Contributed by Djingov, Gouginski, Kyutchukov & Velichkov
|
|
- Hester Lee
- 5 years ago
- Views:
Transcription
1 Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection Directive by being promulgated in the State Gazette, Issue No. 1 of 4 January 2002 and was last amended by the State Gazette, Issue No. 15 of 15 February 2013 with effect as of 1 January 2014 (the PDPA ). Entry into force The PDPA came into force on 1 January National Regulatory Authority Details of the competent national regulatory authority The Commission for Personal Data Protection (the Commission ) 2, Prof. Tsvetan Lazarov Blvd. Sofia 1592 Bulgaria Notification or registration scheme and timing In general, any data controller must apply for registration with the Commission prior to initiating any personal data processing. The registration covers the data controller and the personal data registers controlled by such data controller and is free of charge. Hence, if there is any change in the amount, purpose or scope of data processing, the data controller must notify the Commission prior to administering such amended registers or implementing such changes in the administered registers, respectively. The data controller may start to process the relevant personal data upon filing the registration application in due manner. The Commission has 14 days in which to accept or reject the registration of the data controller. Exemptions Exemptions apply in the following situations: (i) data controllers operating organised filing systems that are, by virtue of the legislation in force, publicly accessible or accessible only to those who can demonstrate a legitimate interest in obtaining access; (ii) non-profit making organisations carrying out certain processing; (iii) data controllers specially exempted by the Commission based on a determination that the processing does not jeopardise the rights and legitimate interests of affected individuals; and (iv) data controllers who are natural persons and carry out data processing for personal or domestic purposes. Appointment of a data protection officer There is no legal requirement to appoint a data protection officer under the PDPA. Personal Data What is personal data? The definition of personal data in the PDPA is closely based on the standard definition of personal data. Is information about legal entities personal data? No. The PDPA only applies to information about individuals as opposed to legal entities. What are the rules for processing personal data? Personal data may be processed if the standard conditions for processing personal data are met. In practice, the grounds most frequently relied on for personal data processing are the data subject s consent, necessary performance under a contract with the data subject and compliance with a legal obligation. Recently, in a limited number of cases the legitimate interests of data controllers, where such interests override the relevant privacy interest of data subject, have also applied in practice as a condition for processing personal data. The PDPA contains exemptions for certain types of processing. For example, processing for domestic purposes is largely exempt from the provisions of the PDPA. Global data protection legislation September
2 Are there any formalities to obtain consent to process personal data? Consent must be informed, specific and express. There are no formalities to obtain consent under the PDPA to process personal data. However, it is recommended for evidential purposes that the consent be in writing. Sensitive Personal Data What is sensitive personal data? Under the PDPA, sensitive personal data includes both: (i) the standard types of sensitive personal data; and (ii) information about the human genome. Are there additional rules for processing sensitive personal data? Processing of sensitive personal data may be initiated only if the data controller has obtained an express statement confirming registration with the Commission. The Commission shall issue a statement if after a preliminary inspection the Commission establishes that the data processing will be carried out in conformity with the applicable requirements of the PDPA and in particular the processing complies with the standard conditions for processing sensitive personal data as a ground for data processing. Are there any formalities to obtain consent to process sensitive personal data? The position is the same as for personal data (see above). Scope of Application What is the territorial scope of application? The PDPA applies the standard territorial test. Who is subject to data protection legislation? The PDPA applies to data controllers. A statutory act may also mandate that an individual, legal entity or state authority shall process personal data and hence shall be a data controller. Data processors are not subject to the PDPA. Are both manual and electronic records subject to data protection legislation? Yes. The PDPA does not differentiate between manual or electronic records. A regulation of the Commission, however, sets forth different obligations for data controllers regarding the level of protection and security of personal data depending on whether the records are manual or electronic. Rights of Data Subjects Compensation Data subjects have a right to compensation for any damage suffered as a result of unlawful processing of his/her personal data by a data controller. Affected data subjects are only entitled to seek compensation for the damages suffered as a result of the acts or actions of the respective data controller when such