1 Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan Kasumigaseki Chiyoda-ku, Tokyo Japan Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing Oversight Board Government of Japan Kasumigaseki Chiyoda-ku, Tokyo 11 June 2014 SUBJECT: EXCHANGE OF LETTERS BETWEEN THE NETHERLANDS AUTHORITY FOR THE FINANCIAL MARKETS AND THE FINANCIAL SERVICES AGENCY AND CERTIFIED PUBLIC ACCOUNTANTS AND AUDITING OVERSIGHT BOARD OF JAPAN ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS Dear Mr. Hatanaka and Dr. Chiyoda: 1. The Netherlands Authority for the Financial Markets ( AFM ) and the Financial Services Agency of Japan ( JFSA ) and Certified Public Accountants and Auditing Oversight Board ( CPAAOB ) recognise the need for the exchange of information and mutual cooperation in matters related to the oversight of Auditors subject to the regulatory jurisdictions of both the AFM and the JFSA/CPAAOB. Cooperation would be mutually beneficial with a view to ensuring the soundness of the securities markets and the investor protection in both jurisdictions. It is especially acknowledged that enhancing the exchange of information between the Authorities is important in view of the globalization of financial markets and the increasing cross-border activities in securities transactions. 2. The Authorities recognise the need for mutual cooperation in matters related to the oversight of Auditors that are subject to the regulatory jurisdictions of both Authorities and who provide an audit report concerning the annual or consolidated accounts of a company with securities issued or traded on a market in the other Authority s regulatory jurisdiction. The purpose of this Letter is to facilitate further mutual cooperation between the Authorities based on the letters exchanged between the Authorities in March 2013 to the extent permitted by their respective national laws in the area of public oversight of such Auditors. The Letter from the AFM to the JFSA/CPAAOB dated 26 March 2013 is replaced by this Letter. 3. In this context, the Authorities:
2 - Recognise that the European Commission has decided upon the equivalence referred to in Article 46(1) of the Directive 2006/43/EC in respect of Japan 1 and that the conditions under which the requirements of Article 45(1) and (3) will be disapplied or modified must be set in a cooperative arrangement as referred to in Article 46(3) of the Directive 2006/43/EC between the Member State and Japan and communicated to the Commission; - Recognise that the European Commission has decided upon the adequacy referred to in Article 47, paragraph 1(c) of the Directive 2006/43/EC in respect of Japan in the Commission Decision of 5 February 2010 on the adequacy of the competent authorities of certain third countries pursuant to Directive 2006/43/EC of the European Parliament and of the Council; - Recognise that the JFSA/CPAAOB has decided on 9 July 2013 that the audit and public oversight systems for Auditors in the Netherlands are equivalent to the corresponding systems in Japan; - Recognise that the letters were exchanged between the Authorities in March 2013 to ensure that necessary information can be provided by both Authorities to the extent permitted by their respective national laws in the area of public oversight of such Auditors; and - Recognise that through this Letter, the Authorities agree to provide mutual cooperation in a reciprocal manner. 4. With regard to the exchange of information, the Authorities: - Acknowledge the Certified Public Accountants Act ( CPA act ) in Japan under which the JFSA/CPAAOB in certain conditions is allowed to transfer to the AFM information relating to Auditors that fall within the regulatory jurisdiction of both Authorities; - Acknowledge the Wet toezicht accountantsorganisaties ( Wta ) in the Netherlands which allows the AFM under certain conditions to transfer to the JFSA/CPAAOB information relating to Auditors that fall within the regulatory jurisdiction of both Authorities; - Recognise that the transfer of personal data from the AFM to the JFSA/CPAAOB has to be in accordance with the Wet bescherming persoonsgegevens implementing Directive 95/46/EC, and in particular Chapter IV of Directive 95/46/EC; and - Recognise that the transfer of personal data from the JFSA/CPAAOB to the AFM has to be in accordance with the Act on the Protection of Personal Information Held by Administrative Organs. 1 Commission Decision of 19 January 2011 on the equivalence of certain third country public oversight, quality assurance, investigation and penalty systems for auditors and audit entities and a transitional period for audit activities of certain third country auditors and audit entities in the European Union; Member States may disapply or modify on the basis of reciprocity the requirements of Article 45(1) and (3) in relation to the auditors and audit entities of the third country or territory.
