1 Rector s Directive No. 1/2013 On Data Protection and the Detailed and Uniform Data Management Regulation Budapest, 2013 Version effective as of 31 January 2013
2 Directives on Data Protection and the Uniform Rules of Data Management The Rector of the IBS International Business School (hereinafter referred to as the College) determines the order of data managements to be adhered to at the organisational units of the College in accordance with the Act CCIV of 2011 on national higher education (hereinafter referred to as the NHEA - National Higher Education Act), and pursuant to the Act CXII of 2011 on the right of information-related self-determination and the freedom of information (hereinafter referred to as the Data Protection Act) as follows. Section I Objective and Scope of Regulation 1. (1) The objective of this regulation is to determine the statutory order of data management as to be pursued at the College, and to ensure that the requirements of the constitutional principles regarding data protection, information-related self-determination rights and data security be properly enforced. (2) The scope of this regulation shall extend to all and any personal data management activities at the College including the central units and all other organisational units. (3) The provisions and objectives of this regulation are to be strictly respected and adhered to when the policies of the College considering document management and information security are being drawn up and applied. Section II Fundamental Concepts and Principles of Data Protection Personal Data 2. (1) For the purpose of these regulations the personal data shall mean all and any data connected with a particular natural person (hereinafter referred to as the person concerned) and any conclusions that may be drawn from any such data regarding the person concerned. Personal data shall retain this capacity in the course of data management as long as its connection with the person concerned remains restorable. A person may be deemed identifiable, in particular, when he or she directly or indirectly can be identified based on the name, identification number or code, or one or more factors characterising such a person s physical, physiological, mental, economic, cultural or social identity; (2) Personal data mean identifying and descriptive data. (3) Natural and artificial identifying data serve personalization of the person concerned. Natural identifying data are in particular the name, the mother s name, the place and date of birth, and the home address or the residential address. Artificial identification data are generated data based on mathematical or other algorithms, that may be assigned individually and exclusively to any natural person, in particular, the personal identification code, the National Insurance (NI) number, tax payer identification number, identity card number, passport number, college student identification number, identification number rendered to teachers and students by the body responsible for the functioning of the higher education information system (Section III/4 of Annex 3, NHEA). (4) Descriptive data mean any other data considered relevant for the purpose of data management. Descriptive data that are not connected with a definite natural person (such as statistical data) are not considered as personal data. 3. Data Management and Data Processing 4. (1) Data management means any operation with personal data irrespective of the applied procedure (manual or computer based), in particular, data recording, data saving, data modification, data processing, data transmission, and the publication, archiving, filing, discarding or deleting of data. (2) Data processing means the completion of technical tasks related to data management operations, regardless of the techniques and means used to carry out the operations, as well as of the place of application, provided that the technical tasks are done involving the data.
3 (3) The data processor can be an organisational unit or a third party concluding a contract with the College to perform the activities specified in Section (12) on behalf of and following the directions of the data manager. If a third party is assigned with such tasks a written agreement on data processing shall be entered into. Such an agreement may be concluded also as a part of any other contracts. (4) The data processor is not entitled to make any decision on the merits concerning data management, but may process the personal data obtained as directed by the data manager exclusively, and is not allowed to carry out any data processing for its own purposes, additionally it is obliged to store and retain the personal data as ordered by the data manager. Restricted Purposes and Extent of Data Management 5. (1) Personal data management is only allowed for a specific legal purpose, the exercise of rights or for the purpose of performing obligations, to the minimum extent and term as requisite for achieving the target. If the purpose of data management is ceased or the data management becomes otherwise illegal, the data must be deleted. (2) Deletion means making the data unidentifiable so that they cannot be restored at all. The facts related to the deleting or discontinuation of data management shall be recorded. The detailed rules of data deletion are set forth in the Document Management Regulations of the College. Section III Rules of Data Management 6. (1) Personal data can be managed by the College provided that a) the person concerned consented to that in writing or in an electronically recorded form via the uniform central educational system operated for the purpose of research organisation and administration (hereinafter referred to as the Neptun system), or b) it is ordered by the College s regulation under the law or under empowerment by the law. (2) The College may manage data that are needed for the proper functioning of the institution, the exercise of rights and fulfilment of obligations by those enrolling to the college and by the actual students, for the exercise of rights by the institution as employer, for the exercise of rights and the performance of obligations and duties by the employees, for the organisation of training and research, for the maintenance of registers and records as required by the statutes, as well as for the evaluation and verification of eligibility for the allowances or favours granted by the statutes and the policies of the College. (3) The College is entitled to manage the personal data related to employment, the establishment of benefits, allowances and duties and to the execution of the latter, for reasons of national security and for the purpose of managing the registers stipulated in the act on higher education, to the extent required for and bound to the purpose. (4) The College shall manage the employees personal data unless otherwise ordered by a superior statute or the College s document management regulations during the term of employment and after termination for further five years, while the students personal data shall be managed during the term of the student s contract with the College and after termination for further eighty years. (5) Before recording any personal data the person concerned shall be advised of the purpose of data management and whether the data provision is voluntary or obligatory. In the case of obligatory data provision the statute or the College s regulation requiring the data management shall be referred to. (6) The employees performing data management at the organisational units of the College are obliged to treat the personal data becoming known to them confidentially as official secret. Such positions may be taken only by employees signing the declaration of confidentiality.