acts and actions are unlawful and, respectively, infringe their legitimate data privacy rights and interests. Fair processing information A data controller must provide fair processing information to data subjects. They must also provide information about: (i) recipients or categories of recipients to which the data may be transferred; (ii) the mandatory or voluntary nature of the requested provision of personal data by data subjects and the consequences for the data subjects in case of refusal to provide requested data; and (iii) the right of data subjects to access and correct their collected personal data. Data controllers are not obliged to provide data subjects with such processing information if the respective data subjects already have it or the law provides likewise. If the personal data has been obtained from a third party rather than the data subject, there are some exceptions from the obligation to provide processing information (e.g. where it would involve disproportionate effort). Moreover, item (ii) of the above list of fair processing information is not required but instead the data controller must inform the respective data subject about the categories of personal data related to such data subject. Rights to access information Data subjects may obtain their subject access information by written or electronic request to data controllers. This right may be exercised at any time and may be exercised free of charge. Where such access may result in the disclosure of data relating to other individuals, the data controller must provide the data subject with access to only such part of the data as pertains to such data subject alone. 31 September 2016 Global data protection legislation
3 Objection to direct marketing A data subject may object by opting out to this effect or require that a data controller stops processing data for direct marketing purposes. Data controllers must provide data subjects with the option of opting out, and if a data subject objects to or requires his/her personal data not to be processed for direct marketing purposes, the data controller must comply with such a request. Other rights Data subjects may obtain from the data controller the erasure, correction or blocking of their personal data if processing of those data fails to meet the requirements of the PDPA. Data subjects may object to the processing of their personal data if there is a legal justification for such objection. Data subjects must also be given the opportunity to object to the disclosure of their personal data to third parties. Data subjects may also require that the data controller notify any third parties to whom personal data have been revealed, of any erasure, rectification or blocking of such data. Security Security requirements in order to protect personal data The data controller must apply the general data security obligations. The Commission regulates in detail the requirements of the general data security obligations by a regulation passed to this effect under the PDPA in February By this regulation the Commission determines the minimum level of technical and organisational measures and the permissible type of security to be provided by a data controller to various types of data processing. Specific rules governing processing by third party agents (processors) The processing of personal data by a data processor must be in accordance with a statutory act, a written contract or other act of the data controller, which sets out the obligations of the data processor. The data controller will be jointly liable for damages caused to third parties resulting from acts or omissions of the data processor. The data processor may only process personal data in accordance with instructions from the data controller unless otherwise directed by law. In the case of data processing by a data processor, it is the data controller who is liable for the security measures adopted. It is the obligation of the data controller to ensure the data processor adopts certain security measures in respect of the processed data. Notice of breach laws The PDPA does not provide any obligation for data controllers to inform the Commission or data subjects of a security breach. The Commission has not issued any guidelines or other directions to this effect. Specific notice of breach laws apply to the electronic communications sector under the ECA (as defined below) which implements the Privacy and Electronic Communications Directive, as amended. The Commission must be notified within three days of the breach being identified. Transfer of Personal Data to Third Countries Restrictions on transfers to third countries The transfer of personal data outside of the EEA shall only be permissible if the recipient state is able to ensure an adequate level of personal data protection in its territory. Data controllers, as data exporters, may not make their own assessment of whether or not the jurisdiction of the data importer provides adequate levels of protection in the case of transborder dataflow. The assessment concerning the adequacy of the level of personal data protection in the recipient state shall be made by the Commission. Transfers outside of the EEA are also permitted if the standard conditions for transborder dataflow are satisfied. Compliance with binding corporate rules does not constitute a permissible condition under the PDPA for transborder dataflows. Notification and approval of national regulator (including notification of use of Model Contracts) In the event of transborder dataflow under the standard conditions for transborder dataflow, there is no obligation under the PDPA for the data controller, as a data exporter, to obtain the approval of the Commission regarding such transborder dataflow (except where transborder dataflow is made pursuant to binding corporate rules). In the event of transborder dataflow on any other grounds, a data controller may carry out transborder dataflow only after receiving the approval of the Commission for the specific transborder dataflow. In this case, to issue the approval, the Commission must first verify the merits of the contemplated transborder dataflow in view of the requirement for an adequate level of protection for data subjects. Global data protection legislation September