3 5. This Letter does not create any binding legal obligations, nor does it modify or supersede any Laws or regulations in the Netherlands or Japan. This Letter does not give rise to a right on the part of the AFM, the JFSA/CPAAOB or any other governmental or nongovernmental entity or any private person to challenge, directly or indirectly, the degree or manner of cooperation between the AFM and the JFSA/CPAAOB. 6. The Authorities have confirmed the framework for the protection of personal data which consists of the Exchange of Letters and the attached Annex: Framework between the AFM and the JFSA/CPAAOB on the transfer of certain personal data. I DEFINITIONS 7. For the purpose of this Letter, Auditor means a natural person or an audit firm that is subject to an Authority s regulatory jurisdiction in accordance with the Wta and the CPA act; Authority or Authorities means the AFM and/or the JFSA/CPAAOB; Information means public and non-public information which includes but is not limited to (1) the outcome of Inspections and Investigations, including information on firm-wide quality control procedures and engagement reviews, and (2) audit working papers or other documents held by Auditors, provided that the information relates to matters that are subject to the regulatory jurisdictions of both Authorities; Inspections refers to external quality assurance reviews of Auditors generally undertaken on a regular basis with the aim of enhancing audit quality; Investigations refers to non-criminal investigations in response to a specific suspicion of infringement or violation of laws, rules or regulations related to audit oversight; Laws or regulations means any laws, rules or regulations in force in the respective countries of the Authorities. II COOPERATION Exchange of information 8. Cooperation may include the exchange of Information between Authorities for the purposes permitted or required by Laws or regulations on public oversight, Inspections, and Investigations of Auditors. 9. The Authorities acknowledge that under Dutch law Auditors are not allowed to transfer non-public information directly to the JFSA/CPAAOB, but shall transfer such information through the AFM. 10. In cases where non-public information requested may be maintained by, or available to, another Authority within the country of the requested Authority, the Authorities will endeavour to provide the information requested, to the extent permitted by Laws or regulations in their respective countries.
4 11. The Authorities will use their best endeavours to notify each other, prior to or immediately after taking any significant public oversight measures, in respect to relevant Auditors that are registered/notified or seek registration/notification in the other country. 12. This Letter does not prohibit the Authorities from taking measures with regard to the oversight of Auditors that are different from or in addition to the measures set forth in this Letter. In all instances the Authorities will endeavour to notify each other prior to or immediately after taking any significant public oversight measures. Mutual reliance 13. The Authorities will rely on the oversight of the Auditors in their home country and therefore refrain from public oversight activities (other than the registration of an Auditor) 2, Inspections, and Investigations with respect to Auditors from the other country: a) to the extent permitted by their respective national Laws or regulations; and b) except for circumstances where there is no certainty that material information would be provided under the terms of this Letter, or or when the preconditions set out in paragraph 3 are not likely to be fulfilled. Requests for information 14. Requests will be made in writing (including ) and addressed to the contact person of the requested Authority. 15. The requesting Authority should specify the following: (a) the Information requested; (b) the purposes for which the Information will be used; (c) the reasons why the Information is needed and, if applicable, the relevant provisions that may have been violated; (d) an indication of the date by which the Information is needed; (e) to the best of the knowledge of the requesting Authority, an indication of whether the Information requested might be subject to further use or disclosure under paragraphs 20 to 25. Execution of requests for information 16. Each request will be assessed on a case by case basis by the requested Authority to determine whether information can be provided under the terms of this Letter. Each Authority will endeavour to provide a prompt and adequate response to information requests from the other Authority. In order to avoid unnecessary delay, the requested Authority will provide appropriate parts of the requested information as they become 2 The registration of an Auditor will continue to follow the procedures required in each country.
