Data protection issues on an EU outsourcing

Size: px
Start display at page:

Download "Data protection issues on an EU outsourcing"

Transcription

1 Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe Outsourcing can mean subcontracting a process to a third-party company in the interest of lowering firm costs, focusing on the core competencies of a particular business, or making more efficient use of labour, capital, technology and resources. It can involve the transfer of the management and day-to-day operation of an entire business function to an external service provider, with the resulting need for a large data exchange. flows of personal data are necessary to the expansion of international trade. In the EU, the economic and social integration that has taken place as a result of the establishment of the internal market has led to an increase in cross-border flows of personal data between those involved in a private, or public, capacity in economic and social activity in the member states. Directive 95/46/EC on data protection (Directive) aims to protect the rights and freedoms of individuals in the processing of their personal data, while ensuring the free movement of such data between member states. Applicable EC law provides that the data controller is responsible for the acts and omissions of the data processor, and so it is advisable that the data controller instructs and selects its data processor only after a thorough assessment of the candidates. This is important even if the parties have agreed by contract to allocate their responsibilities so that, for example, all liabilities are transferred to the supplier. While such clauses can be effective between contracting parties, they are not in relation to the data subject, who remains a third party with respect to the contractual relationship. There are three different legal relationships that arise regarding the treatment of personal data in a contract for outsourcing services: Contractual (and/or in tort, depending on the jurisdiction), between the data subject and the data controller. Contractual, between the data controller and the data processor. The transfer of personal data beyond the EU (third countries) is also on the rise (see box, Outsourcing trends). The Directive allows such transfers to third countries that ensure an adequate level of data protection. Transfers to countries not considered to provide an adequate level of protection are allowed as long as the inadequacies are contractually remedied. Against this background, this chapter examines: The role of the data controller and data processor in the processing of data in the EU. Some general pre-contractual issues to be considered when negotiating an outsourcing services agreement in the EU. The contract drafting and implementation issues that need to be addressed to ensure that an agreement complies with EC data protection and privacy (DP&P) law. National law governing the transfer of personal data in three EU member states (France, Italy and the UK) as well as specific contractual considerations that arise in these jurisdictions. The data controller and data processor On a data processing, the data controller determines the purpose and manner in which any personal data is to be processed, while the data processor processes the personal data on behalf of the data controller. On an outsourcing, the customer is and remains the data controller while the supplier takes the role of the data processor. In tort, between the data subject and the data processor. In any case, the data controller remains liable for the non-compliance of the data processor with applicable law, because the latter acts on behalf of the former. While the agreement between the supplier and the customer cannot affect their responsibilities to the data subject, for clarity, a proper allocation of duties among the parties is important. For example, it may be useful to set out which party must prepare the privacy information letter to the data subject in compliance with DP&P law (information letter), or which party must acquire the data subject s consent to the processing. This will help to determine which party bears any penalties imposed in the case of breach of the law. A thorough risk assessment of DP&P issues at the pre-contractual stage will help the parties to allocate their rights and duties appropriately. Once a contract is in place, the parties should periodically review their arrangement, to: Assess the level of compliance with DP&P law. Identify appropriate action to remedy any non-compliance. Amend the outsourcing agreement accordingly whenever appropriate (note that this must be in writing, as by law a written agreement is required to appoint a data processor). CROSS-BORDER HANDBOOKS 23 This chapter was first published in the Outsourcing Handbook 2007/08 and is reproduced with the permission of the publisher, Practical Law Company.