4 However, in 2012 the Commission amended its internal regulations of operation and, as a result, changed some rules relating to transborder dataflows so that it is necessary for data controllers to: (i) undergo verification by the Commission of the merits of the contemplated transborder dataflows; and (ii) to obtain the Commission s approval for transborder dataflows where the data export is being made: (a) with the consent from the data subject; (b) for the performance of a contract with, or in the interest of, the data subject; (c) for important public interest grounds, or for legal claims; (d) for the protection of the life or vital interests of the data subject; or (e) from a public register. The Commission s regulations of operation take effect as secondary legislation under the PDPA and are unlikely to be upheld by the courts in the case of a dispute between a data controller and the Commission. The Commission has not yet made any official statement on these new requirements nor taken formal enforcement action to enforce them. In all cases of transborder dataflow, regardless of the conditions on which they are carried out, the data controller must register the transborder dataflow with the Commission as a change in its effective status as data controller (to that of data exporter) prior to initiating such dataflow (unless the data controller has already registered its status as a data exporter and the respective transborder dataflow). Use of binding corporate rules Although Bulgaria is listed as a member of the mutual recognition club for binding corporate rules, on 31 October 2013, after a long period of abstaining from making any official statement on the matter, the Commission officially stated that it does not approve and does not recognise the use of binding corporate rules as valid grounds for transfer of personal data to third countries. Enforcement Sanctions Administrative sanctions in the form of fines for violations of the PDPA range from BGN 500 to BGN 100,000. Where processing results in a violation of the applicable data protection laws, the Commission has the power to restrict or prohibit the processing of personal data by a data controller for a limited period of time and subject to a prior notice to the relevant data controller. The transfer or distribution of computer or system passwords which results in the illegitimate disclosure of personal data constitutes a crime under the Criminal Code, promulgated in the State Gazette, Issue No. 26 of 2 April 1968, last amended by the State Gazette, Issue No. 47 of 21 June 2016, and the penalty for such crime includes imprisonment for up to three years. Practice According to the Commission s 2015 Annual Report, in 2015 the Commission approved the registration of 5,347 new data controllers. As a result, the total number of registered data controllers is 278,416. The registration applications of data controllers regarding sensitive data processing filed with the Commission for 2015 amounted to 424, as no applications were rejected. Most of these applications came from data controllers occupied in the health care area. In 2015, the Commission carried out a total of 687 on-site examinations. 511 of these examinations were of a preliminary control nature and executed in relation to the issuance of approvals for processing of sensitive personal data. In 20 of the on-site examinations, the Commission found non-compliance with the PDPA and took administrative action against the respective data controllers. As a result of the examinations carried out in respect of data controllers in 2015, the Commission issued 12 binding directions. 48 subsequent examinations were carried out in 2015 (compared to 77 for the previous year), as a result of which the Commission issued 6 binding directions and took administrative action against 16 data controllers. Enforcement authority The Commission has full supervisory powers over the activity of data controllers and is competent to issue binding directions to, and impose fines and restrictions on, data controllers for breaches of the PDPA. Public prosecutors also have enforcement powers but their scope of competence is limited. Public prosecutors usually act on the request of the Commission. eprivacy I Marketing and cookies National Legislation eprivacy laws Article 13 of the Privacy and Electronic Communications Directive has been implemented by virtue of the Electronic Communications Act (the ECA ), promulgated in the State Gazette, Issue No. 41 of 22 May 2007, last amended and supplemented in the State Gazette, Issue No. 50 of 1 July The ECA came into force on 26 May September 2016 Global data protection legislation