5 available. In any case where the request cannot be met in full within the desired time period, the requested Authority will inform the requesting Authority accordingly and will consider whether other relevant information or assistance can be given. 17. The requested Authority may refuse to act on a request where: (a) it concludes that the request is not in accordance with this Letter; (b) acceding to the request would contravene Laws or regulations of the requested Authority s country; (c) it concludes that it would be contrary to the public interest of the requested Authority's country for assistance to be given; (d) the provision of information would adversely affect the sovereignty, security or public order of the requested Authority s country; or (e) judicial proceedings have already been initiated in respect of the same actions and against the same persons before the Authorities of the country of the requested Authority. 18. The requested Authority will promptly inform the requesting Authority of the reasons why it refuses to act on a request made under this Letter. 19. Communication between the Authorities will be in English. If the requested Authority needs to provide information and/or documents in a language other than English, the requested Authority will inform the other Authority to that effect in advance. When information and/or documents provided are in a language other than English, the requesting Authority bears the costs of translation. III CONFIDENTIALITY 20. Each Authority will keep confidential all non-public information received or created in the course of cooperation, to the extent consistent with its laws and/or regulations. Article 63a of the Wta in the Netherlands and Article 100 of the National Public Service Act in Japan respectively bind employees and the former employees of the Authorities to official secrecy or restrict the disclosure of information provided in respect of audit regulation and oversight. The confidentiality prescribed in this Letter should also apply to all persons who are or have been involved in the governance of the Authorities or otherwise associated with the Authorities. IV USE OF NON-PUBLIC INFORMATION 21. The Authorities may use the non-public information received only for the exercise of their functions of public oversight, Inspections or Investigations of Auditors. If any Authority intends to use the non-public information received or created in the course of cooperation for any purpose other than those stated in the request under paragraph 15, it must obtain the prior written and specific consent of the requested Authority. If the
6 requested Authority consents to the use of the non-public information for a purpose other than that stated, it may subject it to conditions. V EXCEPTIONS TO CONFIDENTIALITY 22. In the event an Authority is required to disclose the non-public information received in order to comply with its obligations under its domestic laws and/or regulations or by a court order, it will provide reasonable advance written notice to the other Authority prior to its disclosure, stating the reasons as to why the Authority is required to disclose such information. 23. If the other Authority objects to the disclosure referred to in paragraph 22, the Authority will make its best efforts to resist the disclosure of the non-public information and will provide assistance to the objecting Authority in its own efforts to resist disclosure. 24. Information received should not be used in criminal proceedings carried out by a court or judge, including as evidence in criminal court. In the case that such use is needed by law, an additional request must be made in accordance with procedures prescribed in the relevant law for international mutual assistance in a criminal investigation. 25. An Authority that intends to disclose to a third party any non-public information received or created in the course of cooperation, other than in cases referred to in paragraph 22, must obtain the prior written and specific consent of the Authority which provided the information. The Authority which intends to disclose this information should indicate the reasons and the purposes for which the information would be disclosed. The requested Authority may make its consent to the disclosure of the non-public information subject to conditions. VI THE TRANSFER OF PERSONAL DATA 26. This Letter is subject to the maintenance of a framework which provides an adequate level of protection on the transfer of personal data as set forth in the Annex to this Letter. VII OTHER 27. No Authority is obligated under this Letter to cooperate with the other Authority in any particular circumstance. 28. The Authorities will, at the request of either Authority, consult on issues related to the matters covered by this Letter, and otherwise exchange views and share experiences and knowledge gained in the discharge of their respective duties to the extent consistent with their respective laws and regulations. The Authorities also express their willingness to hold a dialogue or exchange views about matters of common interest and concern as appropriate, with a view to deepening mutual understanding between the Authorities. 29. The Authorities may consult informally, at any time, about a request or proposed request or about any information provided.