2 Outsourcing 2007/08 Pre-contractual negotiations During the pre-contractual phase, the customer should assess the DP&P risks involved in the proposed outsourcing and determine whether the potential supplier could adequately manage these risks. The risk assessment should take into account: The kind of data to be processed. The method and frequency of the transfer. Whether electronic or automated means of processing will be used. Whether the supplier will be assigned the responsibility of serving the information letter on the data subject. Based on the above risk assessment, the customer should make a first selection of potential suppliers, create a shortlist and, eventually, start negotiations with the best candidates. During the negotiations the customer should carry out (even if informally) a due diligence exercise on the above issues. This should be completed before the drafting of the contract so that appropriate contractual terms can be drafted to suit the circumstances. The potential suppliers should ensure that they can guarantee adequate policies and procedures to process data. Those policies and procedures must be stricter when the data to be transferred and/or shared is more sensitive or its transfer is frequent or material. outsourcing trends Outsourcing continues to increase rapidly: the trend from 2003 to 2008 shows an increase by 40% in value. The most interesting growth is occurring in the information technology sector (IT operations, databases, services and infrastructure, e-business processing, call centres and related business processes). Faster electronic communication capabilities mean significant flows of financial and personal data (for example, name, address, dependents and age) including sensitive personal data (such as health insurance data and lifestyle data relating to investment requirements). Outsourcing services offered by foreign companies continue to expand, particularly by companies resident in non-eu jurisdictions. Some of these jurisdictions meet the EC adequacy requirements (for example, Argentina, Canada and Guernsey), while others, which are probably the most interesting from an outsourcing perspective, are not currently considered to have adequate legislative frameworks (for instance, Australia and India). Some of the latter, including Australia and India, have announced their intention to move towards the standards set by the data protection and privacy-related EC directives, to attract customers. Another interesting trend is the globalisation of back office support services including administrative, accounting and financial services. This involves multiple centres spread across different continents and time zones where they have offices, subsidiary companies and third party processing arrangements, and resulting significant personal data flows. Ensuring compliance with the law: contract drafting and implementation issues When drafting an outsourcing services agreement it is important to bear in mind the following duties: Duty of confidentiality of processing. Under the Directive, a data processor must not process data except on instructions from the data controller, unless he is required to do so by law. Duty of security of processing. The data controller must protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access (in particular, where the processing involves the transmission of data over a network) and against all other forms of processing that are unlawful or inconsistent with the purposes for which the data has been collected. To ensure compliance with these duties, the parties to an outsourcing agreement should: Accurately measure the risks involved in data processing. Specify the scope and purpose of the service to be provided in the agreement. Adopt and implement adequate DP&P policies setting out measures and procedures for processing. DP&P policies help set the parameters of the data processor s duties, as well as the risks involved and the relative compliance costs to be borne. The policies adopted must ensure a level of security appropriate to the risks presented by both the processing and the nature of the data to be protected (for example, personal or sensitive data). Technical and organisational measures must remain fully effective during the life of the outsourcing agreement. Once the agreement is underway, the customer should periodically inspect the supplier s facilities where data is processed. The issues that the customer should consider when undertaking such an inspection include whether: The data is being processed legally. The procedures to ensure safekeeping of records are being followed. The procedures to keep certain records in restricted-access filing systems are being followed. Minimum security measures are being met. Generally, the greater access the customer has to inspect, monitor and control the supplier s DP&P policies, the better able it is to assess its own compliance with the law as a data controller. (See also box, Outsourcing services agreements: contractual clauses.) 24 CROSS-BORDER HANDBOOKS This chapter was first published in the Outsourcing Handbook 2007/08 and is reproduced with the permission of the publisher, Practical Law Company.