5 Cookies The rules of the E-Commerce Act, promulgated in the State Gazette, Issue No. 51 of 23 June 2006 (in force since 24 December 2006), last amended by the State Gazette, Issue No. 57 of 28 July 2015, are also of relevance. Some of the amendments to the Privacy and Electronic Communications Directive made by the Citizens Rights Directive, such as the obligation on providers of public electronic communication services to notify the Commission of personal data breaches, have been implemented by virtue of amendments to the ECA, adopted in December However, other amendments to the Privacy and Electronic Communications Directive have not been implemented into Bulgarian national law. For example, the E-Commerce Act has not been amended yet to implement the consent requirements for cookies. Conditions for use of cookies The E-Commerce Act allows the use of cookies provided that the user has been informed of the use of cookies and he/she has been given the opportunity to refuse the storage of or access to such cookies. Such restrictions are not applicable: (i) to any subsequent use of cookies in so far that the user has not explicitly objected to such use; and (ii) the cookies are used for the sole purpose of carrying out the transmission of a communication over an electronic communication network or for the provision of an information society service requested by the user. However, the amendments to the Privacy and Electronic Communications Directive requiring express consent for the storage of or access to cookies, have not been implemented yet. Regulatory guidance on the use of cookies There is no effective regulatory guidance on the use of cookies. Marketing by Conditions for direct marketing by to individual subscribers The ECA (Art. 261, para. 1) requires the consent of the individual subscriber as a condition for legally making direct marketing and advertising by with or without human intervention. Such consent is subject to withdrawal at any time. Conditions for direct marketing by to corporate subscribers Using the defined term subscriber to cover legal and natural persons, using or applying for usage of public electronic communications services, the ECA does not differentiate between individual or corporate subscribers with respect to the conditions for legally performing direct marketing by . Thus, corporate subscribers may be sent direct marketing e- mails only subject to their consent to that effect. Additionally, pursuant to the E-Commerce Act, the Bulgarian Commission on Consumer Protection keeps a register of the addresses of legal entities which have expressly opposed receiving unsolicited commercial communication. Sending unsolicited commercial communication to those addresses, including for direct marketing purposes, is prohibited. Exemptions and other issues As an exemption to the rule of the ECA, no prior consent is required for cases where the similar products and services exemption applies. The ECA prohibits direct marketing and advertising s from being sent if: (i) the identity of the sender is disguised or concealed; or (ii) the provided opt-out address is not valid. Pursuant to the E-commerce Act, in case of non-solicited communication, the sender must also include the ecommerce information. Marketing by Telephone Conditions for direct marketing by telephone to individual subscribers (excludes automated calls) Pursuant to the ECA, direct marketing and advertising by telephone is subject to the same conditions and exemptions as s. Thus, such telephone communications are allowed only subject to the consent of the subscribers. Additionally, a Bulgarian regulation on the rules of issuing of telephone directories expressly provides for the possibility for indexing those subscribers that have expressly consented to receiving unsolicited commercial communications. Conditions for direct marketing by telephone to corporate subscribers (excludes automated calls) Since the ECA does not differentiate between natural and legal entities, the same rules apply with respect to corporate subscribers. Thus, such telephone calls are allowed only subject to the consent of the subscribers. As is the case with individual subscribers, telephone directory indexing is a way, provided for by the law, of expressing consent to receiving unsolicited commercial communications. Global data protection legislation September
6 Exemptions and other issues Direct marketing and advertising by telephone is subject to the same exemptions and other issues as marketing or advertising by . Marketing by Fax Conditions for direct marketing by fax to individual subscribers Direct marketing by fax is subject to the same conditions and exemptions as s pursuant to the ECA. Thus, such fax calls are allowed only subject to the consent of the subscribers. Additionally, a Bulgarian regulation on the rules of issuing of telephone directories expressly provides for the possibility of indexing those subscribers who have expressly consented to receiving unsolicited commercial communications. Conditions for direct marketing by fax to corporate subscribers Since the ECA does not differentiate among natural and legal entities, the same rules apply with respect to corporate subscribers. Thus, such fax communications are allowed only subject to the consent of the subscribers. As is the case with individual subscribers, telephone directory indexing is a way, provided for by law, of expressing consent to receiving unsolicited commercial communications. Exemptions and other issues Direct marketing and advertising by fax is subject to the same exemptions and other issues as marketing or advertising by September 2016 Global data protection legislation
Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.