4 Data Management Register 7. (1) A register shall be maintained on every data management activity at the College (Annex 1). This register shall be drawn up by the leader of each organisational unit responsible for data management. This power may be delegated by the head of the organisational unit. One original of the register shall be retained by the organisational unit executing the data management or data processing, while another original is held by the central administration of the College. The register shall be authenticated by the signature laid by the head of the data managing organisational unit. (2) The register can also be maintained and saved in electronic format. Any such register can be authenticated by the qualified electronic signature of the authorised person. (3) Within the framework of the central statutes and the regulations of the College the register shall regulate and document the major facts and circumstances related to data management in respect of each data management activity and in accordance with the constitutional principles of data protection. These are in particular the following: a) name of data management, b) purpose and designation, c) statutory basis (act, the policy of the College), d) managing person or unit (the organisational unit, the head thereof or the person responsible for data processing, with the name, office, and telephone number), e) persons involved and number of persons concerned, f) sphere of registered data type, g) source of data (the person concerned or another data management), h) data processing method (manual, computer based, combined), i) frequent data management operations made to the data (saving, amendment, updating, sorting, systemising, etc.), j) regular data transmission and typical individual data transmission k) data security measures, l) date of data saving and deleting. (4) The data management registers are closely related to this regulation and form an integral part thereof. (5) The data of the register shall be reviewed and amended by the head of the organisational unit executing the data management especially, when the functions and authorities of the organisational unit are changed, and on the occasion of any other changes (such as a restructuring) to the organisational units. After the data management is terminated the register shall be properly retained as an archived file. Rights of the Person Concerned 8. (1) The person concerned may request information from the competent administrator about the data management on him or her, and may gain access to them. This data inspection shall be ensured so that no any data of any other persons may become known by the person concerned. (2) As a response to the request the data manager shall provide the desired information on the data managed by him/her in writing within 15 days, additionally information shall also be provided on the purpose and legal grounds and the term of data management as well as on who and for what reason received the data. (3) In accordance with Article 12 (1) of the Act CLV of 2009 on the protection of qualified data, the manager of the qualified data may refuse to provide information the person concerned is entitled to in accordance with the act on personal data protection if the public interest forming grounds for qualification was jeopardised by the provision of information to the person involved on the management of such person s personal data. (4) In the case of changes in the data or if inaccurate recording of the data is noticed the person concerned may request the rectification or correcting of the data affected. The data manager is obliged to correct the inaccurate data within two business days. (5) In the case of data management based on non-obligatory data provision the person concerned may request the deleting of his or her managed data without reasoning. The data must be deleted within two business days.
5 9. The person concerned may turn to the head of the competent organisational unit (head of the centre) if his or her rights related to data management are offended. The Rector of the College shall settle any disputes between the person affected and the head of the organisational unit. Section IV Data Publication 10. (1) Personal data may be disclosed to any third party within the framework of data transmission or publication. (2) Data transmission shall mean the disclosure of data to a specific third party. Data transmission may be implemented by the inspection of data management or by the issuance of an excerpt. (3) Data transmission to abroad shall mean the transfer of data to any (third) country outside the European Economic Area (EEA). Data transmission in the member states of the EEA shall be considered as inland data transmission. (4) Disclosure shall mean making any data accessible to anyone. Data transmission within the institution 11. (1) The personal data managed by the College may be transferred within the organisational system of the College to the extent and for a period of time required for the performance of any duties to an organisational unit which needs any such data for the execution of duties specified in the relevant statutes or in the College s regulations or for the implementation of administrative or organisational duties for the purpose of contact keeping with the former students. (2) Data transmission within the institution shall be recorded as a fact, provided that the data transmission is beyond the regular official practice of the College (specific data transmission). Specific data transmission shall mean especially any data transmission related to the changes to the duties of any individual organisational units or any data transmission involving at least 10% of the data files managed by a particular organisational unit. (3) In addition to Subsection (3) above, the fact of data transmission within the institution shall be recorded, provided that it is expressly requested by the organisational unit either requesting or transferring the data. (4) If the Subsections (2) and (3) are applied the following facts are to be recorded: a) name of data management, b) purpose of data transmission, c) date of data transmission, d) legal grounds (law or the College s regulation), e) name, position, organisational unit, telephone number, address of the employee performing the data transmission, f) sphere and number of persons involved in data transmission, h) sphere of transmitted data, i) data transmission method (manual, computer based or combined), j) applied data security measures. (5) The first original of the record shall be retained at the place of data management, while the second original shall be forwarded to the Legal Office of the College for the purpose of filing as an attachment to this regulation. The records shall be retained for a period of ten years. (6) In the cases set forth in Subsections (2) and (3) the data transmissions are not required to be recorded, if the fact of the same is put down in writing otherwise in an authentic (filed) manner, provided that the items specified in the Subsections (4) a) to j) are included in any such document. Data transmission upon an external request 12. (1) Any requests for the disclosure or publication of any data received from a body or private person outside the College may be fulfilled solely when the person concerned consents the disclosure or publication of his or her data in writing or in a format electronically recorded. Any such consents may be granted by the person concerned also in advance, and this consent may be applicable for a period of time or for the specific sphere of the requesting body.
6 (2) Regardless of the declaration by the person concerned the data transmissions must be fulfilled in the following cases: a) if the data are required for the performance of duties related to the institution maintaining management of the College by the managing body, b) if data are required by the court, the police, the public prosecutor s office, the bailiff or the public administration bodies for the judgement of certain matters, and c) if any data are required by the national security agencies, d) relevant to all data transferred by the body responsible for the operation of the higher educational information system, e) the requests by the Student Loan Centre in respect of data concerning the studies, f) if called for by the law with the exception of Subsections a) to f). (3) The data request must not be fulfilled if the lawfulness is impossible to be established out of consideration for the deficient or incomplete data content of a data request or consent by the person concerned, or any other circumstances. (4) The head of the organisational unit involved shall notify the Rector of the College of any data requests by the national security agencies. The Rector may resort to a complaint with non-deferring effect addressed to the competent minister against any such requests. (5) The person concerned, or any other persons or organisations may not be notified of the request received from the national security agencies, or of data relevant to data inspection including the fact of request or inspection or of the measures taken. (6) The facts and circumstances relevant to the data provision fulfilled upon the request are to be documented by taking records. Any such records shall include the following: a) name, postal address and telephone number of the body or person initiating the request, b) purpose or objective of the data request, c) statutory grounds for the data request, or the declaration of consent by the person concerned, d) date of data request, e) name of data management serving as basis for the data provision, f) name of the organisational unit implementing the data provision, g) sphere of persons concerned, h) sphere of data requested, i) method of data transmission, j) data security measures applied. (7) The first original of the records on the data request shall be retained by the responsible data manager, while the second original shall be retained by the Legal Office of the College. The records shall be retained for a period of ten years. (8) No recording of data transmissions is needed, the fact of which is documented otherwise in an authentic manner, provided that the document includes the items specified in the Subsections a) to j) (6) above. Therefore no recording of the requests are required when the request is received in writing, the request is filed by the competent organisational unit, and the data transmission is implemented in a filed written document. (9) The fact of data transmissions shall be recorded so that the organisational unit can establish the data transmissions relevant to a particular person concerned and can meet the requirement of information provision as set forth in Subsection 8 (2) above (data transmission register). Data transmission to abroad 13. (1) In the case of data management when data transmission to abroad or to any member state of the EEA is to be counted with, the attention of the persons concerned shall be drawn to this circumstance prior to the data recording. In the lack of a written consent by the person concerned no personal data may be transferred to abroad unless ordered by the law, provided that in the country involved the data security is ensured properly. (2) No data request received from abroad may be fulfilled the lawfulness of which is impossible to be established out of consideration for the deficiency of data request or incompleteness of the consent granted by the person concerned. (3) The facts and circumstances relevant to data provision to abroad are to be documented by taking records. Any such records shall include the following:
7 a) name, postal address and telephone number of addressee requesting data transmission, b) purpose and objective of data transmission, c) statutory grounds for the data transmission, or the declaration of consent by the person concerned, d) date of data transmission, e) name of the organisational unit performing the data transmission, f) sphere of persons involved, h) sphere of transmitted data, i) data transmission method (4) The first original of the records on data transmission to abroad shall be retained at the place of data management, while the second original shall be retained by the Legal Office of the College. The records shall be retained for a period of ten years. (5) No recording of data transmissions is needed, the fact of which is documented otherwise in an authentic manner, provided that the document includes the items specified in the Subsections a) to h) (3) above. Therefore no recording of the requests are required in particular when the request is received in writing, the request is filed by the competent organisational unit, and the data transmission is implemented in a filed written document.
8 Order of data transmission 14. (1) If the conditions for data transmission obviously exist, the person in charge of data management shall perform the data transmission in accordance with the provisions set forth in Subsections 11 to 13. (2) Should any doubt as for the rightfulness of data transmission emerge, the official in charge of data management shall notify the responsible manager of the organisation performing the data management without delay about the receipt of request for data transmission under Subsections 11 to 13. The head of the organisational unit shall investigate relying on the available information whether the conditions for the data transmission exist or the request is feasible and if necessary further information is provided. (3) In the case of the provisions set forth in Subsection (2) the head of the organisational unit receiving the request shall make a decision on the fulfilment of requests, if necessary, respecting the position taken by the designated responsible body or person within 15 business days. The data requesting party may submit to the secretary general a complaint against the decision in writing within 15 days and the secretary general shall decide, within 15 days, on whether the data can be transmitted. (6) Should the conditions of data transmission exist, the data shall be provided to the requesting body. The costs related to the data transfer shall be borne by the requesting body. The head of the organisational unit carrying out the data management shall arrange for and ensure the taking of the records on the data transfer. Publication of Personal data 15. Publication of personal data managed at the College shall be forbidden unless ordered by law or consented by the person concerned. This prohibition shall not apply to the display of names and examination results in the building in respect of students taking the entrance examination or students taking any examinations conforming the practice at the College. The statistical data relevant to the College also based on personal data can be published without restrictions. Section V Data security rules 16. (1) Data security rules and measures are intended to protect the data and data carriers and prevent any unauthorised access thereto, or any unauthorised changes, transfer, publication, deleting or demolition, as well as to protect them against any accidental destruction and damaging, additionally against becoming inaccessible due to changes to the applied technology. (2) To ensure the security of personal data all and any necessary measures must be taken both in the case of manually managed and those saved and processed by the computer. The individual data security measures are recorded in the data management register. Data stored on computer (automated data processing) 17. (1) In the course of automated processing of the personal data the College shall ensure a) that any unauthorised data entry shall be prevented, b) the use of the automatic data processing system by unauthorised persons, with the use of data transmission devices, c) the verifiability of which personal data were entered in the automatic data processing system by whom and when, and to which bodies the personal data were or can be transmitted by means of data transmission devices, d) the restoration of installed systems in the case of a breakdown of the systems and that any mistakes or faults that may emerge shall be reported. (2) When the measures intended to ensure data security are determined and applied the, at all time, actual advancements of technology shall be respected. From among the possible data management solutions the one, which ensures a higher standard of protection to personal data, shall be selected, unless they would entail disproportionately great difficulties to the data manager.