7 30. The Authorities may consult and revise the terms of this Letter in the event of a substantial change in the laws, regulations or practices affecting the operation of this Letter, or if the Authorities themselves wish to modify the terms of their cooperation. 31. The terms and conditions stated in this Letter do not apply to publicly available information. VIII DURATION 32. The cooperation under this Letter will be commenced from the date of signature. 33. The cooperation under this Letter may be terminated by either Authority at any time upon giving at least thirty days prior written notice to the other Authority. If either Authority gives such notice, the cooperation under this Letter will continue with respect to all requests that were made before the effective date of notification until the requesting Authority terminates the matter for which assistance was requested. The Authorities will continue to maintain as confidential, consistent with sections III and IV, any information and/or documents exchanged pursuant to this Letter. Yours Sincerely, Merel van Vroonhoven Chair Netherlands Authority for the Financial Markets P.O. box GS, AMSTERDAM The Netherlands Gerben Everts Board Member Netherlands Authority for the Financial Markets P.O. box GS, AMSTERDAM The Netherlands
8 ANNEX: FRAMEWORK BETWEEN THE AFM AND THE JFSA/CPAAOB ON THE TRANSFER OF CERTAIN PERSONAL DATA 3 The Netherlands Authority for the Financial Markets ( AFM ) and the Financial Services Agency of Japan ( JFSA ) and Certified Public Accountants and Auditing Oversight Board ( CPAAOB ) - Recognising that the transfer of personal data from the AFM to the JFSA/CPAAOB has to be in accordance with the Wet bescherming persoonsgegevens implementing Directive 95/46/EC, and in particular Chapter IV of Directive 95/46/EC; - Recognising that the transfer of personal data from the JFSA/CPAAOB to the AFM has to be in accordance with the Act on the Protection of Personal Information Held by Administrative Organs; have concurred on the following Framework. I. DEFINITIONS For the purpose of this Framework: Auditor means a natural person or an audit firm that is subject to an Authority s regulatory jurisdiction in accordance with the Certified Public Accountants Act in Japan and the Wet toezicht accountantsorganisaties in the Netherlands; Authority or Authorities means the JFSA and/or the CPAAOB in Japan and/or the AFM in the Netherlands; Controller means, in the case of Personal data processed in the Authority of the home jurisdiction of the data subject and transferred to the other Authority, the other Authority which alone or jointly determines the purposes and means of the processing of Personal data; Data Protection Directive means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of Personal data and on the free movement of such data; Exchange of Letters ( EoL ) means the document by that name, dated 11 June 2014, and exchanged by the Authorities to facilitate cooperation and the exchange of information; Laws or regulations means any laws, rules or regulations in force in the respective countries of the Authorities; Personal data means any information transferred from the other Authority relating to an identified or identifiable natural person ( data subject ); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity; 3 The Appendices to this Annex will not be made public.
9 Processing of Personal data ( processing ) means any operation or set of operations which is performed upon Personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; Processor means a natural or legal person, public authority, agency or any other body which processes Personal data on behalf of the Controller; Sensitive data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and data concerning health or sex life and data relating to offences, criminal convictions or security measures in relation to individuals; Third party means any natural or legal person, public authority, agency or any other body other than the data subject, the AFM, the JFSA/CPAAOB, and the persons who, under the direct authority of the above, are authorized to process the data. II. DATA PROCESSING PRINCIPLES The Authorities confirm that the transmission of Personal data by the data providing Authority to the data requesting Authority will be governed by the following items: 1. Purpose limitation: Personal data transmitted by the data providing Authority to the data requesting Authority may only be processed by the data requesting Authority if necessary for the purposes permitted or required by Laws or regulations on public oversight, Inspections or Investigations of Auditors. The onward transfer of such data, which may be for other purposes, is governed by paragraph 7 below. The Authorities acknowledge that they primarily seek the names, and information relating the professional activities, of the individual persons who were responsible for or participated in the audit engagements selected for review during an inspection or who play a significant role in the firm s management and quality control. Such Personal data as well as other Personal data will only be used in order to assess the degree of compliance of the registered/notified Auditor and its associated persons with the applicable laws and regulations and to enforce compliance with these laws and regulations. If the data receiving Authority intends to use information received from the data providing Authority for any purpose other than those stated in the request, it must obtain the prior written specific consent of the data providing Authority. If the data providing Authority consents to the use of information for a purpose other than those stated, it may subject its consent to conditions. 2. Data quality and proportionality: All Authorities will endeavour to ensure that it transmits to the other Authority Personal data that is accurate. Each Authority will inform the other Authority if it learns that previously transmitted information was inaccurate and/or must be updated. In such case the other Authority will make any appropriate corrections in its files. All Authorities will endeavour to ensure that the Personal data requested and transferred is adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