Contributed by Wanger Advokaturbüro General I Data Protection Laws National Legislation General data protection laws The Data Protection Act (the DPA ) dated 14 March 2002 and the relevant Ordinance on
More informationFinland. General I Data Protection Laws. Contributed by Hannes Snellman Attorneys Ltd. National Legislation. National Regulatory Authority
Contributed by Hannes Snellman Attorneys Ltd General I Data Protection Laws National Legislation General data protection laws The Finnish Personal Data Act (Henkilötietolaki 1999/523) (the DPA ) dated
More informationDATA PROTECTION LAWS OF THE WORLD. Bahrain
DATA PROTECTION LAWS OF THE WORLD Bahrain Downloaded: 7 April 2018 BAHRAIN Last modified 25 January 2017 LAW There is currently no standalone data protection law in Bahrain. A draft is being reviewed before
More informationUniversity Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance
University Privacy Campaign Introduction to the Personal Data (Privacy) Ordinance 1 Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December
More informationTHE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003
THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, 2004 This FAQ is not intended to provide specific advice about individual legal, business, or other questions. It was prepared
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the Ordinance
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance 1 Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the
More informationEU Data Protection Agreement
EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,
More informationINFORMATION NOTE ON DATA PROCESSING
INFORMATION NOTE ON DATA PROCESSING Online contact Name and contact details of the Data Controller and the representative of the Data Controller Name of the Data Controller: Head office: Correspondence
More informationPRIVACY POLICY OF THE WEB SITE
PRIVACY POLICY OF THE ERANOS FOUNDATION Introductory remarks The Eranos Foundation respects your privacy! Privacy policy EU Norm 2016-769 GDPR 1 We do not sell or distribute any information that we acquire
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the Ordinance
More informationNEWSLETTER DATA PROTECTION NOTICE. AImotive Ltd.
NEWSLETTER DATA PROTECTION NOTICE AImotive Ltd. Effective from 25 May 2018 CONTENTS Newsletter Data Protection Notice of AImotive Ltd.... 3 Newsletter Data Protection Notice of AImotive Ltd. for existing
More informationRights of Individuals under the General Data Protection Regulation
Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationCanada's New Anti-spam Law Are you prepared? Tricia Kuhl (Blakes) Dara Lambie (Blakes) Presented to ACC Ontario Chapter May 9, 2012
Canada's New Anti-spam Law Are you prepared? Tricia Kuhl (Blakes) Dara Lambie (Blakes) Presented to ACC Ontario Chapter May 9, 2012 OVERVIEW Background & Status Breadth & Scope Penalties & Liability Compliance
More informationData Processing Agreement
Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT
More informationDISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018
DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018 Introduction This disclosure on the processing of personal data (hereinafter, the "Disclosure") is provided pursuant to Art.
More informationData Processing Agreement
Data Processing Agreement Addendum to the Main Contract between Simonsen Chartering Aps Christiansmindevej 74 CBR no.: 20702206 (hereinafter referred to as the Shipping Company ) and 3 rd party processing
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationDATA PROTECTION LAWS OF THE WORLD. Germany
DATA PROTECTION LAWS OF THE WORLD Germany Downloaded: 25 November 2017 GERMANY Last modified 26 January 2017 LAW The main legal source of data protection in Germany is the Federal Data Protection Act (
More informationVIACOM INC. PRIVACY SHIELD PRIVACY POLICY
VIACOM INC. PRIVACY SHIELD PRIVACY POLICY Last Modified and Effective as of October 23, 2017 Viacom respects individuals privacy, and strives to collect, use and disclose personal information in a manner
More informationthe processing of personal data relating to him or her.
Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Hotel & Pensionat Björkelund. The use of
More informationGDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.
GDPR Privacy Policy PRIVACY POLICY The privacy and security of data are a priority for AlphaMed Press and our management and staff. While accessing and using our website does not require your submission
More informationBoard of Directors Telecommunications Regulatory Authority. The Telecommunications Regulatory Authority (the Authority ) Board of Directors,
Board of Directors Telecommunications Regulatory Authority Resolution No. 1 of 2011 regarding the Bulk Messaging Regulation The Telecommunications Regulatory Authority (the Authority ) Board of Directors,
More informationPrivacy Policy. In this data protection declaration, we use, inter alia, the following terms:
Last updated: 20/04/2018 Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of VITO (Vlakwa). The
More informationPrivacy Policy of
Privacy Policy of www.bitminutes.com This Application collects some Personal Data from its Users. Owner and Data Controller BitMinutes Inc Owner contact email: privacy@bitminutes.com Types of Data collected
More informationPrivacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")
Swisscom (sales name: "All-in Signing Service") General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible and legally compliant manner is a top priority
More informationPrivacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria
Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible
More informationPrivacy Policy Section A Section B Section C Section D
Privacy Policy The PIKO Solar Portal of KOSTAL Solar Electric GmbH is available at https://www.piko-solar-portal.com. This portal allows customers to monitor photovoltaic systems using KOSTAL inverters.