9 (3) The Information security regulations of the College stipulate the detailed rules on data security. Manually managed data 18. (1) For the security of manually managed personal data the following measures are to be implemented (see further details in the Document management regulations): a) Fire and property protection: Documents to be managed in the archives are to be stored in a securely locked and dry room, where fire and property protection alarm system is also installed. b) Access control: Only the authorised officials in charge may access to the documents in continuously active use. Personnel, payroll and employment related documents are to be stored in a metal-plate cabinet, while the study contract documents are to be stored separately, in a securely locking room, in locking metal-plate cabinets. c) Archiving: Archiving of documents shall take place in accordance with the College document management and rejecting regulations, following the archiving schedule. Section VI Data protection controlling system 19. (1) Observance of regulations on data protection, in particular, the specifications of this regulation are continuously controlled by the head of the organisational units performing data management and data processing. (2) If any acts against laws is detected or found, the head of the organisational unit shall take steps and actions to eliminate such circumstances without delay. Miscellaneous and Closing Provisions 20. (1) This regulation in a uniform structure shall enter into force on 31 January in 2013, in the form of the Rector s Directive. When this regulations becomes effective all other internal rules and regulations issued in this subject matter beforehand shall become void. (2) This regulations shall be applied in the scope of data managed by the Students Representation for which the leaders of the IBS Student Self-Government shall be responsible. The IBS Student Self- Government shall be obliged to accept jurisdiction of this regulation, and accordingly, the Chairman of the Self-Government shall acknowledge understanding of the content of this regulation and the acceptance as binding to the IBS Student Self-Government by signing the clause of the regulation. Budapest, 30 January 2013 IBS International Business School Dr. László Láng Rector Clause: This data protection regulation in uniform structure applicable to the institution shall be accepted by the IBS Student Self-Government as binding and governing relevant also to the data collected and/or managed in the scope of its functions, and the provisions of the regulation shall be adhered to accordingly it the course of its actions the IBS Student Self-Government shall cooperate with the leaders and organisational units of the College involved in data protection. Budapest, 30 January 2013
10 IBS International Business School Chairman of the IBS Student Self-Government as legal representative
11 Annex 1 Data management register Name of Data management: 1. Organisational unit 2. Purpose of data management 3. Statutory basis of data management: 4. Responsible leader of data management: 5. Name and position of persons authorised to access: 6. Sphere and number of persons..persons concerned: 7. Sphere of data registered: Identifying data Descriptive data 8. Data sources: Identifying data Descriptive data 9. Data processing method Manual processing Detailed description Mechanical processing Combined processing 10. Place of data processing (To be filled in only if differs from the organisational unit responsible for data management.) 11. Data management operations Data collecting and recording Data storage Systematizing Sorting Transmission Publication Deletion Other operations:..
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
BOC Credit Card (International) Limited - Terms and Conditions for Online Services These terms and conditions are applicable to all users of the Online Services and govern the use of the Online Services,
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
Terms and Conditions for Online Services of BOC Credit Card (International) Limited Online Services of BOC Credit Card (International) Limited ("BOCCC") are provided to you by Bank of China (Hong Kong)
SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001
ICM Brokers PROFILE SECTION Company name: Company address: City and country: Web address: Nature of business: Title: Mr Miss Mrs Other First name: Second name: Family name: Date of birth: (dd/mm/yy) Nationality:
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
GENERAL CONDITIONS OF PURCHASE Article 1: Subject 1.1 The following general conditions of purchase (the "General Conditions") establish the contractual conditions governing the purchase of raw materials,
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
GENERAL TERMS AND CONDITIONS OF PURCHASE of EGSTON Eggenburger System Elektronik Gesellschaft m.b.h. and EGSTON System Electronic spol. s.r.o. (hereinafter referred to as "EGSTON") Table of contents Clause
USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
BERMUDA 1999 : 26 ELECTRONIC TRANSACTIONS ACT 1999 [Date of Assent 5 August 1999] [Operative Date 4 October 1999] ARRANGEMENT OF SECTIONS 1 Citation PART I PRELIMINARY 2 Definitions 3 Crown to be bound
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
Swedbank, AB payment services provision conditions 1. TERMS 1.1. Terms used in these Swedbank, AB Payment Services Provision Regulations have the following meanings: 1.1.1. Personal Data means any information
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
Standard conditions of purchase 1 OFFER AND ACCEPTANCE 2 PROPERTY, RISK & DELIVERY 3 PRICES & RATES The Supplier shall provide all Goods and Services in accordance with the terms and conditions set out
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
RS Official Gazette, no. 25/2015 Pursuant to Article 42, paragraph 9 and Article 43, paragraph 8 of the Law on the Protection of Financial Services Consumers (RS Official Gazette Nos 36/2011 and 139/2014)
Code of Conduct For Subscribers WHEREAS: A. The Bureau is in the business, amongst others, of producing credit reports B. Subject always to Credit Reporting Agencies Act 2010 and any other applicable legislation,
492 ACT ON PAYMENT SERVICES The full text of Act No 492/2009 Coll. on payment services and on amendments to certain laws, as amended by Act No 130/2011 Coll., Act No 394/2011 Coll., Act No 520/2011 Coll.,
CREDIT REPORTING BILL EXPLANATORY NOTES INTRODUCTION These explanatory notes are intended as a guide to the proposed new Act. They are not meant as a substitute for a careful reading of the Bill itself.
TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING 1. TERMS AND DEFINITIONS 1.1. Authorisation is a query to check Card validity and availability of corresponding funds on the Card s account. 1.2. Card means
Regulations on Real Time Gross Settlement System (RTGS) Approved by the Order of the President of National Bank No. 135 of June 12, 2003 Article1. General Provision 1. Purpose of this document is to regulate
Mid Carolina CU Internet Online Banking Services Terms and Conditions This Agreement is the contract which covers your and our rights and responsibilities concerning the Home Banking services offered to
QUO FA T A F U E R N T BERMUDA ELECTRONIC TRANSACTIONS ACT 1999 1999 : 26 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Citation Definitions Crown to be bound Objects Regulatory policy
UBS Electronic Trading Agreement Global Markets Version: 1.1 November 2014 I. UBS ELECTRONIC TRADING AGREEMENT 1.1 UBS Limited ( UBSL ) provides an electronic trading service, which enables certain clients
ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the
Filed with the Rotterdam Chamber of Commerce in Rotterdam on 26 March 2009 under number 24117094. Internet: www.drvcf.nl Offices in: Rotterdam Hoofdweg 52 P.O. Box 8560-3009 AN Rotterdam, Netherlands Telephone:
ANNEX 1. LAW ON PERSONAL DATA PROTECTION UNOFFICIAL TRANSLATION 1 PARLIAMENT OF THE REPUBLIC OF MACEDONIA Pursuant to Article 75, Paragraphs 1 and 2 of the Constitution of the Republic of Macedonia, the
Page 1 of 9 GRTGAZ NETWORK TRANSMISSION CONTRACT APPENDIX A3 STANDARD EVIDENCE AGREEMENT English translation for information. Disclaimer The present translation is not binding and is provided by GRTgaz
QUICKSSL PREMIUM(tm) SUBSCRIBER AGREEMENT Please read the following agreement carefully. By submitting an application to obtain a QuickSSL Premium(tm) Certificate and accepting and using such certificate,
Data Protection Policy 1. Preamble The highest level of personal data protection is particularly important for KCG Partners Law Firm. The purpose of this Data Protection Policy is to inform the visitors
ERSTE BANK HUNGARY ZRT TERMS AND CONDITIONS APPLICABLE TO CREDIT INSTITUTIONS Effective from: 01 September 2014 1. General Provisions 1.1. These Terms and Conditions (hereinafter TC ) apply to all correspondent
APPENDIX 3.13 SCC ARBITRATION RULES OF THE ARBITRATION INSTITUTE OF THE STOCKHOLM CHAMBER OF COMMERCE (as from 1 January 2010) Arbitration Institute of the Stockholm Chamber of Commerce Article 1 About
RULES OFTHE COURT OF ARBITRATION IN MATTERS CONCERNING INTERNET DOMAIN NAMES AT THE POLISH CHAMBER OF INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS The following provisions constitute the Rules Court of
HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (95) 4 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA IN THE AREA OF TELECOMMUNICATION SERVICES, WITH PARTICULAR
SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM) Contents 1 Definitions... 3 2 Singapore Power Supplier Relationship Management System (SPSRM)... 5 3 Security, Access and Use of SPSRM...
Schedule 1 General Details Agreement Date Customer Customer ABN Customer Address Commencement Date As per the date the Customer began paying the Escrow Service Fee product as defined in the Master Agreement.
THE BUDAPEST STOCK EXCHANGE LTD. REGULATIONS ON THE TECHNICAL CONNECTION TO THE BETA MARKET TRADING SYSTEMS Reference no. of CEO resolution(s) Effective date: to go into effect: 1/BÉTa/2011 (2011. november
ARBITRATION RULES OF THE COURT OF ARBITRATION AT THE POLISH CHAMBER OF COMMERCE Chapter I Introductory provisions 1 Court of Arbitration 1. The Court of Arbitration at the Polish Chamber of Commerce (the
1. GENERAL PROVISIONS 1.1 Agreement for credit card with fixed payment (hereinafter the Agreement) regulates the rights and obligations for using a credit card issued by (hereinafter the Bank). 1.2 A credit
1 Interpretation 1.1 In these Conditions: THE SERVICE PROVIDER means Cutec Remote Backup Terms and Conditions THE SERVICE PROVIDER S STANDARD CHARGES means the charges shown in the Order Sheet or other
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
The Union of Myanmar The State Peace and Development Council The Electronic Transactions Law ( The State Peace and Development Council Law No. 5/2004 ) The 12th Waxing of Kason 1366 M.E. (30th April, 2004)
Rev. 4/2015 Commercial Internet Banking Agreement and Disclosures 1. Coverage. This Agreement applies to your use of our commercial Internet Banking Service, which permits you to access your accounts with
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
THE SUSTAINABLE ENERGY AUTHORITY OF IRELAND PURCHASE ORDER TERMS AND CONDITIONS OF PURCHASE WHEREAS The Sustainable Energy Authority of Ireland (hereinafter called SEAI ) of Wilton Park House, Wilton Place,
Conditions of Supply of Internet Services Terms and Conditions for domain name registrations Print this page. The Kirby Group Registration Agreement In this registration agreement ('Agreement'), the terms
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
HICAPS Provider Agreement Terms and Conditions This agreement is made up of this booklet and the HICAPS Provider Agreement Details. HICAPS Pty Limited ABN 11 080 688 866 Terms and Conditions 1. Interpretation
Electronic Funds Transfer Agreement and Disclosures ELECTRONIC FUNDS TRANSFER AGREEMENT AND DISCLOSURES Agreement 1. Issuance of Card or Personal Identification Number. In this Agreement and Disclosures
COLUMBIA CREDIT UNION ELECTRONIC FUNDS TRANSFERS AGREEMENT AND DISCLOSURE Business Accounts This Agreement is the contract that covers your and our rights and responsibilities concerning Electronic Fund
Rules and Regulations MCB MasterCard Platinum Debit Card 3 MCB MasterCard Platinum Debit Card Rules & Regulations 1. Definition In this agreement: Account or Bank Account means the bank account to which
Business Banking Online application. This application will register you to Business Banking Online and allow you to: Access accounts held by ONE company or business entity Process Credit Direct Entry file
Introducing Broker Agreement If you are in full agreement with the document, kindly return the signature page at the end of the documents Brokersclub Limited is a limited liability company registered in
LIBERTY BANK ONLINE BILL PAYMENT ( BILL PAYMENT SERVICE ). 1. USING THE BILL PAYMENT SERVICE As used in this Agreement, the term Payee means the person or entity to whom you wish a bill payment to be directed;
INSTRUCTIONS: To activate this service, read agreement and sign the Signature Page, and return it to CBIA. CBIA COBRA / State Continuation Services 350 Church Street Hartford, CT 06103-1126 In addition,
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
ISTANBUL ARBITRATION CENTRE ARBITRATION RULES Section I INTRODUCTORY PROVISIONS ARTICLE 1 The Istanbul Arbitration Centre and the Board of Arbitration 1. The Istanbul Arbitration Centre is an independent
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate
27 July 2006 No.152-FZ RUSSIAN FEDERATION FEDERAL LAW PERSONAL DATA (as amended by Federal Law of 25.11.2009 No.266-FZ) Article 1. Scope of This Federal Law Chapter 1. GENERAL Adopted by The State Duma
227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
Identity Cards Act 2006 CHAPTER 15 Explanatory Notes have been produced to assist in the understanding of this Act and are available separately 6 50 Identity Cards Act 2006 CHAPTER 15 CONTENTS Registration
LAW ON PAYMENT SERVICES Part I INTRODUCTORY PROVISIONS Subject matter Article 1 This Law regulates the conditions and manner of providing payment services, electronic money, payment systems and supervision
Public Audit (Wales) Act 2004 CHAPTER 23 CONTENTS PART 1 AUDITOR GENERAL FOR WALES New functions of the Auditor General for Wales 1 Transfer of functions of Assembly 2 Additional functions of Auditor General
Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED
APPROVED BY the CSDL Board meeting on October 19, 2007 Minutes No. 4 THE RULES ON THE SECURITIES SETTLEMENT SYSTEM OF THE CENTRAL SECURITIES DEPOSITORY OF LITHUANIA I. GENERAL PROVISIONS 1. The Rules on
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
1 SMDG-Interchange EDI - Understanding This draft is the result of work carried out by a SMDG-Subgroup. It was set up mainly on TEDIS drafts (May 1991/January 1994) but ideas and comments of EDI Council