GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS

Size: px
Start display at page:

Download "GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS"

Transcription

1 [doc. web n ] Spamming: How to Lawfully Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof. Gaetano Rasi and Mr. Mauro Paissan, Members, and Mr. Giovanni Buttarelli, Secretary-General, having convened today, HAVING REGARD to the complaints and reports lodged with this Authority concerning the improper use of electronic mail for advertising and promotional purposes, HAVING REGARD to the decisions taken by the Garante in this sector and considering it necessary to issue a general provision concerning the application of the relevant regulations, HAVING REGARD to Act no. 675 of 31 December 1996 [Data Protection Act], legislative decree no. 171 of 13 May 1998 [transposing EC Directive 97/66 into domestic law] and other applicable regulations, HAVING REGARD to the records on file, HAVING REGARD to the considerations made by the Secretary General pursuant to Section 15 of the Garante's Regulations no. 1/2000, ACTING on the report by Mr. Mauro Paissan, WHEREAS 1. The inconvenience suffered by many users This Authority has been receiving several hundreds of complaints and reports lodged by users of electronic networks as well as by user and consumer protection associations, referring to the circumstance that messages have been received for promotional, advertising, commercial information and/or direct selling purposes without the recipients' prior informed consent. Many data subjects have also complained of the additional inconvenience resulting from the messages continuously dispatched by the same sender-data controller as well as from the fruitless attempt either to have their own addresses erased by the sender(s) or to prevent additional messages from being delivered. Yet other reports deal with the inconvenience deriving from the receipt of s showing either no sender's name or no address, or else containing untrue sender information. In most cases, the data subjects have not been requested to provide their prior specific consent as required by law after being appropriately informed about the underlying arrangements and features of the messages. In other cases, the messages appear to have been sent by companies to customers again without any type of consent in order to promote products and services that are similar to those they supply to such customers on the basis of a contractual relationship, or else to offer other products or services that are distributed also by third parties. The Garante has provided assistance to many citizens, pointing out the relevant safeguards; it has also actively co-operated at community level to achieve the adoption of common decisions by the EU data

2 protection authorities, which have been posted both on the EU Commission's and on the Garante's web site (www.garanteprivacy.it). The Garante has also found that many complaints lodged under Section 29 of the Data Protection Act were grounded, and has subsequently issued specific prohibitions in respect of data processing operations. Proceedings have been also instituted to impose the relevant administrative sanctions and the case files have been transmitted to the competent judicial authorities whenever the commission of criminal offences has been detected. In co-operation with police officers, who had been entrusted by this Authority with the performance of the necessary controls and the enforcement of specific provisions, several measures have been applied on the spot at the premises of service providers and/or other data controllers in order to temporarily suspend unlawful personal data processing operations performed by entities that had been found to carry out this type of activity on a systematic basis. Finally, audits have been carried out concerning other Internet access providers and additional entities to investigate compliance of processing operations with the legislation in force. Based on these premises, the Garante considers it necessary to issue a general provision specifying what measures are to be adopted by this industry sector in order to abide by data protection legislation - with particular regard to the communications sector. Furthermore, the Garante considers it necessary to prohibit unlawful processing operations as referred to in other reports that are hereby dealt with by a single decision in particular those concerning identifiable data controllers. 2. Lawfully sending s for advertising purposes addresses contain personal information that must be processed in compliance with the relevant regulations (Section 1(1), letter c) of the Data Protection Act). Their use for promotional and/or advertising purposes is only allowed if the data subject has given his or her prior free, specific and informed consent thereto. Consent is necessary regardless of the fact that the addresses are created and used automatically by software applications without any human intervention, or that no check is made as to their activation or the recipients' identity, or that the addresses are not stored after sending the relevant messages. These mechanisms are based on the choice made available to data subjects further to the so-called opt-in approach, and were re-affirmed in 1998 by legislative decree no. 171/1998 even before EC Directive 2002/58 provided for extending them to all EU countries. This Authority has repeatedly addressed the issue at stake by stating that the availability of addresses on the Net does not imply that those addresses may be used freely to send advertising messages (see the Garante's decision of 11 January 2001). In particular, the data relating to individual users participating in discussion groups on the Internet are made known exclusively for taking part in a given discussion and may not be used for different purposes in the absence of their specific consent (see Section 9(1), letters a) and b) of the Data Protection Act). A similar conclusion can be drawn as regards the addresses contained in an Internet provider's subscriber list again, if the free, specific consent of such subscribers is lacking and/or the addresses that are published on web sites of public entities for institutional purposes. The above considerations also apply to advertising messages sent to web site managers including those of private entities by using the addresses that either are published on the respective web sites or can be obtained by interrogating the lists of domain name registrants. Indeed, in the latter case the availability of the addresses on the Net is aimed at providing information on the person that is responsible for technical and/or administrative matters in connection either with a domain name or with other functions related to Internet-based services e.g. for the protection of several rights under criminal and civil law,