More informationGDPR data subject rights
data subject rights Date: February 2018 Author: Information compliance team (EP) Version: 0.1 (draft, awaiting final version of Data Protection Bill) Classification: Open gives people certain rights in
More informationPrivacy Policy. Last updated on 31 May 2018
Privacy Policy Last updated on 31 May 2018 This Privacy Policy governs the processing of personal data by the International Yehudi Menuhin Foundation asbl/ivzw, situated at Boulevard du Souverain/Vorstlaan
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationADMA Briefing Summary March
ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From
More informationPersonal Data collected for the following purposes and using the following services:
PRIVACY POLICY www.marquise-tech.com This Website collects some Personal Data from its Users. POLICY SUMMARY Personal Data collected for the following purposes and using the following services: Contacting
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationIntroductory guide to data sharing. lewissilkin.com
Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external
More informationCanadian Anti-Spam Legislation (CASL)
Canadian Anti-Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS The purpose of this document is to assist and guide U of R employees regarding their obligations under the Canadian Anti-Spam Legislation
More informationIn compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30)
3UAS-libraries Privacy Notice for customer information In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30) Created on: 15.03.2019 1. Controllers
More informationPRIVACY POLICY PRIVACY POLICY
PRIVACY POLICY 1 A. GENERAL PART 1.1. COLLECTION AND PROCESSING OF USER DATA Within the scope of the availability of the website hosted in www.alpinushotel.com and of the services and communications made
More informationPERSONAL DATA PROTECTION ACT 2012 COMPLIANCE NATIONAL UNIVERSITY OF SINGAPORE DO NOT CALL POLICY
PERSONAL DATA PROTECTION ACT 2012 COMPLIANCE NATIONAL UNIVERSITY OF SINGAPORE DO NOT CALL POLICY Table of Contents Summary... 3 Introduction... 3 Scope of the DNC regime/framework... 4 The Prohibitions/Requirements...
More informationName: Aho Terhi Title: ecommerce Manager. Phone: terhi.aho(at)finavia.fi Name: Närvänen Carita Title: Development Manager
PRIVACY POLICY Date: 19 June, 2018 (translated from last revised Finnish version) EU General Data Protection Regulation, articles 13 and 14 1. Data controller Finavia Corporation Business ID: 2302570-2
More informationHaaga-Helia University of Applied Sciences Privacy Notice for Student Welfare Services
Haaga-Helia University of Applied Sciences Privacy Notice for Student Welfare Services In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30) Created
More informationGeneral Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of
General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General
More informationPrivacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Privacy Policy Datacenter.com (referred to as we, us, our, Datacenter or the Company ) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data
More informationS.C. FAST SUPPORT S.R.L Bucharest, 70 Jean Louis Calderon Street, 6 th Floor J40/8295/ , sole registration code no.
WEBSITE PRIVACY POLICY INTRODUCTION, Romanian legal person, headquartered in Bucharest, 70 Jean Louis Calderon Street, 6th Floor, registered at the Trade Register attached to the Court of Bucharest under
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle
More informationMore detailed information, including the information about your rights is available below.