10 The Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed, or for such time as otherwise required by applicable Laws or regulations. 3. Transparency: The AFM will provide to data subjects information relating to the transfer and further processing of Personal data as required by the Data Protection Directive and the Dutch Data Protection Act ( Wet bescherming persoonsgegevens ) of the Netherlands. The Authorities acknowledge that the purpose and use by the JFSA/CPAAOB of the Personal data are as set forth in the Certified Public Accountants Act, as further described in Appendix I. 4. Security and confidentiality: In Appendix II the Authorities have provided information describing technical and organizational security measures deemed adequate by the Authorities to guard against accidental or unlawful destruction, loss, alteration, disclosure of, or access to the Personal data. The Authorities will update the information if changes are made to its technical and organisational security measures that would weaken the protection provided for Personal data. Any person acting under the authority of the data Controller, including a Processor will not process the data except at the data Controller s request. 5. Rights of access, rectification or deletion: The Authorities acknowledge that the transfer of Personal data would occur in the context of exercise of their official regulatory authorities pursuant to the relevant legislations in their home jurisdiction, and that the rights of data subjects to access Personal data held by the Authority therefore may be restricted in order to safeguard the Authority s ability to monitor, inspect or otherwise exercise its regulatory functions with respect to the Auditors, including associated persons and other relevant individuals 4, under its regulatory jurisdiction. 5 However, a data subject whose Personal data has been transferred to the data receiving Authority may request that the data providing Authority identify any Personal data that has been transferred to the data receiving Authority and request that the data providing Authority confirm with the data receiving Authority that the data is complete, accurate and, if applicable, up-to-date and the processing is in accordance with the data processing principles in this Framework. If the data turns out to be incomplete, inaccurate or outdated or the processing is not in accordance with the data processing principles in this Framework, the data subject may make a request for rectification, erasure or blocking the data, through the data providing Authority. 6. Sensitive data: Sensitive data will not be transferred between the Authorities except with the consent of the data subject. 7. Onward transfer: In the event that the data receiving Authority intends to transfer any Personal data to a Third Party, the data receiving Authority will comply with the process set forth in section V of the EoL. It will be the responsibility of the Authorities to provide relevant information to the data subject, if required by relevant laws and regulations in the jurisdiction of the data providing Authority. The Authorities have provided information describing the applicable Laws or regulations on onward transfer of confidential information. 4 E.g. Chief Executive Officer, Chief Financial Officer or internal auditor of the audit client. 5 The JFSA/CPAAOB may restrict such rights in limited cases of information (Article14 of the Act on the Protection of Personal Information Held by Administrative Organs).
11 8. Redress: The Authorities acknowledge that they have provided information describing the consequences for the unlawful disclosure of non-public or confidential information. Any violations will be reported to the data providing Authority and if required by law 6 to the appropriate personal data protection authority in each jurisdiction. 6 The Netherlands is still in the process of drafting a bill containing the obligation to notify the data protection authority in case of a security breach.
MEMORANDUM OF UNDERSTANDING BETWEEN THE CANADIAN PUBLIC ACCOUNTABILITY BOARD AND THE NETHERLANDS A UTHORJTY FOR THE FINANCIAL MARKETS ON COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 email@example.com Introduction & Structure ENISA Working Group
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
" STATEMENT OF PROTOCOL BETWEEN THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD OF THE UNITED STATES AND THE FEDERAL AUDIT OVERSIGHT AUTHORITY AND THE FINANCIAL MARKET SUPERVISORY AUTHORITY OF SWITZERLAND
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
ך ר ע ת ו ר י י נ ת ו ש ר ISRAEL SECURITIES AUTHORITY Protocol Concerning Cooperation in the Administration and Enforcement of Futures Laws between the Israel Securities Authority and the United States
2013 Authorisation Requirements and Standards for Debt Management Firms 2 Contents Authorisation Requirements and Standards for Debt Management Firms Contents Chapter Part A: Authorisation Requirements
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
AUTHORISATION of JAMES PAGET UNIVERSITY HOSPITALS NHS FOUNDATION TRUST (pursuant to Section 6 of the Health and Social Care (Community Health and Standards) Act 2003) Signature:... 1 August 2006 1 TABLE
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant
(Unofficial translation by the Financial and Capital Market Commission) Text consolidated with amending laws of 12 December 2008; 01 December 2009; 10 December 2009. If a whole or part of a section has
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
Data Security and Extranet Derek Crabtree Schools ICT Support Manager firstname.lastname@example.org Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred
MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE INFORMATION COMMISSIONER S OFFICE OF THE UNITED KINGDOM ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING
1 NB: Unofficial translation Personal Data Act (523/1999) Chapter 1 General provisions Section 1 Objectives The objectives of this Act are to implement, in the processing of personal data, the protection
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia PRESENTATION OF THE DRAFT DATA PROTECTION POLICY FOR NAMIBIA Pria Chetty, ITU International Legal
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate