1 CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on Personal Data Protection, adopted by the Croatian Parliament at its session on 12 June No: /2 In Zagreb, 18 June 2003 President of the Republic of Croatia Stjepan Mesić, m. p. THE ACT ON PERSONAL DATA PROTECTION I BASIC PROVISIONS Article 1 This Act regulates the protection of personal data regarding natural persons and the supervision of collecting, processing and use of personal data in the Republic of Croatia. The purpose of personal data protection is to protect the privacy of individuals, as well as other human rights and fundamental freedoms in the collecting, processing and use of personal data. The protection of personal data in the Republic of Croatia has been ensured for every natural person irrespective of his/her citizenship or place of residence, and regardless of race, skin colour, sex, language, religion, political or other convictions, national or social background, property, birth, education, social standing or other characteristics.
2 Article 2 For the purposes of this Act, the following terms have the following meaning: 1. Personal data means any information relating to an identified natural person or an identifiable natural person (hereinafter: data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. 2. Personal data processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, as well as the implementation of logical, mathematical and other operations on such data. 3. Personal data filing system means any set of personal data which are accessible according to specific criteria, centralized, decentralized or dispersed on a functional or geographical basis, regardless of whether it has been stored in computer personal data bases, in any other form of technical tools or manually. 4. Personal data filing system controller means a natural or legal person, state or other body that determines the purposes and means of the processing of personal data. Where the purposes and means of processing have been regulated by law, the same law shall designate the personal data filing system controller. 5. User means a natural or legal person, state or other body whom the personal data may be disclosed to for the purpose of conducting regular activities within the scope of its competence as defined by law. 6. The data subject's consent means any freely given and specific indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed for certain purposes. Certain activities or groups of activities encompassed by the term processing of personal data in item 2 of this Article may be singled out or indicated in certain provisions of this Act when such provisions do not refer to the entire processing as defined by item 2 of this Article, but to specifically defined activities encompassed by the processing. Article 3 The provisions of this Act shall apply to the personal data processing conducted by state bodies, local and regional self-government bodies, as well as by legal and natural persons processing personal data. The provisions of this Act shall not apply to the personal data processing conducted by natural persons for personal or private purposes.
3 Article 4 The provisions of this Act refer to all personal data files regardless of whether they are processed automatically or manually. II PERSONAL DATA PROCESSING Article 5 The personal data filing system controller may process personal data only under conditions stipulated by this Act and special acts. Article 6 Personal data may be collected for a purpose known to the data subject, explicitly stated and in accordance with the law, and may be subsequently processed only for the purposes it has been collected for or for a purpose in line with the purpose it has been collected for. Further processing of personal data for historical, statistical or scientific purposes shall not be considered as incompatible provided that appropriate protection measures are in place. Personal data must be relevant for the accomplishment of the established purpose and shall not be collected in quantities more extensive than necessary for achieving the purpose defined. Personal data must be accurate, complete and up-to-date. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. The appropriate protection measures for personal data stored for longer periods of time for historical, statistical or scientific use are established by special acts. The personal data filing system controller is responsible for implementing provisions of this Article. Article 7 Personal data may be collected and subsequently processed: - with the consent of the data subject, or - in cases established by law. In cases of personal data collecting and processing with the consent of the data subject, such personal data may be processed only for the purpose the data subject has given his/her consent for. Personal data may be collected and subsequently processed without the consent of the data subject:
4 - for the purpose of carrying out legal obligations to which personal data filing system controller is subject, or - for the purpose of protecting the life or physical integrity of the data subject or another person in cases when the data subject is physically or legally unable to give his/her consent, or - if data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller personal data filing system controller, or - if the data subject discloses such data on his/her own. In cases referred to in Paragraph 1, Subparagraph 1 and Paragraph 3, Subparagraph 4 of this Article the data subject has the right to revoke his/her consent at any time, and request the termination of further processing of his/her data, unless these data are processed for statistical purposes when personal data can no longer be used for the identification of the person it relates to. Personal data pertaining to underage persons may be collected and subsequently processed in accordance with this Act by applying special protection measures prescribed by special acts. III PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA Article 8 It is prohibited to collect and subsequently process personal data pertaining to racial or ethnic origin, political opinions, religious or other beliefs, trade-union membership, health or sex life as well as personal data regarding criminal and misdemeanour proceedings. By way of derogation, data referred to in Paragraph 1 of this Article may be collected and subsequently processed: - in cases referred to in Article 7, Paragraph 1, Subparagraph 1 and Paragraph 3, Subparagraphs 1, 2 and 4 of this Act, - if the processing is carried out within the scope of legal activity of an institution, association or any other non-profit body with political, religious or other aim, provided that such processing relates solely to the members of the body and that the data obtained are not disclosed to a third party without a prior consent of the data subject. In cases referred to in Paragraph 2 of this Article, the data processing shall be specially marked and protected. A Government regulation, upon prior approval of the Personal Data Protection Agency, shall prescribe the manner in which the data referred to in Paragraph 2 of this Article shall be stored, as well as special measures of technical protection.
5 Article 9 Prior to collecting any personal data, the personal data filing system controller or the processing official must inform the data subject whose personal data are being collected about the identity of the personal data filing system controller, the purpose of the processing for which the data are intended, about personal data users or personal data user categories, and whether such data provision is voluntary or mandatory, as well as about possible consequences of withholding data. In cases of mandatory provision of personal data, the legal basis for the personal data processing shall be indicated as well. Prior to providing personal data to other users, the personal data filing system controller is under the obligation to inform the data subject about this. Information referred to in Paragraphs 1 and 2 of this Article is provided to the data subject regardless of whether the data are collected directly from the subject or from other sources. Exceptionally, information referred to in Paragraphs 1 and 2 of this Article does not have to be provided to the data subject if personal data are provided for use or are collected from the existing personal data files in order to be processed for statistical purposes or for the purposes of historic or scientific research, or if such processing of personal data has been explicitly determined by law. IV ASSIGNING PERSONAL DATA PROCESSING TASKS Article 10 Based on a contract, the personal data filing system controller may entrust individual tasks regarding the processing of personal data within his/her authority to other natural or legal persons (hereinafter: processing official). Tasks regarding the personal data processing may be entrusted solely to a processing official registered for conducting these activities, who provides sufficient guarantees regarding the realization of appropriate personal data protection measures. The contract referred to in Paragraph 1 of this Article regulates mutual rights and obligations of the personal data filing system controller and processing official, while the processing official is in particular under the obligation to: - act only pursuant to an order issued by the personal data filing system controller, - not provide personal data to other users for use, nor process them for any other purpose than that defined by the contract, - ensure that the appropriate technical, organizational and staffing measures are in place for personal data protection, in accordance with provisions stipulated by this Act.
6 V PROVIDING DATA TO USERS Article 11 The personal data filing system controller is authorised to provide personal data to other users based on the user s written request if this is necessary for carrying out tasks encompassed by the user s legal activity as defined by law. The written request shall state the purpose and legal basis for the personal data use, and the type of personal data requested. It is prohibited to provide personal data to other users who have not been authorised to process or use them based on provisions of Article 7 and Article 8, Paragraph 2 of this Act, and if the purpose for the use of such personal data requested is contrary to provisions of Article 6 Paragraphs 2 and 3 of this Act. Personal data processed for scientific research or statistical purposes must not allow for the identification of persons the personal data refers to. In cases referred to in Paragraph 1 of this Article, the personal data filing system controller shall keep separate records on personal data provided for use, personal data user and the purpose for which this data have been provided. Article 12 Personal data may be used only in the term necessary for the fulfilment of the specific purpose, unless a longer period has been established by a special act. Following the expiry of the term referred to in Paragraph 1 of this Article, the personal data shall be deleted, unless otherwise established by a special act. Provisions laid out herein pertaining to provision of personal data for use also apply to the exchange of personal data between state bodies, unless otherwise established by a special act. VI PERSONAL DATA TRANSFER ABROAD FROM THE REPUBLIC OF CROATIA Article 13 Personal data filing systems or personal data contained in personal data filing systems may be transferred abroad from the Republic of Croatia for further processing only if the state or the international organization the personal data is being transferred to have adequately regulated the legal protection of personal data and have ensured an adequate level of protection. Prior to transferring personal data abroad from the Republic of Croatia, the personal data filing system controller shall, in case of reasonable doubt regarding the existence of adequate
7 personal data protection system, obtain an opinion regarding this issue from the Personal Data Protection Agency. VII PERSONAL DATA FILING SYSTEMS, RECORDS AND THE CENTRAL REGISTER Article 14 The personal data filing system controller creates and maintains records for each personal data file, containing the basic information about the filing system and in particular the following: 1. filing system title, 2. title or name of the filing system controller and his/her seat and address, 3. processing purpose, 4. legal basis for the establishment of the filing system, 5. categories of persons to whom the data relate, 6. types of data contained in the filing system, 7. methods of collection and storing data, 8. time periods for storing and using such data, 9. name or title of the filing system user, his/her address and seat, 10. an indication whether the data have been transferred into or abroad from the Republic of Croatia with the indication of the state or international organization and foreign user of such personal data and the purpose for this transfer to Croatia or abroad as prescribed by an international agreement, act or other regulations, or a written consent of the person to whom this data refer to, 11. an indication of personal data protection measures in place. Article 15 A Government regulation shall prescribe the method of maintaining records referred to in Article 14 of this Act, as well as the form of such records, upon obtaining an opinion on this issue from the Personal Data Protection Agency. Article 16 The records referred to in Article 14 of this Act shall be delivered to the Personal Data Protection Agency to be compiled in the Central Register of the Personal Data Protection Agency. Records on personal data filing systems maintained by the authorised state bodies within a framework of personal data processing activities for the purposes of state security, defence and the prevention of occurrences determined in the National Security Strategy of the Republic of Croatia as security risks (corruption, organized crime, terrorism) do not have to be compiled in the Central Register. Article 17 Prior to the creation of a personal data filing system, personal data filing system controllers shall be under the obligation to submit to the Agency for the Protection of Personal Data their notification of the planned creation of a personal data filing system together with data
8 referred to in Article 14 of this Act, as well as of any plans to further process such data, prior to initiating any processing activity. The obligation to submit a prior notification to the Personal Data Protection Agency set out in Paragraph 1 of this Article does not apply to the creation of personal data filing systems in cases when a special act determines the processing purpose, data or data categories to be processed, the category or categories of data subjects, the users or user categories to whom such data shall be disclosed to and the time period during which such data shall be disclosed. In cases referred to in Paragraph 2 herein personal data filing system controllers are under the obligation to submit the data on the creation of personal data filing systems, as well as any data amendments concerning personal data fiing systems to the Personal Data Protection Agency, at the latest within 15 days after such creation or amendment occur. The public has access to the records in the Central Register. The Personal Data Protection Agency shall publish the records from the Central Register in the Official Gazette or in another adequate manner. Article 18 Personal data in personal data filing systems shall be adequately protected from accidental or deliberate abuse, destruction, loss, unauthorized alteration or access. The personal data filing system controller and user shall be obliged to undertake appropriate technical, staffing and organisational measures aimed at protecting personal data, necessary for the protection of personal data from accidental loss or destruction and from unauthorized access, unauthorized alterations, unauthorized dissemination and all other forms of abuse, and to determine the obligation of all persons entrusted with the processing of personal data to maintain the confidentiality of these data. VIII RIGHTS OF THE DATA SUBJECT AND THE PROTECTION OF THESE RIGHTS Article 19 The personal data filing system controller shall, at the latest within 30 days from receiving a request about it, provide the following to every data subject or his/her legal representative or plenipotentiary: 1. deliver a confirmation as to whether or not data relating to data subject are being processed, 2. communicate to data subject in an intelligible form of the data undergoing processing and of any available information as to their source, 3. allow access to the personal data filing system records and to the personal data in the personal data filing system relating to the data subject, and allow the copying of such files, 4. deliver excerpts, certificates or printouts of the personal data held in the personal data filing system relating to the data subject, which must contain an indication of the purpose and legal basis for their collecting, processing and use,
9 5. deliver a printed copy containing the information on who obtained access to the data, for what purpose and on what legal basis regarding the personal data of the data subject, 6. provide information about the logic involved in any automatic processing of data concerning him/her. Article 20 Upon the request of the data subject or that of his/her legal representative or plenipotentiary, the personal data filing system controller shall complete, alter or delete personal data if the data is incomplete, inaccurate or outdated, and if their processing is not in accordance with provisions of this Act. Independently of the data subject s request, whenever the personal data filing system controller determines that personal data are incomplete, inaccurate or outdated; he/she shall complete or amend them. The personal data filing system controller shall inform the person to whom the data relate and the users of such personal data of any amendments, alterations or deletions of such personal data undertaken within 30 days. Article 21 The data subject has the right to object to the processing of his/her personal data for the purposes of direct marketing and in this case the personal data relating to him/her shall not be processed for such purpose. The personal data filing system controller shall inform the data subject in advance of any intent to process personal data for direct marketing purposes and of his/her right to object to such processing. Article 22 All costs referred to in Articles 19, 20, and 21 of this Act shall be borne by the personal data filing system controller, unless otherwise regulated by a special act. Article 23 The obligations and rights stipulated by the provisions of Articles 9 and 19 of this Act may be restricted in the way and under conditions established by special acts if deemed necessary for the protection of state security, defence and public safety; for the prevention, investigation, detection or persecution of any criminal act or breaches of ethical codes for regulated professions; for the protection of important economic or financial interests of the state, cultural assets and for the protection of data subjects or the rights and freedoms of others, within the scope necessary for the fulfilment of purposes for which the limitation in question has been determined. The obligations and rights stipulated by the provisions of Articles 19 and 20 of this Act may be restricted by special acts in case the personal data are processed exclusively for the
10 purpose of scientific research or for the purpose of establishing statistics and stored for a longer period to be used exclusively for statistical purposes. Article 24 A person who considers that any of his/her rights guaranteed by this Act have been violated may submit a request to establish the violation of rights to the Personal Data Protection Agency. The Personal Data Protection Agency shall issue a decision regarding the request on the rights violation. The Agency Decision shall be regarded as an administrative act. An appeal against the decision of the Personal Data Protection Agency cannot be filed, however administrative proceedings can be initiated. Article 25 Upon request of a person asking for the protection of his/her rights, the Personal Data Protection Agency may issue a temporary ruling prohibiting the processing of data in question until the finality of the proceedings. An appeal against the ruling referred to in Paragraph 1 of this Article cannot be filed, however administrative proceedings can be initiated. Article 26 The personal data filing system controller shall be responsible for any damages suffered by the data subject as a result of the personal data processing contrary to this Act, in accordance with general regulations regarding the compensation of damages. The data subject shall have the right to the compensation for damages from the personal data filing system controller in cases of unauthorized use, or unauthorized disclosure of his/her personal data for use by other users or natural or legal persons. The right to the compensation for damages referred to in Paragraphs 1 and 2 of this Article may be realized at a general jurisdiction court. IX SUPERVISION OF PERSONAL DATA PROCESSING Article 27 For the purposes of supervising the work of personal data processing Croatian Personal Data Protection Agency (hereinafter: Agency) shall be established by this Act. The Agency shall be a legal person.
11 The Agency seat is in Zagreb. Article 28 In carrying out its activities as stipulated by this Act, the Agency shall be independent and shall be responsible to the Croatian Parliament. Resources for the Agency operation shall be secured from the State Budget of the Republic of Croatia. The organization and operation of the Agency shall be regulated by the Agency Statute, endorsed by the Croatian Parliament. Article 29 The Agency shall be run by the director appointed and recalled by the Croatian Parliament upon proposal of the Government of the Republic of Croatia. The director shall have a deputy director. The deputy director shall be appointed and recalled by the Croatian Parliament upon proposal of the Government of the Republic of Croatia. The Agency director and deputy director shall professionally conduct their tasks in the Agency. The director and the deputy director shall be Croatian citizens with a university degree and at least ten years of work experience. The Agency director and deputy director shall be appointed for a period of four years with the possibility of reappointment. Provisions of the Act on Rights and Obligations of Civil Servants shall apply to the Agency director and deputy director. The salary of the Agency director and deputy director shall be established as for a director of a state administration agency and a deputy director of a state administration agency. Article 30 The Agency shall have its own professional service. General employment regulations shall apply to the employees of the Agency s professional service. Article 31
12 The Agency shall submit a report regarding its operation to the Croatian Parliament upon its request and at least once a year. In its report the Agency shall provide a comprehensive analysis of the situation in the field of personal data protection, about the procedures initiated based on provisions of this Act and the measures undertaken, and facts about the level of civil rights protection in the personal data processing. Article 32 The Agency shall conduct the following activities as its public tasks: - supervises the implementation of personal data protection, - indicates the violations noted during personal data collecting, - compiles a list of national and international organizations which have adequately regulated personal data protection, - resolves requests to determine possible violations of rights guaranteed by this Act, - maintains the Central Register. The Agency may publish more important decisions in the Official Gazette of the Republic of Croatia. The Agency shall supervise the implementation of personal data protection upon request of the data subject, upon proposal of a third party or officially. The Agency shall be under the obligation to analyse all requests pertaining to possible rights violations during personal data processing and inform the requesting party about the measures undertaken. The Agency shall have the right to access personal data stored in the personal data filing system, regardless of whether records of these files are kept within the Central Register or not, it moreover has the right of access to files and other documentation pertaining to personal data processing as well as to electronic data processing, and has the right to collect all information necessary for carrying out its supervisory tasks, regardless of the confidentiality level. The personal data filing system controller, user or processing official shall be under the obligation to allow the Agency access to files and other documentation, as well as to electronic data processing and shall submit the requested files and other documentation to the Agency. Article 33 In addition to the tasks referred to in Article 32 of this Act, the Agency shall conduct the following activities: - monitor the regulation of personal data protection in other countries and cooperate with competent bodies authorised for personal data protection in other countries, - monitor the transfer of personal data abroad from the Republic of Croatia, - develop methodological recommendations for the advancement of personal data protection, and forward them to personal data filing system controllers,
13 - offer advice regarding the creation of new personal data filing system, specially in the implementation of new information technology, - issue its opinion, when this has not been precisely established, whether a certain group of personal data is considered to be a personal data filing system within the meaning of this Act, - monitor the application of organizational and technical measures aimed at data protection, and propose improvements of these measures, - issue proposals and recommendations regarding the advancement of personal data protection, - cooperate with competent state authorities in preparing draft regulations regarding personal data protection, - after receiving a notice of the personal data filing system controller about it, issue an opinion as to whether certain ways of personal data processing represent specific risks for the rights and freedoms of data subjects. In case of doubt that specific risks might exist the personal data filing system controller must request the Agency opinion, - conduct other activities as defined by law. Article 34 If during supervision the Agency determines that legal provisions establishing personal data processing have been violated, it shall be entitled to warn or notify the personal data filing system controller about the irregularities in the personal data processing and issue a decision: - ordering that irregularities be eliminated within a certain time period, - temporarily prohibiting the collecting, processing and use of personal data being collected, processed or used contradictory to the relevant legal provisions, - ordering erasure of personal data collected without a legal basis, - prohibiting the transfer of personal data abroad from the Republic of Croatia or allowing providing of personal data to other users if such data are transferred abroad from the Republic of Croatia or provided to other users contradictory to provisions stipulated in this Act, - prohibiting the assignment to collect and process personal data to processing officials if a processing official does not fulfil the requirements prescribed for personal data protection, or where the assigning of these tasks has been conducted contradictory to provisions stipulated in this Act. An appeal against the Agency decision referred to in the previous Paragraph cannot be filed, however administrative proceedings can be initiated. In addition to measures referred to in Paragraph 1 of this Article the Agency may propose to initiate criminal or misdemeanour proceedings at a competent authority. Article 35 The Agency director, deputy director and employees of the Agency s professional service shall consider all personal and other confidential data they come across while performing their duties professionally confidential or as another relevant type of secret, all in accordance with the act establishing data confidentiality. The obligation referred to in Paragraph 1 of this Article continues to apply after the Agency director and deputy director cease to perform their duties or upon their termination of employment in the Agency s professional service.
14 X CRIMINAL PROVISIONS Article 36 A fine of HRK 20, to 40, shall be charged for the following violations: 1. if a processing official exceeds his/her authority or collects personal data for a purpose other than that agreed or discloses them for use to other users or not ensuring the implementation of appropriate personal data protection measures (Article 10, Paragraph 3), 2. if a personal data filing system controller fails to keep records containing basic information about the personal data filing system or if such records are incomplete (Article 14), 3. if a personal data filing system controller or the user fail to ensure adequate personal data protection (Article 18), 4. if the personal data filing system controller, the user or the processing official prevent the Agency from conducting activities referred to in Article 32, Paragraphs 5 and 6 of this Act, 5. if the personal data filing system controller or processing official fail to respect an order or a prohibition issued by the Agency (Article 34, Paragraph 1), 6. if the Agency director, deputy director and employees of the Agency s professional service disclose confidential data they came across while performing their duties (Article 35). The person responsible within the legal person shall also be fined for the violations referred to in Paragraph 1 of this Article in the amount of HRK 10, to 20, XI TRANSITIONAL AND FINAL PROVISIONS Article 37 The Government of the Republic of Croatia shall submit a proposal for the appointment of the Agency director and deputy director to the Croatian Parliament within 60 days from the date this Act enters into force. The Agency shall adopt the Statute within 30 days after the appointment of the Agency director, and submit it for endorsement to the Croatian Parliament. Article 38 The Government of the Republic of Croatia shall adopt regulations referred to in Article 8, Paragraph 4 and Article 15 of this Act within six months following the entry into force of this Act.
15 Article 39 The personal data filing systems and records established prior to the entry into force of this Act shall be harmonized with provisions stipulated by this Act within a year from the date this Act enters into force. Personal data filing system controllers shall submit the records referred to in Article 14 of this Act to the Agency within 18 months from the date this Act enters into force. Article 40 This Act shall enter into force on the eighth day following its publication in the Official Gazette. Classification: /02-01/01 In Zagreb, 12 June 2003 CROATIAN PARLIAMENT President of the Croatian Parliament Zlatko Tomčić, m. p.
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
THE CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the 2729 DECISION ON PROMULGATING THE SECURITY VETTING ACT I hereby promulgate the Security
Important Disclaimer The English language text below has been provided by the Translation Centre of the Ministry for European Integration for information only; it confers no rights and imposes no obligations
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON THE SECURITY INTELLIGENCE SYSTEM OF THE REPUBLIC OF CROATIA
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
Pursuant to Article 89 of the Constitution of the Republic of Croatia, I hereby issue the DECISION PROMULGATING THE ACT ON AMENDMENTS TO THE ACT ON PENSION INSURANCE COMPANIES AND PAYMENT OF PENSIONS BASED
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
THE CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the 2483 DECISION ON PROMULGATING THE DATA SECRECY ACT I hereby promulgate the Data Secrecy
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.
CROATIAN PARLIAMENT 3136 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the DECISION PROMULGATING THE ACT ON AMENDMENTS TO THE COMPANIES ACT I hereby promulgate the
THE CROATIAN PARLIAMENT 3247 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the DECISION PROMULGATING THE PAYMENT SYSTEM ACT I hereby promulgate the Payment System
ACT ON THE CHAMBER OF ARCHITECTS AND CHAMBERS OF ENGINEERS IN CONSTRCUTION AND PHYSICAL PLANNING I. GENERAL PROVISIONS Article 1 (1) This Act regulates the basic structure, area of competence, public authorities
Ministry of Labour and Social Policy LAW ON VOLUNTARY FULLY FUNDED PENSION INSURANCE 1 Table of Contents CHAPTER 1 GENERAL PROVISIONS... 3 CHAPTER 2 VOLUNTARY PENSION FUNDS... 7 CHAPTER 3 PENSION COMPANIES
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
(official gazette Narodne novine, No. 117/2001) NATIONAL PAYMENT SYSTEM ACT I GENERAL PROVISIONS Article 1 This Act shall regulate the functioning of the national payment system. Article 2 "Payment system"
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
In accordance with the Mandatory Pension Funds Act (Official gazette no. 19/2014, hereinafter: Act), the Management of Raiffeisen društvo za upravljanje obveznim i dobrovoljnim mirovinskim fondovima d.d.,
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
LAW ON VOLUNTEERING Official Gazette of Republic of Macedonia no. 85 from 09.07.2007 I. General Provisions Article 1 This Law regulates the volunteering, the conditions and the manner of performing volunteering,
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations
Rector s Directive No. 1/2013 On Data Protection and the Detailed and Uniform Data Management Regulation Budapest, 2013 Version effective as of 31 January 2013 Directives on Data Protection and the Uniform
LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS Podgorica, July 2003 LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS I BASIC PROVISIONS Article 1 Establishing the Protector of Human Rights and Freedoms
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
1 NB: Unofficial translation Personal Data Act (523/1999) Chapter 1 General provisions Section 1 Objectives The objectives of this Act are to implement, in the processing of personal data, the protection
THE REPUBLIC OF ARMENIA LAW ON CIRCULATION OF CREDIT INFORMATION AND ACTIVITIES OF CREDIT BUREAUS Adopted October 22, 2008 Article 1. Subject of Law CHAPTER 1 GENERAL PROVISIONS 1. This law regulates terms
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
CROATIAN PARLIAMENT 2792 Official Gazette 87/08 Based on Article 88 of the Constitution of the Republic of Croatia, I hereby make the DECISION ON THE PROMULGATION OF THE ANTI MONEY LAUNDERING AND TERRORIST
Please note that the translation provided below is only provisional translation and therefore does NOT represent an official document of Republic of Croatia. It confers no rights and imposes no obligations
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:
REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
THE LAW ON NATIONAL COUNCILS OF NATIONAL MINORITIES I. GENERAL PROVISIONS Article 1 This law governs the competences of the national minority councils (hereinafter referred to as the national councils)
ST HELENA (Chapter No. not allocated yet) COMMISSION FOR EQUALITY AND HUMAN RIGHTS ORDINANCE Non-authoritative Consolidated Text This is not an authoritative revised edition for the purposes of the Revised
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
DRAFT BILL Provides for the processing of personal data 1 to guarantee the free development of the natural person's personality and of its dignity. The PRESIDENT OF THE REPUBLIC To be known that the National
