SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY
|
|
- Felix Short
- 5 years ago
- Views:
Transcription
1 SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY 1. OBJECT AND THE SCOPE OF THE POLICY 1.1. Object of the policy The General Data Protection Regulation, which entered into force on 25 th May 2018, official title Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (hereinafter referred to as "GDPR") established uniform rules for the protection of natural persons' data directly applicable throughout the European Union (and in certain cases beyond). GDPR establishes obligations primarily for persons who handle data for natural persons for specific purposes. The purpose of this policy is to provide a brief, comprehensible explanation on the details of the processing and data protection practices - which are based on the GDPR and the Act nr. CXII. of 2011 on informational selfdetermination and freedom of information (hereinafter referred to as "Privacy Act") - followed by the SkillStar 2018 Európai Szakmunkásverseny Szervező Nonprofit Korlátolt Felelősségű Társaság (registered seat: 1054 Budapest, Szabadság tér 7, registration authority: Company Registry Court of Budapest, Hungary; registration number: , hereinafter referred to as "SkillStar"), and, in this context, inform the data subject on their rights under the abovementioned legislation Scope of the policy This policy was prepared and published by SkillStar on the web site (hereinafter referred to as "Website"), maintained and operated by them. This policy shall be applied for all data processing by SkillStar, which affects a natural person Processing not affected by the policy Regarding the fact that GDPR only regulates the processing of personal data of natural persons, the provisions of this policy does not apply to SkillStar s processing of data which relate to a non-natural person. SkillStar considers the contact details of a nonnatural partner with a business relationship, including any contact information provided by the company or such person (e.g. phone number, address not suitable for identifying a natural person, etc.) as data mentioned in this article. 2. PROCESSING DEFINITIONS AND PRINCIPLES 2.1. Definitions The main terms used in this policy shall be interpreted as follows (according to GDPR definitions): - data subject means any natural person identified or identifiable on any processed data; a person may be identified if the identification is possible related to the processed data (in particular an identification data, such as name, number, positioning data, online identity or physical, physiological, genetic, intellectual, economic, cultural or social identity of one or more factor) in direct or indirect way; 1
2 - personal data means any information concerning the data subject; - controller means the person who manages the purposes and tools of the processing of personal data, alone or jointly with others; - processor means other person who is processing personal data on behalf of the controller; - processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction); - consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; - recipient means a natural or legal person, to which the personal data are disclosed; - personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed Cases of the processing SkillStar processes the data of natural person only in accordance with the GDPR and the domestic legislation on data protection for a specific purpose, in the case of an appropriate legal basis. The time, mode and extent of the processing shall be in accordance with the purpose set out above Methods of the processing SkillStar processes and stores personal data primarily on its own assets or self-controlled devices. SkillStar s employees are authorized to process or to access the data stored on such devices only if the processing or knowledge of the data in question is necessary to perform their duties. SkillStar uses services of processor(s) in cases of the following services: (i) (ii) keeping records of labour relationships, payroll calculation; provision of legal services; (iii) provision of hotel accommodation; (iv) providing a travel organization service; (v) provision of security guard and security services related to property leasing; (vi) providing postal and mail delivery service; (vii) provision of cloud based data storage services Transfer data to countries outside the European Union SkillStar does not transfer data relating to natural persons to countries outside the European Union. 2
3 2.5. Processing of particularly sensitive personal data SkillStar does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data uniquely identifying a natural person, data concerning health or data concerning sex or sexual orientation. If any data subject still provides such data, SkillStar promptly deletes it. The only exceptions to the foregoing is when SkillStar according to reasons related to health status, social security, social or similar benefits or services or any obligation related to any of them concerning a natural person having a legal relationship with SkillStar, is obliged to process such data, but in this cases SkillStar shall ensure that such data are properly protected and stored and subsequently removed for the time indicated in the relevant legislation Processing personal data relating to children SkillStar processes personal data relating to a person who is below the age of 16 only in the cases specified in this policy. 3. CASES OF PROCESSING OF DATA 3.1. Processing of data related to labour contract SkillStar processes the following data in connection with labour contracts signed with its employees: - scope of the processed data: name, birth name, date and place of birth, mother s birth name, residence, tax number, social insurance number, bank account number, phone number, marital status, child s name, child s date of birth, birth name of the child s mother, child s residence, child s tax number, type of the document of qualification, the issuing institution of the document of qualification, date of the document of professional skills, retired (yes/no), starting date of retirement, pension fund number; - purpose of the processing: the identification of the person and the bank account number is necessary for performance of the labour contract, and for providing information based on Act nr. CL of 2017 on the order of taxation and the Act nr. LXXX. of 1997 on the eligibility for social security benefits and private pensions and the funding of these services, related to the labour contract, and also for the payment of the wages; - basis for the processing: processing is necessary for the performance of a contract to which the data subject is party and for compliance with a legal obligation to which the controller is subject [GDPR, point b) and c) of paragraph (1) of Article 6]; - duration of the processing: 5 th December 2028, after this date 5 (five) years from the date of termination of the contract; processors carrying out accounting or legal activity for SkillStar Processing of data related to data subject applying for job advertisement SkillStar processes the following data of data subjects applying for the job advertisements of the company: - scope of the processed data: name, birth name, date and place of birth, mother s birth name, phone number, address, residence, and all the data provided by the applier in the CV (qualification, professional experience, languages, interests, etc.); 3
