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

PRIVACY NOTICE. Last Updated: March 24, 2015

PRIVACY NOTICE. Last Updated: March 24, 2015 PRIVACY NOTICE Your access to and use of this website is governed by the TERMS OF WEBSITE USE and the following PRIVACY NOTICE. Please read them carefully as they constitute a legally binding agreement

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

PRIVATE HEALTH INSURANCE INTERMEDIARIES CODE OF CONDUCT JUNE 2015 VERSION 2

PRIVATE HEALTH INSURANCE INTERMEDIARIES CODE OF CONDUCT JUNE 2015 VERSION 2 PRIVATE HEALTH INSURANCE INTERMEDIARIES CODE OF CONDUCT JUNE 2015 VERSION 2 CONTENTS PART A - Page 4 GENERAL 1. INTRODUCTION 2. OUR COMMITMENT UNDER THE CODE 3. PRIVATE HEALTH INSURANCE ENVIRONMENT PART

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

MEMBI PRIVACY POLICY

MEMBI PRIVACY POLICY MEMBI 1 PURPOSE OF OUR POLICY 1.1 Membi Limited (Company Number 09775238) of 396a Kingston Road, Kingston Road, London SW20 8LL, United Kingdom (Membi, we, us or our) provides the services offered on the

More information

Privacy Policy for Data Collected by Blue State Digital

Privacy Policy for Data Collected by Blue State Digital Privacy Policy for Data Collected by Blue State Digital Overview Blue State Digital LLC. ( Blue State Digital, BSD or we ) provides various services to non- profit entities and other related businesses

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including

More information

THE CLAIMS MANAGEMENT CODE ( the Code )

THE CLAIMS MANAGEMENT CODE ( the Code ) THE CLAIMS MANAGEMENT CODE ( the Code ) CONTENTS 1 Introduction 2 Principles 3 Publishing the Code 4 Training and Competence 5 Advertising, Marketing and Promotional Activities 6 Charges 7 Information

More information

Federated Access Management

Federated Access Management Federated Access Management Document Version: 2 DRAFT Date: Oct 2011 Author (Version 2): Andrew Cormack (JANET(UK)) Authors (Version 1): Andrew Cormack (JANET(UK)), Eva Kassenaar (SURFnet), Mikael Linden

More information

AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010

AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E means AC&E Insurance Services Pty Ltd (ABN 69 137 720 757). AC&E has always valued the privacy of personal information.

More information

A list of CIArb subsidiaries relevant to this notice and their activities is set out below.

A list of CIArb subsidiaries relevant to this notice and their activities is set out below. CHARTERED INSTITUTE OF ARBITRATORS DATA PRIVACY NOTICE INTRODUCTION This data protection notice explains what personal data will be collected by the Chartered Institute of Arbitrators and its subsidiary

More information

Safe Harbor Questionnaire

Safe Harbor Questionnaire Safe Harbor Questionnaire This questionnaire is aimed at gathering relevant information with regard to the Safe Harbor certification of the data importer. It should be completed by personnel with knowledge

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

1. TYPES OF INFORMATION WE COLLECT.

1. TYPES OF INFORMATION WE COLLECT. PRIVACY POLICY GLOBAL ASSESSOR POOL, LLC, DBA PINSIGHT ( Company or we or us ) is committed to protecting your privacy. We prepared this Privacy Policy to describe our practices regarding the information

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.

More information

PRIVACY POLICY AND INFORMATION ON COOKIES

PRIVACY POLICY AND INFORMATION ON COOKIES PRIVACY POLICY AND INFORMATION ON COOKIES This privacy policy governs the collection, storage and use of personal information (meaning any information about you which is personally identifiable namely:

More information

The new EU Clinical Trials Regulation How NHS research and patients will benefit

The new EU Clinical Trials Regulation How NHS research and patients will benefit the voice of the NHS in Europe Briefing September 2014 Issue 19 The new EU Clinical Trials Regulation How NHS research and patients will benefit Who should read this briefing? This briefing will be of

More information

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Notes: Soft opt-in rules, denoted with a * within the consent for marketing columns below, generally allow marketing

More information

Principal Members. February 1, 2007. Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616

Principal Members. February 1, 2007. Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616 February 1, 2007 Principal Members Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616 Via email: consumer@pc.gov.au The Australasian Compliance Institute

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

PERSONAL DATA PROTECTION POLICY RELATING TO CIGNA EUROPE INSURANCE COMPANY S.A.-N.V. SINGAPORE BRANCH

PERSONAL DATA PROTECTION POLICY RELATING TO CIGNA EUROPE INSURANCE COMPANY S.A.-N.V. SINGAPORE BRANCH PERSONAL DATA PROTECTION POLICY RELATING TO CIGNA EUROPE INSURANCE COMPANY S.A.-N.V. SINGAPORE BRANCH Personal data protection in Singapore is regulated by the Personal Data Protection Act 2012 (the PDPA

More information

MIS Privacy Statement. Our Privacy Commitments

MIS Privacy Statement. Our Privacy Commitments MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY

BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY NOTICES RELATING TO THE OPERATION OF THIS POLICY Attention is drawn to Section 21 of the Insurance Contracts Act 1984 (Commonwealth) which provides

More information

Australian Privacy Principle 7 direct marketing

Australian Privacy Principle 7 direct marketing Australian Privacy Principle 7 direct marketing Chapter 7 Draft version, September 2013 Key points... 2 What does APP 7 say?... 2 What is direct marketing?... 3 When are agencies covered by APP 7?... 4

More information

DATA PROMOTIONAL OFFERS ARKETING TO CHILDREN CODE OF PRACTICE FINANCIAL SERVICES CHARITIES NVIRONMENTAL RESPONSIBILITY EMAIL MARKETING

DATA PROMOTIONAL OFFERS ARKETING TO CHILDREN CODE OF PRACTICE FINANCIAL SERVICES CHARITIES NVIRONMENTAL RESPONSIBILITY EMAIL MARKETING Direct Marketing CODE OF PRACTICE CATALOGUE & HOME SHOPPINGDIRECT MAIL e-commerce FAX MARKETING CHARITIES FINANCIAL SERVICES DATA DIRECT MARKETING COMMISSION EMAIL MARKETING PROMOTIONAL OFFERS NVIRONMENTAL

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

EU Employment Law Euro Info Centre December 2006

EU Employment Law Euro Info Centre December 2006 EU Employment Law Euro Info Centre December 2006 CONTENTS EU Employment Law 2 1. Anti-discrimination 2 2 2 2. Equal treatment of men and women in the workplace 3 3 3 3. Fixed and part time work including

More information

Chapter 7: Australian Privacy Principle 7 Direct marketing

Chapter 7: Australian Privacy Principle 7 Direct marketing Chapter 7: APP 7 Direct marketing Version 1.0, February 2014 Chapter 7: Australian Privacy Principle 7 Direct marketing Version 1.0, February 2014 Key points... 2 What does APP 7 say?... 2 Direct marketing...

More information

PRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2

PRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2 PRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2 CONTENTS PART A - Pages 3-4 INTRODUCTION 1. ACCEPTANCE OF CODES 2. CODE COMPLIANCE 2.1 CODE COMPLIANCE COMMITTEE 3. REVIEW AND

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

I loved reading the terms & conditions! said no one, ever. term deposit terms + conditions

I loved reading the terms & conditions! said no one, ever. term deposit terms + conditions I loved reading the terms & conditions! said no one, ever term deposit terms + conditions index. Part a - general terms and conditions. 2 1 Purpose of this booklet. 2 2 Meaning of words used. 2 3 Opening

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States

International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presentation to: Ninth Annual Pharmaceutical Regulatory and Compliance

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 Contents Introduction to ANZ s Privacy Policy 4 Collecting your personal information 6 Using your personal information 9 Disclosing your personal information

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant

More information

FlexPlus Current Account Identity Theft Assistance

FlexPlus Current Account Identity Theft Assistance FlexPlus Current Account Identity Theft Assistance Welcome to your FlexPlus guide for Identity Theft Assistance Within this document you will find key information to help you understand everything that

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

ONLINE SAVINGS ACCOUNT.