3 Outsourcing services agreements: contractual clauses To ensure compliance with data processing duties, an outsourcing services agreement in the EU typically includes provisions regarding: The designation of the supplier as data processor. Usually the instructions to the data processor are detailed in writing, and set out the purpose and means of processing. Indemnity. The supplier should indemnify the customer for any loss, damage or claim arising as a result of the supplier s failure to meet its data processing obligations. Examples of such failure by the supplier may be: non-compliance with the instructions of the customer; The level and/or skills of the personnel involved in data processing. The customer can require that the personnel who will be undertaking the data processing have specific skills. A mechanism to veto substitution of personnel. If an agreement states that a specific person (or personnel) is to be data processor, the agreement should provide the customer a right to veto the substitution of that person (or personnel). The supplier s duty to disclose its data protection and privacy (DP&P) policies. This helps the customer ensure that the supplier is complying with the requirements of the applicable law for the type of processing that is taking place. Right of access to the supplier s premises. This right of access is useful as it helps the customer determine the extent to which the supplier s DP&P policies have been implemented. processing the data for a purpose other than the one for which it has been instructed; or contrary to the data subject s consent, communicating the data to third parties. Termination. It is advisable to provide for the termination of the agreement and/or insert a penalty clause for breach of DP&P duties, to deter any unlawful conduct. Additional measures. It is advisable to insert some provisions that can have a positive effect on day-to-day operations. For instance, it may be useful to stipulate in the contract that the customer s databases at the supplier s premises be segregated. This may, for instance, make inspections by the customer easier to perform and allow quicker and better responses to enquiries by data subjects. Obligation of the supplier to co-operate with the customer in any claims against it. The customer, as data controller, always remains liable for any breach of the DP&P law by the supplier as data processor. This clause should stipulate that the supplier will inform the customer of any breach of the law, and co-operate with the customer s defence. The outsourcing services agreement should be able to be amended easily to account for any changes to DP&P law that may require modification of the supplier s instructions and policies or the kind of data that is to be processed. Other additional measures may be required, depending on the type of processing to be performed and the specific needs of the parties. National law issues: France Parties to an outsourcing contract must comply with the provisions of Act no of 6 August 2004, amending Act no of 6 January 1978 on Data Processing, Data Files and Individual Liberties, which implements the Directive. The customer always remains the data controller as it created the file containing the personal data, uses it and decides on its content and end purpose. Before any outsourcing, the customer must notify the French Data Protection Authority (Commission nationale informatique et libertés) (CNIL) that data processing is to be carried out by an external service provider. If the outsourcing is organised after the creation of the data file, the customer must notify the CNIL before any outsourcing of that file (it is advisable to include this obligation to notify as a contractual clause). The customer must ensure that the supplier is aware of the fact that it is processing legally protected data on behalf of the data controller. Under French law, the outsourcing contract must contain a number of fundamental clauses: The supplier must undertake to comply with the law regarding data protection, particularly regarding security of processing and the purpose of the data usage. The supplier must undertake to ensure the confidentiality of the file entrusted to it. Note that failure to comply with the provisions of data protection law relating to the security and/or confidentiality of personal data may involve the criminal liability of the customer as well as of the supplier. As a result, it is advisable to include the following clause in the agreement: the supplier undertakes to apply, and cause to be applied, professional secrecy relating to the data, in particular nominative data, that the customer, itself bound by professional secrecy, may communicate to it for the purpose of its assignment. The contract must stipulate the main conditions under which the services will be provided, in particular the price for each service, time limits, guarantees and responsibilities. If the supplier provides services that could give rise to copyright or data producer rights over the database or software used for the processing of the files or data, an assignment clause should be drafted if the customer wants to continue to use that software or database, either itself or with another service provider. French law does not prevent transfers of personal data to third countries. CROSS-BORDER HANDBOOKS 25 This chapter was first published in the Outsourcing Handbook 2007/08 and is reproduced with the permission of the publisher, Practical Law Company.

4 Outsourcing 2007/08 An outsourcing agreement with a supplier in a third country that ensures an adequate level of protection is not subject to the CNIL s prior authorisation. The customer must only notify the CNIL of its intentions to outsource before this occurs (see above). If the outsourcing agreement is to be concluded with a supplier in a third country that does not ensure an adequate level of protection, the customer can only transfer the personal data if one of the following conditions is fulfilled: The data subject has expressly consented to the transfer. The transfer is necessary to comply with the law (Article 68, Act no of 6 January 1978). On 15 November 2007, the privacy authority turned its attention to inbound call centres, in particular those providing customer care, support and after sale assistance. It issued a recommendation emphasising the importance of compliance with the rules of the Data Protection Code, and explaining in more detail and in practical terms how to better implement its principles. This followed other recommendations, guidelines and instructions directed at different industries (for example, banks, private and public employers, small- and medium-sized enterprises, recruitment companies and head hunters). When personal data is to be transferred to third countries, rules similar to those in France apply (see above, National law issues: France). They set out the instances when personal data can be transferred; the following are of most relevance to outsourcing: The CNIL grants prior authorisation. The CNIL grants prior authorisation if the processing will sufficiently protect individuals privacy, liberties and fundamental rights. The CNIL usually determines this level of protection by assessing the contractual clauses. Note that the European Commission has developed model contractual clauses on the protection of data subjects. It is advisable to include one of these clauses in the contract. National law issues: Italy The Directive was first implemented in Italy in 1996, by Act 675/96. The law was reformed in 2003, when the Data Protection Code (Codice in materia di protezione dei dati personali) came into force, which also implemented Directive 2002/58/EC on the protection of privacy in the electronic communications sector. There is no regulation that specifically covers data protection in the context of outsourcing, although the Italian privacy authority (Garante per la Privacy) has issued recommendations for suppliers working on telecommunications networks, that is, outbound and inbound call centres. On 30 May 2007, the privacy authority issued a recommendation to call centres active in marketing campaigns and operations, that is, outbound call centres. The recommendation reminded call centres to: Stop using data collected for purposes beyond the scope of that which the data subject has consented to. Send data subjects information letters, as required by law. Obtain data subjects consent for the use of their details for marketing purposes and to clean old databases still in use. Stop using data where such consent is absent, or has been revoked. If the data subject has given his express consent (where the transfer concerns sensitive written data). If the transfer is necessary for the performance of obligations resulting from a contract to which the data subject is party or for performance of a contract concluded in the data subject s interest. If the processing concerns data relating to legal persons, bodies or associations. If the jurisdiction to which the data is to be transferred has been deemed to guarantee an adequate level of protection. If the parties have inserted the European Commission s model privacy clauses in the contract on the protection of data subjects (see above, National law issues: France). In the case of a transfer to a US company, if such a company complies with the safe harbour requirements as set by the US Department of Commerce. (These requirements were set after negotiation with the EC privacy authorities.) National law issues: UK The Data Protection Act 1998 (DPA) implements the Directive. The UK data protection authority, the Information Commissioner s Office, has issued good practice guidance on outsourcing and data protection. Where the data controller outsources the processing of personal information to a third party, it remains responsible for that processing and is ultimately liable for any breaches of the DPA by the data processor. The data controller must put in place appropriate technical and organisational measures to ensure protection of the personal information it processes, regardless of whether it is processing such information itself or arranging for a third party to do so. The data controller should consider the: Sort of information it possesses. Periodically check their compliance, as data processors, with the DP&P rules. The terms and conditions of the outsourcing agreement must ensure that the above duties are fulfilled. Potential for harm that may result from its misuse. Technology available to process the information. Associated costs of ensuring an appropriate level of security. 26 CROSS-BORDER HANDBOOKS This chapter was first published in the Outsourcing Handbook 2007/08 and is reproduced with the permission of the publisher, Practical Law Company.

5 To appoint a data processor, the data controller must first enter into a written contract with the third party that is to be responsible for the processing of the information. To fulfil the requirements of the DPA, the contract must: Ensure that the data processor only uses and discloses the personal information in line with the data controller s instructions. Require the data processor to take appropriate security measures to protect that information. Where the processing of personal information is to be transferred to a third party based outside the European Economic Area, the DPA requires that there be an adequate level of protection in place. This can be ensured by following the good practice recommendations, which are: Select a reputable organisation offering suitable guarantees about its ability to ensure the security of personal data. Make sure the contract with the data processor is enforceable. Make sure the data processor has appropriate security measures in place. Make sure that the data processor appropriately checks on its staff. Audit the data processor regularly to ensure it is fulfilling its commitments. Require the data processor to report security breaches or other problems. Have procedures in place to deal with security breaches. The parties can also use the model contract clauses approved by the European Commission for transfers to third party organisations acting on the data controller s behalf. CROSS-BORDER HANDBOOKS 27 This chapter was first published in the Outsourcing Handbook 2007/08 and is reproduced with the permission of the publisher, Practical Law Company.

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM DATA PROCESSING ADDENDUM Last Revised: November 14, 2016 This Data Processing Addendum ( Addendum ) forms part of the master services agreement or terms of use, as applicable (the Agreement ), entered

More information

DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) forms part of the master agreement between Customer and CA (the Agreement ) to reflect the parties agreement with regard to the Processing

More information

APPENDIX 5 TEMPLATE DATA PROCESSING AGREEMENT. Data Processing Agreement

APPENDIX 5 TEMPLATE DATA PROCESSING AGREEMENT. Data Processing Agreement APPENDIX 5 TEMPLATE DATA PROCESSING AGREEMENT Data Processing Agreement Dated: Parties: (1) The Guide Association, a registered charity (number 306016) incorporated by Royal Charter whose offices are at

More information

Standard conditions of purchase

Standard conditions of purchase Standard conditions of purchase 1 OFFER AND ACCEPTANCE 2 PROPERTY, RISK & DELIVERY 3 PRICES & RATES The Supplier shall provide all Goods and Services in accordance with the terms and conditions set out

More information

CISCO MERAKI EU DATA PROCESSING ADDENDUM

CISCO MERAKI EU DATA PROCESSING ADDENDUM Meraki LLC 500 Terry Francois Blvd. San Francisco, CA 94158 T 415.432.1000 CISCO MERAKI EU DATA PROCESSING ADDENDUM This EU Data Processing Addendum ( DPA ) forms part of the End Customer Agreement (the

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA)

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) How this Data Processing Addendum (DPA) works: On October 6 2015, the European Court of Justice declared the Safe Harbor framework

More information

The new processor clauses are available here.

The new processor clauses are available here. This document is a comparison of the new Controller Processor Model Clauses (Decision (2010/87/EU)) and the old Controller Processor Model Clauses (Decision (2002/16/EC)). The new processor clauses are

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement ANNEX 1 DATA PROCESSING AGREEMENT RELATING TO THE AGREEMENT DIGITAL TESTING SYSTEM BETWEEN

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

International Data Transfer Agreement

International Data Transfer Agreement International Data Transfer Agreement Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third

More information

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

Timely Additional Terms for Data Processing

Timely Additional Terms for Data Processing Timely Additional Terms for Data Processing (In Compliance with the Standard Contractual Clauses) These Additional Terms for Data Processing (the Processing Terms ) are entered into as of the day of, 2016,

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,

More information

Data Processing and Sharing Requirements Schedule

Data Processing and Sharing Requirements Schedule 1. Definitions 1.1 In this Schedule, unless the context otherwise requires, the following words and expressions have the following meanings: the Act the Data Protection Act 1998 (as amended); Agreement

More information

THE PUBLIC RELATIONS CONSULTANTS ASSOCIATION. Find A PR agency Terms and Conditions for Clients

THE PUBLIC RELATIONS CONSULTANTS ASSOCIATION. Find A PR agency Terms and Conditions for Clients THE PUBLIC RELATIONS CONSULTANTS ASSOCIATION Find A PR agency Terms and Conditions for Clients 1 Introduction 1.1 Find A PR agency is the PRCA s impartial search and referral service for organisations

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Pensions. Data protection and pensions. Briefing. Application Data Controller v Data Processor

Pensions. Data protection and pensions. Briefing. Application Data Controller v Data Processor Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Pensions Data protection and pensions Briefing January 2016 Trustees

More information

Training Contract Standard Terms and Conditions

Training Contract Standard Terms and Conditions Training Contract Standard Terms and Conditions 1. Consultant Training 2. Fee The Principal engages the Consultant as an independent consultant to provide the Training to the Principal on the terms and

More information

Youth Justice Board Purchase Order Form General Terms and Conditions

Youth Justice Board Purchase Order Form General Terms and Conditions Youth Justice Board Purchase Order Form General Terms and Conditions 1. Interpretation 1.1 In this Contract:- a) Authority means the Youth Justice Board for England and Wales acting through the authorized

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

Firm Registration Form

Firm Registration Form Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.

More information

(INDIVIDUALS ONLY) IndContPkge Version: 1.7 Updated: 18 Jul. 03

(INDIVIDUALS ONLY) IndContPkge Version: 1.7 Updated: 18 Jul. 03 INDEPENDENT CONTRACTOR PACKAGE (INDIVIDUALS ONLY) IndContPkge Version: 1.7 Updated: 18 Jul. 03 Contents Preface 2 Checklist 3 Helpful Hints 4 Frequently Asked Questions 5 Agreement with an Independent

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C. Mexico Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López Market overview 1 What kinds of outsourcing take place in your jurisdiction? In Mexico, a subcontracting regime (understood as the regime

More information

Salesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data

Salesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data Salesforce s Processor Binding Corporate Rules for the Processing of Personal Data Table of Contents 1. Introduction 3 2. Definitions 3 3. Scope and Application 4 4. Responsibilities Towards Customers

More information

PURCHASE ORDER IT HARDWARE CONDITIONS

PURCHASE ORDER IT HARDWARE CONDITIONS PURCHASE ORDER IT HARDWARE CONDITIONS 1 FORMATION OF CONTRACT The Principal has issued a Purchase Order for the supply of the Hardware and the Services (if any). The Purchase Order creates a contract between

More information

Terms and Conditions of Use and Sale as at 1 st January 2009

Terms and Conditions of Use and Sale as at 1 st January 2009 Terms and Conditions of Use and Sale as at 1 st January 2009 The present standard terms and conditions of use and sale, also called the Contract, are concluded between the following parties: - with capital

More information

Internet copy

Internet copy Personal Data Processing Terms - Toll Service Provider Annex 0.5 to Toll Service Provider Agreement This copy of the document was published on and is for information purposes only. It may change without

More information

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 The general good provisions have been listed in compliance with the conditions envisaged by the

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation TERMS & CONDITIONS of SERVICE for MSKnote Definitions: "Us or Our or We or Company" You or Your or Client Refers to MSKnote Limited Refers to you or your organisation Information about us: We are MSKnote

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

DATA PROCESSING ADDENDUM (Salesforce Processor Binding Corporate Rules, Privacy Shield and Standard Contractual Clauses) (Revision Dec.

DATA PROCESSING ADDENDUM (Salesforce Processor Binding Corporate Rules, Privacy Shield and Standard Contractual Clauses) (Revision Dec. DATA PROCESSING ADDENDUM (Salesforce Processor Binding Corporate Rules, Privacy Shield and Standard Contractual Clauses) (Revision Dec. 2016) This Data Processing Addendum ( DPA ) forms part of the Master

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

APES GN 30 Outsourced Services

APES GN 30 Outsourced Services APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited

More information

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines 1 Module 12 Managed Services Version 3.0 TABLE OF CONTENTS 1. AGREED TERMS AND INTERPRETATION... 2 2. TERM OF... 4 3. TRANSITION IN... 4 4. SERVICES... 10 5. SERVICE LEVELS... 12 6. CHANGE CONTROL... 13

More information

Guidance on Personal Data Protection in Cross-border Data Transfer 1

Guidance on Personal Data Protection in Cross-border Data Transfer 1 Guidance on Personal Data Protection in Cross-border Data Transfer PART 1: INTRODUCTION Section 33 of the Personal Data (Privacy) Ordinance (the Ordinance ) prohibits the transfer of personal data to places

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

NON-DISCLOSURE AGREEMENT BETWEEN. HM Treasury AND. (To be completed at Contract Award Stage)

NON-DISCLOSURE AGREEMENT BETWEEN. HM Treasury AND. (To be completed at Contract Award Stage) DATE NON-DISCLOSURE AGREEMENT BETWEEN HM Treasury AND (To be completed at Contract Award Stage) THIS AGREEMENT is made on (Date to be updated at Contract Award stage) BETWEEN: (1) HM Treasury of 1 Horse

More information

07/2013. Specific Terms and Conditions Mobile Device Management

07/2013. Specific Terms and Conditions Mobile Device Management 07/2013 Specific Terms and Conditions Mobile Device Management GENERAL PROVISIONS 1. Offer and Agreement 1.1 The present contractual terms and conditions (hereinafter referred to as Terms and Conditions

More information

Compliance Management Systems

Compliance Management Systems Certification Scheme Y03 Compliance Management Systems ISO 19600 ONR 192050 Issue V2.1:2015-01-08 Austrian Standards plus GmbH Dr. Peter Jonas Heinestraße 38 A-1020 Vienna, Austria E-Mail: p.jonas@austrian-standards.at

More information

PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES

PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES SUMMARY Deliberation No. 2014-500 of 11 December 2014 on the Adoption of a Standard for the Deliverance of Privacy Seals on Privacy Governance Procedures....

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

1. General questions. 2. Personal data protection rights of employees PERSONAL DATA PROTECTION FAQ

1. General questions. 2. Personal data protection rights of employees PERSONAL DATA PROTECTION FAQ PERSONAL DATA PROTECTION FAQ These Frequently Asked Questions are broken down into three parts: Part 1 contains answers to general questions on personal data protection. Part 2 is about employees personal

More information

EU Data Protection Reforms Challenges for Business

EU Data Protection Reforms Challenges for Business www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

Viva Energy may from time to time amend, delete or supplement these Terms and Conditions. Any change takes effect from the earlier of:

Viva Energy may from time to time amend, delete or supplement these Terms and Conditions. Any change takes effect from the earlier of: SHELL CARD ONLINE TERMS AND CONDITIONS VERSION: AUGUST 2014 1. SCOPE 1.1 These Terms and Conditions apply to use of the Shell Card Online (SCOL) web programme accessible via www.vivaenergy.com.au, by a

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

on the transfer of personal data from the European Union

on the transfer of personal data from the European Union on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP

More information

singapore american school

singapore american school Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement BETWEEN GP Name and practice address (Hereinafter known as the Data Controller) AND Coventry & Rugby Clinical Commissioning Group, of Christchurch House, Greyfriars Lane, Coventry,

More information

Application to access Chesters Trade

Application to access Chesters Trade Application to access Chesters Trade Please fill in all details below: Account Number Company Name Company Phone Number Fax Number Contact Name Mobile Number Email Address Please review the Terms of Use

More information

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE Welcome to the Textura Construction Payment Management ( CPM ) System. By clicking

More information

REQUEST FOR QUOTE. RFQ Reference Number: RFQ <> <>

REQUEST FOR QUOTE. RFQ Reference Number: RFQ <<INSERT e.g SWR 03-11/12>> <<Enter Course Name>> REQUEST FOR QUOTE RFQ Reference Number: RFQ Date of Issue: Name of Business Unit: Address: Contact Person: Telephone: Email:

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Summary of Data Protection Requirements When transferring Data Outside the UK End Users Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation

More information

Personal Information Protection Act. Information Sheet 12: 1. Service Providers Outside Canada: Notification, Policies and Practices

Personal Information Protection Act. Information Sheet 12: 1. Service Providers Outside Canada: Notification, Policies and Practices : Notification, Policies and Practices Personal Information Protection Act Information Sheet 12 Introduction Organizations in Alberta operate in an increasingly global business environment. Large and small

More information

Linklaters Knowledge Portal Terms of Use

Linklaters Knowledge Portal Terms of Use Linklaters Knowledge Portal Terms of Use These terms of use govern access by an individual to information provided by Linklaters through the Linklaters Knowledge Portal. 1 Definitions Information means

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

APPLICANT VERIFICATION SERVICES TERMS AND CONDITIONS OF USE

APPLICANT VERIFICATION SERVICES TERMS AND CONDITIONS OF USE APPLICANT VERIFICATION SERVICES TERMS AND CONDITIONS OF USE 1 P a g e Contents 1. Interpretation and Definitions 2. Commencement and Term 3. Recitals and Relationship 4. Services 5. Systems and Software

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Article 1: Subject. Article 2: Orders - Order Confirmation

Article 1: Subject. Article 2: Orders - Order Confirmation GENERAL CONDITIONS OF PURCHASE Article 1: Subject 1.1 The following general conditions of purchase (the "General Conditions") establish the contractual conditions governing the purchase of raw materials,

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Outsourcing Publication Date: September 2013 OUTSOURCING. 1. Legislation Guidance Exercising due skill, care and diligence...

Outsourcing Publication Date: September 2013 OUTSOURCING. 1. Legislation Guidance Exercising due skill, care and diligence... OUTSOURCING Contents 1. Legislation... 2 2. Guidance... 7 2.1 Exercising due skill, care and diligence... 7 2.2 Outsourcing agreement... 7 2.3 Outsourcing policy... 8 2.4 Business continuity plan... 9

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

ANGUS COUNCIL SUPPLEMENTARY CONDITIONS OF CONTRACT. SC 01 - Contract Performance Guarantee Insurance

ANGUS COUNCIL SUPPLEMENTARY CONDITIONS OF CONTRACT. SC 01 - Contract Performance Guarantee Insurance SC 01 - Contract Performance Guarantee Insurance For contracts equal to or exceeding 750,000 in value the Contractor shall, within 28 days of the date of the award of the Contract, obtain and provide to

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

1. Applicant means a person or persons applying for any product or service offered by us;

1. Applicant means a person or persons applying for any product or service offered by us; Intermediaries Online Website and Introducer Conditions 1. General 1. It is important that you read and understand these conditions before you start to use this website. By confirming your acceptance you

More information

(Short Form) Terms and Conditions. Version 1.2 dated 17 February 2015. Please note:

(Short Form) Terms and Conditions. Version 1.2 dated 17 February 2015. Please note: (Short Form) Terms and Conditions Version 1.2 dated 17 February 2015 Please note: The Agreement comprises two parts: Particulars Terms and Conditions (Short Form) Terms and Conditions Page 2 of 7 Terms

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

2. Privacy guidelines for our members, groups, students and other parties

2. Privacy guidelines for our members, groups, students and other parties Privacy Policy 1. Outline SICA and Port Moresby Chapter of the Institute of Chartered Accountants of India (we, us or our) are a short name and a trading name respectively for the Society of Indian Chartered

More information

www.corrs.com.au OFFSHORING Data the new privacy laws

www.corrs.com.au OFFSHORING Data the new privacy laws www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information