LAW FOR PROTECTION OF PERSONAL DATA Prom. SG. 1/4 Jan 2002, amend. SG. 70/10 Aug 2004, amend. SG. 93/19 Oct 2004, amend. SG. 43/20 May 2005, amend. SG. 103/23 Dec 2005, amend. SG. 30/11 Apr 2006, amend.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
27 July 2006 No.152-FZ RUSSIAN FEDERATION FEDERAL LAW PERSONAL DATA (as amended by Federal Law of 25.11.2009 No.266-FZ) Article 1. Scope of This Federal Law Chapter 1. GENERAL Adopted by The State Duma
2836. European Works Councils Act (ZESD) Pursuant to the second indent of the first paragraph of Article 107 and the first paragraph of Article 91 of the Constitution of the Republic of Slovenia, I hereby
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
THE CROATIAN PARLIAMENT 1456 Pursuant to Article 89 of the Constitution of the Republic of Croatia, I hereby issue the DECISION PROMULGATING THE ACT ON SETTLEMENT FINALITY IN PAYMENT AND FINANCIAL INSTRUMENTS
Strasbourg, 27 February 2015 CCPE (2015)1 CONSULTATIVE COUNCIL OF EUROPEAN PROSECUTORS (CCPE) Questionnaire for the preparation of the Opinion No. 10 of the CCPE on the relationship between prosecutors
ARTICLE 1. Subject of the Law R E P U B L I C O F A R M E N I A LAW ON BANKING SECRECY This Law shall define information constituting banking secrecy, legal grounds thereof and procedures for publishing,
THE CROATIAN PARLIAMENT Pursuant to Article 89 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON INVESTMENT FUNDS WITH A PUBLIC OFFERING I hereby promulgate
Republic of Macedonia LAW ON MANDATORY FULLY FUNDED PENSION INSURANCE Table of Contents CHAPTER 1 GENERAL PROVISIONS... 1 CHAPTER 2 PENSION COMPANIES FOR MANAGING PENSION FUNDS... 5 CHAPTER 3 ESTABLISHMENT
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
COMMITTEE OF EXPERTS ON THE EVALUATION OF ANTI-MONEY LAUNDERING MEASURES AND THE FINANCING OF TERRORISM (MONEYVAL) MONEYVAL(2011)4 ANN Croatia Progress report Annexes 1 13 April 2011 1 Second 3 rd Round
Constitutional Law of Human Rights and Freedoms and the Rights of National and Ethnic Communities or Minorities in the Croatia (as amended in May 2000) COMMITTEE FOR LEGISLATION OF THE HOUSE OF REPRESENTATIVES
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
ACCOUNTING AND AUDITING LAW I BASIC PROVISIONS Article 1 This Law shall govern the requirements for and manner of keeping books of account, preparing, presenting, submitting and disclosing financial statements,
Sequa Petroleum N.V. Group Insider Trading Policy 1. Definitions 1.1 The following terms apply: AFM Management Board Company means the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten)
P R O T O C O L of the State Attorney's Office of the Republic of Croatia and the Prosecutor s Office of Bosnia and Herzegovina on Cooperation in Prosecution of Perpetrators of War Crimes, Crimes against
20091051977 ASSEMBLY OF THE REPUBLIC OF MACEDONIA Based on Article 75, paragraphs 1 and 2 from the Constitution of the Republic of Macedonia, the President of the Republic of Macedonia, and the President
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
REGULATIONS OF USING THE ALLVOD.PL SERVICE Regulations of using the ALLVOD.PL service List of content 1. Basic definitions.. p. 2 2. General provisions of the Regulations. p. 3 3. Technical conditions.
PRINCIPLES OF CORPORATE GOVERNANCE FOR SUPERVISED INSTITUTIONS Content of principles I. ORGANISATION AND ORGANISATIONAL STRUCTURE 1. 1 The organisation of a supervised institution should enable meeting
Terms of Reference of the Nomination and Corporate Governance Committee of the Board of Directors of China International Capital Corporation Limited Chapter I General Provisions Article 1 In order to improve