ONLINE SAVINGS ACCOUNT. ONLINE SAVINGS ACCOUNT. TERMS AND CONDITIONS. THE FINE PRINT. All the details to keep everyone smiling. ABOUT THIS BOOKLET. Congratulations on choosing an Online Savings Account with ME Bank. We know that

More information

Privacy Policy documents for

Privacy Policy documents for Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General

More information

Ecommerce Applications 2009/10. E-Commerce Applications UK e-commerce Regulations

Ecommerce Applications 2009/10. E-Commerce Applications UK e-commerce Regulations E-Commerce Applications UK e-commerce Regulations Overview Regulation provisions Who does it affect Court jurisdiction Information requirements Electronic communications Electronic contracting What is

More information

Putting Consumers First. Code of Practice. 2014 The Professional Financial Claims Association. All rights reserved.

Putting Consumers First. Code of Practice. 2014 The Professional Financial Claims Association. All rights reserved. Putting Consumers First Code of Practice 2014 The Professional Financial Claims Association. All rights reserved. Introduction The members of the Professional Financial Claims Association (PFCA) wish to

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd

More information

Alpha Securities. Privacy Policy. Issued by Alpha Securities Pty Ltd

Alpha Securities. Privacy Policy. Issued by Alpha Securities Pty Ltd Alpha Securities Privacy Policy Issued by Alpha Securities Pty Ltd Effective May 2014 Contents About this policy 3 What is personal information? 3 What kinds of personal information do we collect and hold?

More information

Important information about your credit card account ( Account )

Important information about your credit card account ( Account ) Important information about your credit card account ( Account ) This notice is provided to you with your December 2013 statement of Account and details changes to the terms and conditions of your account

More information

Talen Energy Corporation Website Privacy Notice

Talen Energy Corporation Website Privacy Notice Talen Energy Corporation Website Privacy Notice Talen Energy Corporation and its affiliates (collectively referred to in this notice as Talen Energy, we, us, our and other similar pronouns), have developed

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY Version 1-1 1 July 2015 Blue Badge Insurance Australia Pty Ltd 2014 ABN 59 162 783 306 A.R. No. 438547 is an Authorised

More information

ESTRO PRIVACY AND DATA SECURITY NOTICE

ESTRO PRIVACY AND DATA SECURITY NOTICE ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

2.1 It is an offence under UK law to transmit, receive or store certain types of files.

2.1 It is an offence under UK law to transmit, receive or store certain types of files. Website Hosting Acceptable Use Policy 1. Introduction 1.1 Jarrett & Lam Consulting s Acceptable Use Policy for hosting customers to protect our resources, the resources of our customers and to ensure that

More information

Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal Form

Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal Form Tranznet Association Inc Arranges the insurance IMPORTANT INFORMATION Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

FUNDRAISING STANDARDS BOARD STAGE 3 ADJUDICATION REPORT

FUNDRAISING STANDARDS BOARD STAGE 3 ADJUDICATION REPORT FUNDRAISING STANDARDS BOARD STAGE 3 ADJUDICATION REPORT Case Number: W20150311-FS02044 Respondent: Breast Cancer Campaign/Insight CCI Limited Complaint: The complainant believes that their Telephone Preference

More information

Debt collection guidance

Debt collection guidance Debt collection guidance Final guidance on unfair business practices July 2003 (updated December 2006) OFT664 Further copies Further copies of this report can be downloaded from our website at www.oft.gov.uk

More information