Depending on the content of the correspondence, your data will be processed for the purposes of conclusion and performance of the agreement to which you are a party, to fulfil the legal obligation of the
More informationData Preservation Checklists
Data Preservation Checklists At the G8 meeting of Justice and Interior Ministers in Moscow in October 1999, the Ministers recognized that law enforcement authorities conducting criminal investigations
More informationINFORMATIVE NOTICE ON PERSONAL DATA PROCESSING
INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING Re: Informative notice on data processing pursuant to Art. 13 of Legislative Decree 196/2003 as amended, to Art. 13 of EU Regulation 2016/679 and to Italian
More informationWE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA
WE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA In accordance with the new Regulation (EU) 2016/679 on the protection of personal data (GDPR), we ask you to give your consent on the use of Cookies, for
More informationPrivacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions
Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Kühnreich & Meixner GmbH. The use of the
More informationPrivacy Policy CARGOWAYS Logistik & Transport GmbH
Privacy Policy CARGOWAYS Logistik & Transport GmbH We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the CARGOWAYS
More informationEU Data Protection Agreement
EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,
More informationLegal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA
Privacy Policy of www.florence-apartments.net This Application collects some Personal Data from its Users. Owner and Data Controller Florence Apartments Sas - via Curtatone, 2-50123 Firenze Owner contact
More informationCANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014
CANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014 Investment Industry Association of Canada Adam Kardash Partner, Privacy and Data Management Osler, Hoskin & Harcourt LLP akardash@osler.com;
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationTechnical Requirements of the GDPR
Technical Requirements of the GDPR Purpose The purpose of this white paper is to list in detail all the technological requirements mandated by the new General Data Protection Regulation (GDPR) laws with
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationFunding University Inc. Terms of Service
Funding University Inc. Terms of Service None of the information contained in Funding University's website constitutes a recommendation, solicitation or offer by Funding University or its affiliates to
More informationHaaga-Helia University of Applied Sciences Privacy Notice for Urkund Plagiarism Detection Software
Haaga-Helia University of Applied Sciences Privacy Notice for Urkund Plagiarism Detection Software In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14
More informationInformation leaflet about processing of personal data (
Information leaflet about processing of personal data (www.magyarfoldgazkereskedo.hu) In accordance with articles 13 and 14 of the regulation (EU) 2016/679 OF the European Parliament and of the Council
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationRECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.
RECRUITMENT DATA PROTECTION NOTICE AImotive Ltd. Effective from 25 May 2018 Dear Applicant! Thank you for inquiring about the AImotive Ltd! Please, read our recruitment data protection notice the purpose
More informationPart B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information
Date: 15 Feb 2018 Issue No: 1 Page: 1 of 15 Site: UK Kingspan Insulation Limited ("Kingspan") has issued this Data Protection Policy for its customers. The term customer refers to those that receive a
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationPrivacy Policy... 1 EU-U.S. Privacy Shield Policy... 2
Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2 Privacy Policy knows that your privacy is important to you. Below is our privacy policy for collecting, using, securing, protecting and sharing your
More informationTERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE
TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE 1. General The term PPS refers to: Professional Provident Society Holdings Trust, (The Holding Trust); Professional
More informationPrivacy Policy Hafliger Films SpA
Hafliger Films SpA, with registered office at Via B. Buozzi no. 14-20089 Rozzano (MI), has for many years considered it of fundamental importance to protect the personal details of customers and suppliers,
More informationStartup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):
Privacy Policy Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ): visit any websites or mobile sites offered by Startup
More informationFAQ about the General Data Protection Regulation (GDPR)
FAQ about the General Data Protection Regulation (GDPR) 1. When does the GDPR come into force? The GDPR was promulgated 25 May 2016 and comes into effect 25 May 2018. 2. Is there a transition period? We
More informationMile Privacy Policy. Ticket payment platform with Blockchain. Airline mileage system utilizing Ethereum platform. Mileico.com
Mile Privacy Policy Ticket payment platform with Blockchain Version 1.1 Feb 2018 [ Mile ] www.mileico.com Airline mileage system utilizing Ethereum platform Chapter 1 General Provisions Article_1 (Basic
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationHaaga-Helia University of Applied Sciences Privacy Notice for the Laura Recruitment Service
Haaga-Helia University of Applied Sciences Privacy Notice for the Laura Recruitment Service In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30)
More informationTERMS OF USE of the WEBSITE
TERMS OF USE of the WEBSITE General The website www.dpd.gr (hereinafter, the "Website") is property of the company DPD Dynamic Parcel Distribution GmbH & Co. KG with trade name «DPD», which is based at
More informationPRIVACY POLICY. 1. Introduction
PRIVACY POLICY 1. Introduction 1.1. The Pinewood Studios Group is committed to protecting and respecting your privacy. This privacy policy (together with our Website Terms of Use and Cookies Policy) (Privacy
More informationPRIVACY POLICY Last Updated May, 2018
PRIVACY POLICY Last Updated May, 2018 PRIVACY POLICY OVERVIEW This Privacy Policy establishes rules to govern the collection, use and disclosure of personal information collected by Banff & Lake Louise
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationGENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 H 1 HOUSE BILL 1699
GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 H HOUSE BILL Short Title: Option to Stop Junk Mail. (Public) Sponsors: Representatives Fisher; Alexander, Faison, Harrison, and Samuelson. Referred to: Judiciary
More informationPrivacy Law Doing Business In Canada
Privacy Law Doing Business In Canada Does Canada Have Privacy Legislation? Federal Legislation Canada has a comprehensive legal framework that governs the collection, retention, use and disclosure of the
More informationProfessional Engineers Ontario. canada s anti-spam. Guidelines for Chapters
Professional Engineers Ontario canada s anti-spam legislation (CASL) Guidelines for Chapters Published by Association of Professional Engineers of Ontario, February 2015 Contents 1. Introduction... 3 2.
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationSketching for UX Designers Website & Newsletter Privacy Policy
Sketching for UX Designers Website & Newsletter Privacy Policy Summary This summary points out the most important parts of the Sketching for UX Designers (www.sketchingforux.com) Privacy Policy. In an
More informationCALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS
CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS INTRODUCTION: Before the California State Teachers Retirement System (hereinafter "CalSTRS," "We," or "Us") will provide services found at mycalstrs.com (the
More informationThe Rough Notes Company, Inc. Privacy Policy. Effective Date: June 11, 2018
The Rough Notes Company, Inc. Privacy Policy Effective Date: June 11, 2018 The Rough Notes Company ( Rough Notes, we, us, our ) respects your privacy, and takes the responsibility of protecting the personal
More informationTALENTUM Limited Liability Company PRIVACY NOTICE
TALENTUM Limited Liability Company PRIVACY NOTICE I. Purpose and scope of the Notice 1.1 The purpose of this Notice is to lay down the data protection and processing principles of TALENTUM Ltd. and to
More informationCanadian Anti-Spam Legislation (CASL) Compliance Policy. 2. Adopt Canadian Anti-Spam Legislation (CASL) Compliance Policy.
NO: R055 COUNCIL DATE: April 27, 2015 REGULAR COUNCIL TO: Mayor & Council DATE: March 30, 2015 FROM: City Clerk FILE: 0625-20 SUBJECT: Canadian Anti-Spam Legislation (CASL) Compliance Policy RECOMMENDATION
More informationHaaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service
Haaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13,
More informationSIMS TERMS AND CONDITIONS OF USE AGREEMENT
SIMS TERMS AND CONDITIONS OF USE AGREEMENT 1. These Terms and Conditions ("the Terms and Conditions") govern your ("the User") use of the Website and Web application and the information thereon, known
More informationData Processing Agreement
Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data
More informationDEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy
DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationPRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS
PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS This privacy policy ("Privacy Policy") is intended for natural person participants, speakers and their accompanying persons and contact persons whose
More information- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;
PRIVACY NOTICE INTRODUCTION During the operation of the website data controller processes the data of persons registered on the website in order to be able to provide them with adequate services. Service
More informationData Privacy Policy. of Eisenmann Übersetzungsteam - Suzanne Eisenmann - translation team
Data Privacy Policy of Eisenmann Übersetzungsteam - Suzanne Eisenmann - translation team We are delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority
More informationCanada s Anti-Spam Legislation It s Here and It s Not Just Spam. Susan Manwaring & Jennifer Babe Miller Thomson LLP
Canada s Anti-Spam Legislation It s Here and It s Not Just Spam Susan Manwaring & Jennifer Babe Miller Thomson LLP Overview 1. What is Canada s Anti-Spam Legislation (CASL)? 2. What are Commercial Electronic
More information1. Right of access. Last Approval Date: May 2018
Page 1 of 5 I. PURPOSE The European Union s General Data Protection Regulation (GDPR) provides greater data protection for individuals in the European Union (EU). This comprehensive regulation, effective
More information