HELLENIC TELECOMMUNICATIONS ORGANIZATION S.A.
|
|
- Melanie Clark
- 7 years ago
- Views:
Transcription
1 HELLENIC TELECOMMUNICATIONS ORGANIZATION S.A. ΟΤΕ Group Code off Conductt For tthe Prottecttiion off tthe IIndiiviiduall s Riightt tto Priivacy iin tthe Handlliing off Personall Datta wiitthiin OTE Group Approved by the Board of Directors of OTE S.A. at its meeting No 2831 held on May 20, 2009 effective as of May 20, 2009
2 Table of Contents Preamble... 1 Article 1: Scope... 2 Article 2: Legal nature of the Code of Conduct- Connection of the Code to the National and European Legislation..2 Article 3: Transparency of data protection Article 4: Subject s Right to Information and Access... 2 Article 5: Information s Availability Article 6: Permissible data handling requirements- Data subject s consent Article 8: Use of personal data for direct marketing purposes... 4 Article 9: Special categories of personal data... 4 Article 10: Principles relating to data quality Article 11: Data Archiving... 5 Article 12: Transmission of data to third parties... 5 Article 13: Responsibility Article 14: Subcontracted Data Processing... 5 Article15: Responsible Officers... 6 Article 16: Checks on the Level of Data Protection... 6 Article 17: Technical, Organizational and Employee- Related Measures... 6 Article 18: Rights of Data Subjects... 7 Article 19: Right to Protest / Right to have Data erased... 7 Article 20: Right to Correction... 8 Article 21: Right to Clarifications and comments Article 22: Exercising of Rights Article 23: Responsibility of personal data handling... 8 Article 24: Coordination by the Officer of the Group... 9 Article 25: Supervisory and Consultation Duties... 9 Article 26: Employee Training and Commitment Article 27: Cooperation with Supervisory Authorities... 9 Article 28: Definitions
3 CODE OF CONDUCT FOR THE PROTECTION OF THE INDIVIDUAL S RIGHT TO PRIVACY IN THE HANDLING OF PERSONAL DATA WITHIN O.T.E GROUP. Preamble The protection of personal data of natural persons and/or legal entities, especially the handling of personal data of customers and employees is a significant concern for all companies of the OTE Group. Furthermore, OTE Group wishes to protect the personal data of the listed companies shareholders. In this frame, OTE Group adopts a Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the OTE Group in accordance with the national and European legislation applied. The present Code of Conduct is a declaration of principles regarding the handling of personal data, is supplementary to the applied legislation and legally binding for all the companies of the OTE Group, wherever they take action. Hereunder follows the Code of Conduct for the protection of the individual s Right to Privacy in the Handling of Personal Data within OTE Group.
4 Article 1: Scope The scope of the present Code is to ensure a uniformly high level of data protection regarding the protection of personal data of subjects, within the companies of the OTE Group through the proper application of the national and European legislation referring to data protection and confidentiality of communication. Article 2: Legal nature of the Code of Conduct- Connection of the Code to the National and European Legislation. 2.1 The present Code of Conduct sets the general guide-lines regarding the handling of personal data within the OTE Group, is binding for all the companies of the OTE Group and comes into force upon publication by the respective management of the companies of the OTE Group on the official website of the company. 2.2 The present Code applies in combination to the national and European legislation in force for the collection, handling and use of the personal data of all data subjects, especially the personal data of customers and employees of all the Group s companies, as well as - for all group listed- companies- the shareholders. 2.3 The companies of the Group shall handle personal data and transmit them to the Public Authorities, if so required, in accordance to the national legislation of the country, which regulates the operation of each company of the Group. Article 3: Transparency of data protection. Persons, to which the personal data refer to ( data subjects in the meaning of article 28 hereof), will have access to all information concerning the handling of personal data though proper methods of informing, especially through the publication of the Code of Conduct on the official website of the company. Article 4: Subject s Right to Information and Access. 4.1 Data subjects have the right to be informed whether their personal data are or have been handled. 4.2 The data subject must be informed in an appropriate and expressed manner of the following data The identity of the data controller/s as well as their contact details The personal data regarding the subject, as well as their origin The intended scope and purpose of the collection, processing and/or use of personal data. This information should include which data are being recorded and/or processed/used, why and for what purpose and for how long. 2
5 The manner of processing and in case of transmission to third parties, the recipient, extent, and purpose of transmission The provisions of this Code of Conduct, regarding the rights of the data subject The relevant information should be at the disposal of the applicant in a comprehensible form and within a reasonable time. In general, information should be given in written The data subjects are entitled to request and obtain from the Controller, the information related to the handling of their personal data and the Controller is obliged to respond in written in an understandable form and without culpable delay in a reasonable time or in the peremptory period as provided by the national legislation 4.5. When permissible by the national legislation, the company may charge a fee for the information supplied. Article 5: Information s Availability. Information should be available to the data subjects, when data are collected for the first time and subsequently, whenever it is requested. Article 6: Permissible data handling requirements- Data subject s consent. 6.1 Personal data handling is permissible only when the subject gives its consent. The data subjects consent should concentrate the following features: The data subjects consent shall be obtained at the latest when data starts to the collected, processed or used Consent should be given expressly and voluntary, in a form appropriate to the circumstances Consent must be given on an informed basis regarding the purpose of handling, the recipients or list of recipients, as well as the identity of the Controller or the data processor. 6.2 Subjects consent can be withdrawn at any time without any retroactive effect. 6.3 Exceptionally, data handling is permissible without the subject s prior consent, when handling is necessary for purposes of fulfilling a contract, to which the data subject participates or when it is allowed by the national or European legislation. Article 7: Personal data shall not be used for purposes other than those for which the data was originally collected. 3
6 Article 8: Use of personal data for direct marketing purposes. 8.1 Personal data will be used for direct marketing purposes according to the national and European legislation. 8.2 Data subjects have the right to object to the company, which handles his personal data for direct marketing purposes. 8.3 The companies of OTE Group are obliged -upon subject s request- to inform the subjects for their abovementioned right, as well as for the manner and the process of applying this right. Article 9: Special categories of personal data. The collection and handling of special categories of personal data is prohibited unless the subject has expressly given his/her consent or the handling is permissible according to the applied national or European legislation. It shall also be permissible if it is necessary to process the data in order to fulfil the rights and obligations of the responsible company in the area of labour law, provided that this is permissible due to the applied national law. Article 10: Principles relating to data quality All companies should take the necessary measures, in order ensure that personal data are at all times correct,and where necessary, kept up to date (data quality) The companies of the Group should also take all necessary measures, in order to ensure that any incorrect or incomplete data is erased or corrected Personal data shall be appropriate, adequate and not excessive for the purposes for which the data were used. Data shall be collected only for particular, definite and legitimate purposes upon a relevant request and should be processed only according to these purposes (Data avoidance) Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which data were collected or for which they are further processed. After this period, the companies shall destroy or erase the identification features of the data subjects (anonymization). Anonymization shall be carried out in such a manner that the original identities of the data subjects cannot be revealed, or can only be revealed with disproportionately great effort. 4
7 Article 11: Data Archiving. The principles of data processing, particularly the principles of data economy and data avoidance, shall be taken into account when developing data archive. In order to develop a personal data archive, the national legislation is applicable. Article 12: Transmission of data to third parties. Transmission of data to third parties is prohibited, unless the subject has expressly given his consent or in case transmission is necessary to fulfill a contractual requirement towards the data subject or in all cases data transmission to third parties is permissible according to the national legislation. Article 13: Responsibility. When transmitting personal data to a third party, which is not a public body, the company, which had originally collected the personal data, should cooperate with the third party, in order to ensure that personal data are legally handled. Indicatively the Controller shall ensure that appropriate data protection and data security measures are provided or shall be discussed and agreed with the recipient. Where agreements are concluded with bodies in countries without adequate data protection levels, sufficient guarantees must be ensured with respect to the protection of the right to privacy of the individual and the exercising of rights connected with this, without prejudice to the prior permission by the competent authority, if so required by the national legislation. Article 14: Subcontracted Data Processing When the company engages the services of a subcontractor, then, the relevant written contract shall refer to the obligations of the subcontractor as the party engaged for processing the data. Such provisions shall set out the instructions of the company (the party which controls the data) regarding the type and manner of the processing of personal data, the purpose of the processing as well as the technical and organizational measures required for data protection The subcontractor shall not use the personal data revealed to him due to his contractual relation with the relevant company without its prior consent The criteria of personal data security and legal handling of personal data shall be taken into consideration when selecting a subcontractor. 5
8 Article15: Responsible Officers Each company of the OTE Group shall appoint an officer, competent to ensure that the individual departments are adequately informed on the applied legislation as well as the Group s internal processes and data protection policy The Officer must be involved in the design of new products and services from the early stages in order to ensure the protection of personal data OTE shall appoint an Officer competent group-wide for the protection of privacy of personal data, which reports directly to OTE s Board of Directors and coordinates the company s strategy regarding the protection of personal data and the confidentiality of communications Each company shall cooperate with Group Officer of OTE in order to establish a uniformly high level of data protection within the companies of OTE Group. Article 16: Checks on the Level of Data Protection Internal audits on the processes of data handling, as well as on the processes of waiving of privacy should be carried out at a regular basis to review the effectiveness of the implemented measures. Such audits should be carried out by the Officer of each company competent for the protection of privacy of personal data or by other units authorized to conduct internal audits. Article 17: Technical, Organizational and Employee- Related Measures When commencing their work within the company and each year, the companies employees will sign appropriate confidentiality clauses, as well as observance clauses regarding the internal processes implemented in the company for the protection of personal data of customers, employees and, for all inserted companies, shareholders The internal processes of each company should include the appropriate organizational and technical measures, in order to ensure the legal processing of personal data. These processes must at least guarantee the following: Preventing unauthorized persons from gaining access to data processing systems on which personal data are processed or used (physical access control) Ensuring that data processing systems cannot be used by unauthorized persons (denial-of-use control); Ensuring that those persons authorized to use a data processing system are able to access exclusively those data to which they have authorized access and that 6
9 personal data cannot, during processing or use or after recording, be read, copied, altered or removed by unauthorized persons (data access control) Ensuring that, in the course of electronic transmission or during their transport or recording on data carrier, personal data cannot be read, copied, altered or removed by unauthorized persons, and that it is possible to examine and establish where personal data are to be transmitted by data transmission equipment (data transmission control) Ensuring that it is possible retrospectively to examine and establish whether and by whom personal data have been entered into data processing systems, altered or removed (data entry control) Ensuring that personal data which are processed by subcontractors can only be processed in conformance with the instructions of the ordering party (subcontractor control) Ensuring that personal data are protected against accidental destruction or loss (availability control). Article 18: Rights of Data Subjects. Every data subject has the right to contact the responsible company with questions regarding the present Code of Conduct and his/her rights mentioned in articles 4, 19 and 20 hereof. Article 19: Right to Protest / Right to have Data erased Data subject has the right to protest to the responsible company against the use of his personal data All complaints shall be directed to the Officer competent for the protection of privacy of personal data or to the properly authorized person and shall include a request for a certain operation such as correction, temporary non use, blocking, non transmission, erasure The right to protest applies even if the data subject had in a former case consented to the use of his personal data Rightful requests to have data erased shall be promptly met. Such requests are rightful particularly when the legal basis for the use of the data ceases to apply. Statutory retention periods shall be observed. 7
10 Article 20: Right to Correction Data subject shall at any time request that the responsible company corrects his personal data insofar as such data are incomplete or incorrect. Article 21: Right to Clarifications and comments If a data subject claims that his/her rights have been breached in the form of unlawful data processing, particularly in the event that this Code of Conduct has been breached, the responsible companies shall clarify the facts without culpable delay and in the time-limit pursuant to the Laws in force. In this case they shall work together closely and grant each other access to all information necessary for establishing the facts of the case The company s responsible data protection department most closely associated with the relevant issues must coordinate all the relevant correspondence with the data subject. Article 22: Exercising of Rights. Data subjects shall not be disadvantaged because they have availed themselves of these rights. Article 23: Responsibility of personal data handling Companies shall guarantee their compliance with the legislation regarding the protection of personal data and the waiving of privacy as well as the provisions of this Code of Conduct The officer competent for the protection of privacy of personal data of the respective company shall be informed without delay about any breaches (including suspicion of a breach) of data protection provisions and of this Code of Conduct. In the case of incidents that are of relevance to more than one company, the Group officer competent for the protection of privacy of personal data should also be informed The officer competent for the protection of privacy of personal data of the respective company shall be informed about any changes in the legislation regarding the personal data protection The Officers of each company of the OTE Group should coordinate their activities within the framework of the Group s Data Protection and Privacy Waiving policy. 8
11 Article 24: Coordination by the Officer of the Group The Officer of the Group competent for the protection of privacy of personal data shall coordinate the activities of the Officers of each company in case of generalized incidents of breach of provisions regarding data protection, which endanger the purpose of this Code of Conduct The duty of the Group Officer competent for the protection of privacy of personal data is to develop the Group s policy regarding data protection. In order to accomplish this purpose, all Officers must cooperate. Article 25: Supervisory and Consultation Duties The officers of the respective companies shall be responsible for monitoring compliance with national and international data protection regulations and with this Code of Conduct The respective Officers shall examine on-site all processing techniques that involve the use of personal data. Article 26: Employee Training and Commitment. The Group companies attend the employees training regarding lawful handling of personal data as well as implementing this Code of Conduct. Article 27: Cooperation with Supervisory Authorities Companies of the OTE Group shall agree to respond to enquiries and to comply to the recommendations of the supervisory authorities, which are authorized to supervise the application of the national legislation regarding personal data protection and Waiving of privacy. Article 28: Definitions ΟΤΕ Group: Ο.Τ.Ε S.A as well as all companies in which OTE SA directly or indirectly holds more than a 50% share or over, or which it has control. 9