4 - purpose of the processing: identification of the appliers and examination of their suitability (qualification, professional competence), making possible to reach unsuccessful applicants if a similar position becomes available; - basis for the processing: consent of the data subject [GDPR, point a) of paragraph (1) of Article 6]; - duration of processing: 1 (one) year from the submission of the CV; - persons entitled for processing and recipients: managers and employees of SkillStar Processing of data related to other contracts concluded with natural persons SkillStar processes the following data in connection with other contracts (personal service contracts, work contracts, etc.) signed with natural persons: - scope of the processed data: name, birth name, date and place of birth, mother s name, residence/seat, tax number, social insurance number, bank account number, full time employment relationship s nature, employer s name, retired (yes/no), beginning date of retirement, pension fund number; - purpose of the processing: the identification of the person and the bank account number is necessary for performance of the contract, and for providing information based on Act nr. CL of 2017 on the order of taxation and the Act nr. LXXX. of 1997 on the eligibility for social security benefits and private pensions and the funding of these services, related to the labour contract, and also for the payment of the wages; - basis for the processing: processing is necessary for the performance of a contract to which the data subject is party and for compliance with a legal obligation to which the controller is subject [GDPR, point b) and c) of paragraph (1) of Article 6]; - duration of the processing: 5 th December 2028, after this date 5 (five) years from the date of termination of the contract; processors carrying out accounting or legal activity for SkillStar Processing of data of natural persons mentioned in contracts concluded with legal persons SkillStar processes the following data in case of natural persons mentioned in contracts concluded with legal persons (e.g. administrators, contact persons): - scope of the processed data: name, phone number, address; - purpose of the processing: identification of the natural person acting on behalf of a legal persons is necessary for the performance of the contract; - basis for the processing: processing is necessary for the performance of a contract to which the data subject is party [GDPR, point b) of paragraph (1) of Article 6]; - duration of the processing: 5 th December 2028, after this date 5 (five) years from the date of termination of the contract; processors carrying out accounting or legal activity for SkillStar. 4
5 3.5. Processing of data of active participants (competitors, competition experts, volunteers, etc.) of international competition of professions EuroSkills 2018 Budapest and any event related thereto SkillStar processes the following data related to active participants concerning organization of international competition of professions EuroSkills 2018 Budapest: - scope of the processed data: name, date of birth, phone number, address, data related to food intolerance, data related to allergy, image; - purpose of the processing: registration, identification of the participants, and carrying out of travel and accommodation services, - basis for the processing: consent of the data subject [GDPR, point a) of paragraph (1) of Article 6]; - method of the processing: digital documentation; - duration of the processing: 30 th September 2019; processors providing travel, accommodation, guard or security services, international organization having the rights of the competition Processing of data of participants of international competition of professions EuroSkills 2018 Budapest, participating in frames of school community service SkillStar processes the following data related to participants concerning organization of international competition of professions EuroSkills 2018 Budapest, participating in frames of school community service: - scope of the processed data: name, date of birth, residence, mother s birth name, data related to food intolerance, data related to allergy, parent s/caretaker s name, parent s/caretaker s residence, parent s/caretaker s phone number; - purpose of the processing: registration and identification of persons participating in frames of school community service, issuing certificate to them; - basis for the processing: consent of the data subject [GDPR, point a) of paragraph (1) of Article 6]; - duration of the processing: 30 th September 2019, after this date 1 (one) year from the performance of school community service; processors providing guard and security services Processing of data of active participants (competitors, competition experts, volunteers, etc.) of international competition of professions EuroSkills 2018 Budapest and any event related thereto SkillStar processes the following data related to active participants concerning organization of international competition of professions EuroSkills 2018 Budapest: - scope of the processed data: name, date of birth, phone number, address; - purpose of the processing: registration and identification of the participants; - basis for the processing: consent of the data subject [GDPR, point a) of paragraph (1) of Article 6]; 5