3 also pursuant to the Data Protection Act -, whereas it is not meant to signify the data subject's agreement to receiving advertising messages. In all the cases mentioned so far, the often massive ing results into an unjustified breach of the recipients' rights. Indeed, the recipients are obliged to keep up the Internet connection for a long time in order to receive the messages, browse them and select those they were awaiting or are willing to accept, and to incur the costs arising from the telephone connection which are sometimes increased on account of the considerable size of the messages delivered, making all the above operations lengthier or else to implement special "filters", check more carefully for the presence of viruses or quickly delete materials that are unsuitable for children especially within a household. This inconvenience also affects both SMEs and major companies receiving a considerable number of messages, since they are required to take measures internally and incur organisational and other costs to fight against it. The circumstance that advertising costs are charged to users in a utterly unjustified manner also applies to the messages sent by natural persons who, in several cases addressed by this Authority, do not limit themselves to occasionally sending out communications, but rather undertake systematic communication activities for personal purposes or even disseminate data in a way entailing application of personal data protection legislation (see Section 3 of Act no. 675/1996). 3. The legal framework applying to information and consent The contents of the information notice to be provided to data subjects as well as the cases in which the data subjects' express consent is required or may be dispensed with are set out in the Data Protection Act (Sections 10, 11, 12 and 20 of Act no. 675/1996). In this regard, it should be pointed out, again, that consent may not be considered unnecessary because the personal data concerning an individual's address are allegedly "public" in that they are available to everyone. The relevant legislation (see Section 12(1), letter c), and Section 20(1), letter b) of the Data Protection Act) only applies in connection with publicly available registers, lists, records or documents if there are provisions in force specifically requiring said registers etc. to be available on a general basis whereas this is not the case if the personal data are publicly available merely on account of factual circumstances. Only think not only of the aforementioned collection of data via web sites and/or messages transmitted via newsgroups and/or mailing lists, but also of the addresses that are collected on the Net by means of ad-hoc software and standard search engines. In our legal system, the consent requirement was therefore applicable to the sending of any message for direct marketing purposes long before this principle was laid down without exceptions at European level by Directive 2002/58/EC, which is currently being transposed (see, in particular, Article 13 and Recital no. 40 of the latter). The above view is further supported by the legislation concerning consumer protection in distance selling; with regard to the underlying relationship in whose connection personal data are to be processed, suppliers are prohibited from using for specific purposes - including advertising activities - in the absence of a consumer's prior consent (see Section 10(1) of legislative decree no. 185 of 22 May 1999). Conversely, the provisions laid down in the recently enacted decree on e-commerce (legislative decree no. 70 of 9 April 2003) are not to be taken into account with regard to personal data protection, having been declared expressly to be inapplicable (see Section 1(2), letter b), of said decree). The consent, which must be documented in writing, is to be given freely and explicitly, and by differentiating between the different purposes and services/products on offer prior to sending out the relevant messages (Section 11 of the DPA).

4 The above requirements may not be evaded by sending an initial with advertising and/or promotional contents to request the recipient's consent, or else by only granting a recipient the right to opt out of the list of addressees in order to stop receiving similar messages. Conversely, the practice followed by some suppliers is appropriate and should be encouraged such practice consisting in preliminarily obtaining the recipients' valid consent and thereafter confirming receipt of said consent by sending a message only aimed at informing that advertising material will be subsequently transmitted. This practice if implemented properly also allows verifying the addresses corresponding to the entities that had given their consent as well as establishing whether the latter still applies. Breach of the rights recognised to users under the law makes it unlawful to process the data, which is prohibited directly by the law without any specific prohibitive injunction being necessary as issued either by the Garante or by judicial authorities, may carry administrative sanctions consisting in payment of a fine, in particular if no information notice is provided and/or the notification of processing operations is not submitted (see Sections 10, 34 and 39 of the Data Protection Act, and Section 12 of legislative decree no. 185/1999), entails payment of expenses and duties related to the proceeding instituted either upon lodging of a grounded complaint with the Garante or upon an action brought before a civil court, as well as compensation for any damage, including pecuniary damage, that is suffered on account of the unlawful conduct and can be proven by the data subject in connection with the inconvenience described above, also carries criminal punishments if the data are unlawfully processed with a view to gain for oneself or another or else to harm another, which entails the additional punishment of having the relevant judgment published in the press (Sections 35 and 38 of the Data Protection Act). 4. Advertising messages sent to own customers Further to transposition of Directive 2002/58/EC, it will actually be possible for certain companies to notify their customers of the existence of products and/or services that are similar to those that already form the subject of a contract for the sale of products and/or services to such customers. In these cases, the data controller company having informed customers appropriately in advance will be allowed to send advertising messages, however it will have to inform customers clearly and specifically both at the time of collecting the data and with each subsequent message that they have the right to object, freely and in a simple manner, to the use of their data for that purpose either from the start or at a later stage (see Article 13(2) of Directive 2002/58/EC). 5. Messages sent on behalf of third parties and purchase of data banks In some cases reported to the Garante, advertising messages had been sent on behalf of third parties by specialised companies using addresses contained in own data banks. Those companies can be regarded as either data controllers or joint data controllers, depending on their relationships with the respective contractors as well as on the mechanisms regulating use of the data in concrete; they are required to abide by the provisions concerning information and consent, also with regard to the communication of personal data to their contractors and the relevant purposes. Therefore, the resulting obligations and liability including criminal liability should be considered carefully by the individual operators also if the specialised company in charge of the mailing is established outside the European Union. 6. Data subjects' rights Regardless of the relationship between sender and recipient of a message, the entity holding the personal data must ensure that a data subject has the possibility at any time to exercise the rights recognised under the law which is often done in order to know the source of the data, or else to terminate their use, free of charge, for commercial and advertising purposes, or to have unlawfully processed data erased (see

5 Section 13(1), letter e), of the Data Protection Act). A standard form to exercise the above rights in an easy manner, free of charge and without specific formalities, also verbally and by using , can be found on the Garante's web site; proof of the applicant's identity is required (under Section 17(1) of Presidential Decree no. 501 of 31 March 1998). This form should be used in preference to others that can be found on the Internet, which are not fully valid because they refer to items that are not mentioned in Section 13 of the DPA e.g., they refer to certifications and/or authorisations that are not required under the law. The rights should be exercised on the basis of said model, to be sent directly to the data controller's/data processor's known address, whilst a complaint should be lodged with either the Garante or judicial authorities only at a later stage if necessary. Also with a view to allowing the aforementioned rights to be exercised, sending anonymous advertising messages without any identifiable sender should be considered to give rise to an unlawful data processing operation irrespective of the provisions laid down in decree no. 70/2003 on e-commerce which does not apply to personal data protection matters, as already pointed out as well as of the regulations yet to be laid down with regard to personal data in transposing Directive 2002/58/EC which does not allow sending advertising messages if the sender's identity is camouflaged or actually hidden, or if no valid address is made available for the recipient to request termination of communications. Therefore, the provisions in force already require that senders of any messages clearly specify where their messages originate as well as to whom and where the recipients can apply in order to exercise their rights (see Section 10(1), letter f), of Act no. 675/1996). To comply with the fairness requirement, the type of the message i.e. commercial advertisement should be also specified in the "subject" part of the (see Section 9(1), letter a) of Act no. 675/1996). 7. Lists of possible recipients Where lists are drawn up by operators to collect the names of recipients that either have not given or have withdrawn their consent, they may not be used to make it mandatory for data subjects even indirectly to be included into said lists. As mentioned above, consent is to be regarded as an "affirmative" authorisation, therefore failure by a data subject to respond to a request for consent entails denial of his/her consent and may not be equated to his/her tacit assent. In fact, it appears that some operators are planning to follow a different practice, which consists in drawing up also by means of web sites ad-hoc lists of individuals who have given their consent, such lists being grouped in accordance with the different categories of advertising and commercial messaging the individuals have consented to receive. This practice may be useful in organisational terms to ensure stricter compliance with the requests made by data subjects. In this regard, a useful arrangement might also consist in allowing data subjects to directly enter/erase their names into/from the different lists perhaps by means of an ad-hoc web page subject to their identification. 8. s from abroad Some messages do not fall under the scope of application of the Italian data protection Act, since they originate from abroad. However, this does not mean that no remedies or safeguards are available, since users may apply to the geographically competent national supervisory authorities if any to have an assessment carried out. In other cases e.g. with regard to the legal framework in force in federal States ing advertising messages may be unlawful under the legislation of certain States of the federation; therefore, users may request the competent public authorities of such States to consider whether the unlawful conduct at stake is to be prosecuted.

6 Finally, account should be taken of the fact that some unsolicited messages can be used for the commission of ordinary offences e.g. cheating, which must be considered to have been committed in the Italian territory if the underlying activity has taken place abroad, but the resulting offence has occurred in Italy. This Authority hereby reserves the right to consider the status of the individual service providers whose processing operations have been the subject of specific reports, also in the light of such additional documents as may be received. In this regard, not only will the relevant case files be transmitted - if necessary - to the judicial authorities that are competent over criminal matters, but the following steps will be also taken via individual decisions based on the assessment of the individual complaints and reports, namely a) charges will be brought for breach of administrative requirements concerning the information notice as per Section 10 of the Data Protection Act, and b) proceedings will be instituted to apply the additional administrative sanctions laid down in legislative decree no. 185/1999. BASED ON THE ABOVE PREMISES, THE GARANTE 1. pursuant to Section 31(1), letter l), of Act no. 675/1996, hereby prohibits the entities referred to in the complaints and reports lodged with this Authority from unlawfully processing further any personal data in breach of the aforementioned provisions in order to send advertising materials and/or for direct selling purposes, or else to perform market surveys or interactive commercial communications, 2. pursuant to Section 31(1), letter c), of Act no. 675/1996, draws the attention of the data controllers referred to in the relevant case files to the need for bringing the processing of personal data into line with the principles mentioned in this decision. Done in Rome, the 29 th day of May 2003 THE CHAIRMAN Rodotà THE RAPPORTEUR Paissan THE SECRETARY GENERAL Buttarelli

What Is A "Personal Data"?

What Is A Personal Data? What Is A "Personal Data"? A personal data is a piece of information that identifies or allows identifying a natural person and provides details about that person's features, habits, lifestyle, personal

More information

Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 THE ITALIAN DATA PROTECTION AUTHORITY

Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 THE ITALIAN DATA PROTECTION AUTHORITY [versione italiana] Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 THE ITALIAN DATA PROTECTION AUTHORITY Having convened today, in the presence of Mr.

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 11601/EN WP 90 Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC Adopted on 27 February 2004 This Working

More information

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters 15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Principle 1 (Protection of rights and freedoms) 1. Personal data must

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA)

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) How this Data Processing Addendum (DPA) works: On October 6 2015, the European Court of Justice declared the Safe Harbor framework

More information

Act CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure

Act CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure Act CLXV of 2013 on Complaints and Public Interest Disclosures The National Assembly, committed to increasing public confidence in the functioning of public bodies, recognising the importance of complaints

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V.

GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. 2 BDO Accountants & Belastingadviseurs B.V. also acts under

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM DATA PROCESSING ADDENDUM Last Revised: November 14, 2016 This Data Processing Addendum ( Addendum ) forms part of the master services agreement or terms of use, as applicable (the Agreement ), entered

More information

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001

More information

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 You should read this guide if you. advertise goods or services online (i.e. via the Internet, interactive television or mobile telephone) sell goods or services

More information

Timely Additional Terms for Data Processing

Timely Additional Terms for Data Processing Timely Additional Terms for Data Processing (In Compliance with the Standard Contractual Clauses) These Additional Terms for Data Processing (the Processing Terms ) are entered into as of the day of, 2016,

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) forms part of the master agreement between Customer and CA (the Agreement ) to reflect the parties agreement with regard to the Processing

More information

LAW no.506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector 1

LAW no.506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector 1 LAW no.506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector 1 Article 1 General provisions (1) This Law establishes the specific conditions

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

The new processor clauses are available here.

The new processor clauses are available here. This document is a comparison of the new Controller Processor Model Clauses (Decision (2010/87/EU)) and the old Controller Processor Model Clauses (Decision (2002/16/EC)). The new processor clauses are

More information

* * * Document created on12 February 2013 This translation is for information purposes only 1/12

* * * Document created on12 February 2013 This translation is for information purposes only 1/12 AMF position recommandation 2013-04 AMF guidelines on the concept of third party introducer with regard to the fight against money laundering and terrorist financing Background regulations: Articles L.561-7

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

SUBSIDIARY LEGISLATION PROCESSING OF PERSONAL DATA (ELECTRONIC COMMUNICATIONS SECTOR) REGULATIONS

SUBSIDIARY LEGISLATION PROCESSING OF PERSONAL DATA (ELECTRONIC COMMUNICATIONS SECTOR) REGULATIONS [S.L.440.01 1 SUBSIDIARY LEGISLATION 440.01 REGULATIONS 15th July, 2003 LEGAL NOTICE 16 of 2003, as amended by Legal Notices 153 of 2003, 522 of 2004, 109 of 2005, 426 of 2007, 198 of 2008, 239 of 2011

More information

By Directors, Officers and Employees of Hellaby Holdings Limited and its Subsidiaries ( The Company )

By Directors, Officers and Employees of Hellaby Holdings Limited and its Subsidiaries ( The Company ) Code of Conduct for Securities Trading ( Code ) By Directors, Officers and Employees of Hellaby Holdings Limited and its Subsidiaries ( The Company ) Approved by the Board: 10 May 2013 1. Introduction

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001

More information

on the transfer of personal data from the European Union

on the transfer of personal data from the European Union on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

DATA PROTECTION LAWS OF THE WORLD. UAE - General

DATA PROTECTION LAWS OF THE WORLD. UAE - General DATA PROTECTION LAWS OF THE WORLD UAE - General Date of Download: 10 January 2017 UAE - GENERAL Last modified 21 March 2016 LAW IN UAE - GENERAL Note: Please also see 'UAE Dubai (DIFC)'. In December 2015

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

PAYMENT SERVICES AND SYSTEMS ACT (ZPlaSS) CHAPTER 1 GENERAL PROVISIONS SUBCHAPTER 1 CONTENT OF THE ACT. Article 1. (scope)

PAYMENT SERVICES AND SYSTEMS ACT (ZPlaSS) CHAPTER 1 GENERAL PROVISIONS SUBCHAPTER 1 CONTENT OF THE ACT. Article 1. (scope) Legal notice All effort has been made to ensure the accuracy of this translation, which is based on the original Slovenian text. All translations of this kind may, nevertheless, be subject to a certain

More information

Broadband Acceptable Use Policy

Broadband Acceptable Use Policy Broadband Acceptable Use Policy Contents General... 3 Your Responsibilities... 3 Use of Email with particular regards to SPAM... 4 Bulk Email... 5 Denial of Service... 5 Administration of Policy... 6 2

More information

Binding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group

Binding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

ARTICLE 29 - DATA PROTECTION WORKING PARTY

ARTICLE 29 - DATA PROTECTION WORKING PARTY ARTICLE 29 - DATA PROTECTION WORKING PARTY 11639/02/EN WP 74 Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 The general good provisions have been listed in compliance with the conditions envisaged by the

More information

4. LIMITATION OF LIABILITY

4. LIMITATION OF LIABILITY LEGAL NOTICE Terms and conditions of use The website icem.it ( Website ) is the exclusive property of ICEM srl, with headquarters in Via Corriera, 40 48010 Barbiano di Cotignola (RA) Italy (hereinafter

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Article 1: Subject. Article 2: Orders - Order Confirmation

Article 1: Subject. Article 2: Orders - Order Confirmation GENERAL CONDITIONS OF PURCHASE Article 1: Subject 1.1 The following general conditions of purchase (the "General Conditions") establish the contractual conditions governing the purchase of raw materials,

More information

any Service that involves gambling, betting, adult, sex or over 18 services or information;

any Service that involves gambling, betting, adult, sex or over 18 services or information; emobile Bulk Text Services Terms and Conditions of Use These terms and conditions apply to the supply of the emobile Bulk Text service (the "Service") and are in addition to and form part of the emobile

More information

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of. Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April

More information

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES Pursuant to article 78 and 83, paragraph 1 of the Constitution, upon the proposal of the Council of Ministers, THE ASSEMBLY OF THE REPUBLIC

More information

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG

More information

International Data Transfer Agreement

International Data Transfer Agreement International Data Transfer Agreement Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third

More information

SECURITY TRADING POLICY Approved 24 December 2010

SECURITY TRADING POLICY Approved 24 December 2010 1. Introduction and Policy Statement ATTICUS RESOURCES LIMITED ABN 34 124 782 038 SECURITY TRADING POLICY Approved 24 December 2010 The ordinary shares of ( Atticus ) are listed on ASX. Atticus aims to

More information

The Romanian Parliament adopts the present law. Chapter I: General Provisions

The Romanian Parliament adopts the present law. Chapter I: General Provisions Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.

More information

Part 1. Scope and definitions of this Act

Part 1. Scope and definitions of this Act Consolidated Insurance Mediation Act 1 Act no. 401 of 25 April 2007 Consolidated Act no. 401 of 25 April 2007 This is an Act to consolidate the Insurance Meditation Act, cf. Consolidated Act no. 817 of

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

CISCO MERAKI EU DATA PROCESSING ADDENDUM

CISCO MERAKI EU DATA PROCESSING ADDENDUM Meraki LLC 500 Terry Francois Blvd. San Francisco, CA 94158 T 415.432.1000 CISCO MERAKI EU DATA PROCESSING ADDENDUM This EU Data Processing Addendum ( DPA ) forms part of the End Customer Agreement (the

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

"Direct marketing" is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals.

Direct marketing is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals. Direct Marketing Most direct marketing activities must comply with the requirements of the Data Protection Act 2002 (DPA) and, where that direct marketing is communicated by electronic mail, telephone

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

Data Protection Standard

Data Protection Standard Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2

More information

(Informal Translation) Chapter One. General Provisions. 1- The deposit of securities with the Company or with any licensed entity;

(Informal Translation) Chapter One. General Provisions. 1- The deposit of securities with the Company or with any licensed entity; CAPITAL MARKET AUTHORITY (Informal Translation) Central Securities Depository and Registry Law No. 93 of 2000 Chapter One General Provisions Article 1 In this Law, the Company means a company licensed

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

OLAF: Decision on Measures to Combat Fraud

OLAF: Decision on Measures to Combat Fraud EUROPEAN INVESTMENT FUND OLAF: Decision on Measures to Combat Fraud Copyright 2004 European Investment Fund Page 1 of 6 1. Legal background to the proposal The European Anti-Fraud Office ( OLAF or the

More information

.eu Domain Name Registration. Terms and Conditions

.eu Domain Name Registration. Terms and Conditions .eu Domain Name Registration Terms and Conditions 1/15 TABLE OF CONTENTS Table of Contents... 2 Definitions...... 3 Object and Scope... 5 Section 1. Eligibility Requirements... 5 Section 2. First Come,

More information

THE MACAO SPECIAL ADMINISTRATIVE REGION. Act 8/2005. Personal Data Protection Act

THE MACAO SPECIAL ADMINISTRATIVE REGION. Act 8/2005. Personal Data Protection Act THE MACAO SPECIAL ADMINISTRATIVE REGION Act 8/2005 Personal Data Protection Act Under Article 71 (1) of the Basic Law of the Macao Special Administrative Region, the Legislative Council hereby decrees

More information

Consolidated Insurance Mediation Act 1

Consolidated Insurance Mediation Act 1 Consolidated Insurance Mediation Act 1 Act no. 930 of 18 September 2008 This is an Act to consolidate the Insurance Meditation Act, cf. Consolidated Act no. 401 of 25 April 2007, as amended by section

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

1 The processing of personal data by registrars. The processing of personal. registrars

1 The processing of personal data by registrars. The processing of personal. registrars 1 The processing of personal data by registrars The processing of personal data by registrars 1 The processing of personal data by registrars Introduction DNS.be registrars collect and process personal

More information

Council of the European Union Brussels, 26 June 2015 (OR. en)

Council of the European Union Brussels, 26 June 2015 (OR. en) Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

FORM TO REQUEST THE UPDATE OF THE SUBSCRIPTION APPLICATION FOR THE REGISTRO PUBBLICO DELLE OPPOSIZIONI, SUBMITTED BY THE OPERATORS (NATURAL PERSONS)

FORM TO REQUEST THE UPDATE OF THE SUBSCRIPTION APPLICATION FOR THE REGISTRO PUBBLICO DELLE OPPOSIZIONI, SUBMITTED BY THE OPERATORS (NATURAL PERSONS) FORM TO REQUEST THE UPDATE OF THE SUBSCRIPTION APPLICATION FOR THE REGISTRO PUBBLICO DELLE OPPOSIZIONI, SUBMITTED BY THE OPERATORS (NATURAL PERSONS) PERSONAL DETAILS (as per art. 5, par. 1, letter a),

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,

More information

CODE OF ETHICS. Code: CRM-CET Approval Date: 11 aprile 2014 Issued by: Board of Directors Rev: 01. Page: 1 di 16. Previous version: n.

CODE OF ETHICS. Code: CRM-CET Approval Date: 11 aprile 2014 Issued by: Board of Directors Rev: 01. Page: 1 di 16. Previous version: n. Page: 1 di 16 CODE OF ETHICS Previous version: n. 00 Issued and approved: Board of Directors of DSN Date: 29 Maggio 2008 Page: 2 di 16 INTRODUCTION d'amico Società di Navigazione S.p.A. (hereinafter the

More information

Ecommerce Applications 2009/10. E-Commerce Applications UK e-commerce Regulations

Ecommerce Applications 2009/10. E-Commerce Applications UK e-commerce Regulations E-Commerce Applications UK e-commerce Regulations Overview Regulation provisions Who does it affect Court jurisdiction Information requirements Electronic communications Electronic contracting What is

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

No. 44/2006 PART I GENERAL PROVISIONS AND AUTHORITY ENFORCEMENT

No. 44/2006 PART I GENERAL PROVISIONS AND AUTHORITY ENFORCEMENT Ministry of Social Affairs and Health Unofficial translation No. 44/2006 Act on Occupational Safety and Health Enforcement and Cooperation on Occupational Safety and Health at Workplaces (as amended by

More information

DECISION PROMULGATING THE PAYMENT SYSTEM ACT

DECISION PROMULGATING THE PAYMENT SYSTEM ACT THE CROATIAN PARLIAMENT 3247 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the DECISION PROMULGATING THE PAYMENT SYSTEM ACT I hereby promulgate the Payment System

More information

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224 COUGAR WIRELESS ACCEPTABLE USE POLICY I. INTRODUCTION Cougar Wireless and its various affiliates and subsidiaries (collectively we, us, our ) are committed to being responsible network citizens. To assist

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

AMP Limited Trading Policy

AMP Limited Trading Policy AMP Limited Trading Policy Approved by the AMP Limited Board on 28 March 2012 AMP Limited ABN 49 079 354 519 Contents 1. Trading Policy... 3 1.1 Guiding principles... 3 1.2 General trading restrictions

More information

Binding Corporate Rules for Processing Customer Personal Data (Processor) June 2015

Binding Corporate Rules for Processing Customer Personal Data (Processor) June 2015 Binding Corporate Rules for Processing Customer Personal Data (Processor) June 2015 Binding Corporate Rules for Processing Customer Personal Data (Processor) Introduction These BCRs define the standards

More information

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement ANNEX 1 DATA PROCESSING AGREEMENT RELATING TO THE AGREEMENT DIGITAL TESTING SYSTEM BETWEEN

More information

PERSONAL DATA PROTECTION CODE. Legislative Decree no. 196 dated 30 June 2003

PERSONAL DATA PROTECTION CODE. Legislative Decree no. 196 dated 30 June 2003 1 PERSONAL DATA PROTECTION CODE Legislative Decree no. 196 dated 30 June 2003 2 PART 1 GENERAL PROVISIONS... 13 TITLE I GENERAL PRINCIPLES...14 Section 1...14 (Right to the Protection of Personal Data)...14

More information

Surveying with CustomerGauge - Legal Considerations:

Surveying with CustomerGauge - Legal Considerations: Resource Sheet Surveying with CustomerGauge - Legal Considerations: Adam Dorrell Please Note this is not a legal document, and should be used for guidance only. You are advised to seek legal advice before

More information

LAW ON WHISTLEBLOWER PROTECTION IN THE INSTITUTIONS OF BOSNIA-HERZEGOVINA. Article 1 (Subject)

LAW ON WHISTLEBLOWER PROTECTION IN THE INSTITUTIONS OF BOSNIA-HERZEGOVINA. Article 1 (Subject) LAW ON WHISTLEBLOWER PROTECTION IN THE INSTITUTIONS OF BOSNIA-HERZEGOVINA Part one general provisions Article 1 (Subject) The Law on protection of whistleblowers in the Institutions of Bosnia and Herzegovina

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

I. EBF KEY PRIORITIES. A. Data breach notification

I. EBF KEY PRIORITIES. A. Data breach notification D1391E-2012 29.10.2012 EUROPEAN BANKING FEDERATION PROPOSED AMENDMENTS TO THE EUROPEAN COMMISSION PROPOSAL FOR A REGULATION ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA

More information

COMPUTER USAGE - EMAIL

COMPUTER USAGE - EMAIL BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 COUNCIL OF THE EUROPEAN UNION Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 NOTE from: Commission services to: JHA Counsellors No. prev. doc.: 17480/10 JAI 1049 USA 127

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Terms and Conditions for Online Services of BOC Credit Card (International) Limited

Terms and Conditions for Online Services of BOC Credit Card (International) Limited Terms and Conditions for Online Services of BOC Credit Card (International) Limited Online Services of BOC Credit Card (International) Limited ("BOCCC") are provided to you by Bank of China (Hong Kong)

More information

Regulatory Policy. Unsolicited Electronic Communications

Regulatory Policy. Unsolicited Electronic Communications Regulatory Policy Unsolicited Electronic Communications Version: 1.0 Issue Date: 30 December 2009 Copyright 2009 Telecommunications Regulatory Authority (TRA). All rights reserved. P O Box 26662, Abu Dhabi,

More information

Data Protection A Guide for Users

Data Protection A Guide for Users Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection

More information

If you are unclear about the implications of Auto Enrolment you will find our Guide to Auto Enrolment a good starting point.

If you are unclear about the implications of Auto Enrolment you will find our Guide to Auto Enrolment a good starting point. The Pay Check Auto Enrolment Service A service designed for Pay Check clients who are looking for a first class pension solution that is simple to administer, cost effective and guarantees full compliance

More information