12 Responsible or respective company: The Company, which pertains to OTE Group and determines the purposes and means of data processing of customers, employees and shareholders. Data subject: Any natural person or legal entity to which data refer to and which identity is known or can be revealed by the responsible company, with which the subject is related as a client or employee or shareholder. Personal data: Any information relating to the data subject. Statistical information, from which the subject can not be identified, is not considered personal data. Special Categories of Data: Shall mean data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex life criminal charges or convictions as well as membership to societies dealing with the aforementioned areas.. Handling of personal data: Shall mean any operation or set of operations which is performed upon personal data such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Consent: shall mean any freely given, explicit and specific indication of will, whereby the data subject expressly and fully cognisant signifies his/her informed agreement to personal data relating to him being processed. Such information shall include at least information as to the purpose of processing, the data or data categories being processed, the recipient or categories of recipients of personal data as well as the name, trade name and address of the Controller and his/her representative, if any. Such consent may be revoked at any time without retroactive effect. Data recipient: Shall mean any natural person or legal entity, public authority, agency or any other body to whom data are disclosed, whether a third party or not. Third party: Any natural person or legal entity, public authority, agency or any other body other than the data subject, the controller, and the persons authorised to process data provided that they act under the direct supervision or on behalf of the Controller. Controller : shall mean any person who determines the scope and means of the processing of personal data, such as any natural or legal person, public authority or agency or any other organisation. Where the purposes and means of processing are determined by national or Community laws or regulations, the Controller or the specific criteria for his/her nomination shall be designated by national or Community law. 10
13 Processor : shall mean any person who possesses personal data on behalf of the Controller such as any natural person or legal entity, public authority or agency or any other organisation. Personal Data Archive/file : shall mean any structured base of personal data, which is accessible taking into consideration specific criteria. 11
How To Protect Your Data In European Law
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
More informationBinding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationCROATIAN PARLIAMENT 1364
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationThe supplier shall have appropriate policies and procedures in place to ensure compliance with
Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationData Protection Standard
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationCLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES
CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 paolo.balboni@bakernet.com Introduction & Structure ENISA Working Group
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS
Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationeprivacyseal GmbH Criteria catalogue EU November 2013
eprivacyseal GmbH Criteria catalogue EU November 2013 The EPS data privacy seal certifies for the respective applicant that its product or service is in line with the detailed criteria in the following
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationDirective. for the transfer of personal data. to third countries outside the EEA
Directive for the transfer of personal data to third countries outside the EEA (Munich Re reinsurance group directive on third-country data transfer) Information correct at 1 July 2013 - 2 - Contents 1
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationDIFC LAW NO. 1 OF 2007
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationThe Romanian Parliament adopts the present law. Chapter I: General Provisions
Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationHow To Write A Report On A Recipe Card
Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Investment Bank (EIB) concerning procedures related to "360 Leadership feedback report" Brussels,
More informationOur Client Agreement for Mortgages & Insurance
1. This agreement is issued on behalf of Duchy Independent Financial Advisers Ltd of Chy Jenner, Newham Quay, Truro, Cornwall TR1 2DP whom can be contacted at 01872 240368. Authorisation Statement Duchy
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationThe primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
More informationData Protection Policy
Data Protection Policy 1. Preamble The highest level of personal data protection is particularly important for KCG Partners Law Firm. The purpose of this Data Protection Policy is to inform the visitors
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationGUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES
GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES CONTENT 1. WHY A CLOUD COMPUTING GUIDE?... 2 2. WHAT IS CLOUD COMPUTING?... 4 3. WHAT ARE THE ROLES OF THE CLOUD SERVICES
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More informationCOLLECTION, MANAGEMENT, SECURITY OF AND ACCESS TO INFORMATION RECORDS
#4.00 PREAMBLE: The management of information required by due process, legislation or regulation is an important consideration for administrators and staff of the Burnaby School District. On November 3,
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationInternational Data Protection Policy
International Data Protection Policy Revised April 2013 Table of Contents Statement from the President and CEO... 5 Visteon International Data Protection Policy... 6 1.0 Purpose... 6 2.0 Scope... 6 3.0
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationPersonal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
More informationTable of contents: ***
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More information07/2013. Specific Terms and Conditions Mobile Device Management
07/2013 Specific Terms and Conditions Mobile Device Management GENERAL PROVISIONS 1. Offer and Agreement 1.1 The present contractual terms and conditions (hereinafter referred to as Terms and Conditions
More informationPRIVACY STATEMENT OF THE WEBSITE http://www.viscontipalace.com Page 1 of 7
PRIVACY STATEMENT OF THE WEBSITE http://www.viscontipalace.com Page 1 of 7 LEARN MORE ABOUT OUR PRIVACY STATEMENT In this privacy statement, Visconti Cesi S.r.l., with registered office at Via Vittoria
More informationFIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION
FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationMRS Guidelines for Business-to-Business Research. October 2011
MRS Guidelines for Business-to-Business Research October 2011 Updated September 2014 MRS is the world s largest association for people and organisations that provide or use market, social and opinion research,
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More information