6 - method of processing: digital documentation; - duration of processing: 30 th November 2018; processors providing guard and security services. 4. THE RIGHTS OF THE DATA SUBJECT 4.1. Right of information The data subject shall have the right to be informed in case SkillStar processes personal data relating to him or her. The information shall contain the following: - the identity and the contact of the controller; - the purposes and the legal basics of the processing; - the envisaged duration of the processing; - information on other rights of the data subject contained in this chapter; - information on opportunity of withdrawal of consent, when the legal basis of the processing is the consent of the data subject; - the name of the supervisory authority which is competent pursuant to the processing operation. The information shall contain the source of the data, where personal data obtained from another source Right of access The data subject shall have the right to obtain from SkillStar confirmation as to whether or not personal data concerning him or her are being processed, and, where that in the case, access to the personal data and the following information: - the purposes of the processing; - the categories of personal data concerned; - people to whom the personal data have been disclosed or will be disclosed; - envisaged duration of the processing; - the source of the data, where the personal data are not collected from the data subject. The information shall contain further details concerning the other rights mentioned in this chapter and the name of the supervisory authority which is competent pursuant to the processing operation Right to rectification The data subject shall have the right to obtain from SkillStar the rectification of inaccurate personal data concerning him or her Right of erasure The data subject shall have the right to ask SkillStar to erase personal data relating to him or her in the following cases: 6
7 - personal data are no longer necessary in relation to the purposes which they were processed; - the data subject withdraws his or her consent and the processing has no other legal grounds; - the data subject objects to the processing and there are no overriding legitimate grounds; - the personal data have been unlawfully processed; - the personal data have to be erased for compliance with a legal obligation in law to which the controller is subject Right to restriction The data subject shall have the right to obtain from SkillStar restriction of the processing of the personal data relating to him or her where the following applies: - the accuracy of the personal data is contested by the data subject (for a period enabling to verify the accuracy of the personal data); - the processing is unlawful and the data subject opposes the erasure of the personal data; - the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; - the data subject has objected to processing (pending the verification whether the legitimate grounds of the controller override those of the data subject) Right to data portability The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly-used and machine-readable form and have the right to transmit those data to another controller without hindrance from SkillStar Right to object The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, which is necessary for the purposes of legitimate interests pursued by the SkillStar or by a third party, SkillStar shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims Right to compensation The data subject who has suffered damage as a result of an infringement of law or this policy shall have the right to receive compensation from SkillStar Law enforcement The data subject shall have the right to give a notice of the claims regarding to points of this chapter (to SkillStar or the data protection officer mentioned in this policy) in person, in writing or by . The data subject shall proof his or her identity first to be entitled to exercise the legal claim. After the proof of the identity the personal contact is no longer necessary, the communication can continue via other means and contacts (e.g. postal address, phone number, ) given by the identified data subject. The 7
8 information shall be in a concise, transparent, intelligible and easily accessible form. The compensation can be enforced in the form as mentioned above or with a law-suite in a judicial procedure. 5. PROTECTION OF THE PROCESSED DATA 5.1. Measures of protection SkillStar makes efforts to use the highest safety methods in relation to data which processed and stored by itself or SkillStar s controllers. At the same time details of these methods couldn t be mentioned in this policy regarding there nature and the purposes of them. If any problem occurs relating to any of the safety methods, SkillStar shall immediately start making steps in order to solve the problem and to make the safety method better or to change the method for a more suitable one to reach a higher safety level without undue delay Personal data breach In the case of a personal data breach relating to the processed personal data, SkillStar shall, without undue delay, but not later than 72 hours after having become aware of it, notify the competent supervisory authority about the personal data breach. The notification shall describe the nature of the personal data breach, the categories of data subjects concerned, the categories of personal data records concerned, communicate the name and contact details of the data protection officer, describe the likely consequences of the personal data breach and measures taken or proposed to be taken to address the personal data breach. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, and the risk cannot be removed or the consequences cannot be avoided, SkillStar shall communicate to the data subject without undue delay. The communication shall describe in clear and plain language the nature of the personal data breach and contain measures taken or proposed to be taken to address the personal data breach. 6. MISCELLANEOUS 6.1. Place(s) of activity The main place of activity of SkillStar is Hungary (Budapest) Data protection officer Data protection officer can be contacted with questions, comments, complaints and any other claims concerning this policy or the processing of data by SkillStar via each of the following contacts: name: dr. Krisztián Tóta status: in-house lawyer, Hungarian Chamber of Commerce and Industry postal address: Hungary 1054, Budapest Szabadság tér 7. phone number: tota.krisztian@mkik.hu 6.3. Supervisory authority Where the processing of data by SkillStar infriges the rights or legitimate interests of a natural person, the data subject shall have the right to file a complaint to Hungarian National Authority for Data Protection and Freedom of Information (registered seat:
9 Budapest, Szilágyi Erzsébet fasor 22/C.; postal address: 1530 Budapest, Pf. 5.; phone number: ; fax: ; ugyfelszolgalat@naih.hu) Entry into force, amendment This policy shall apply from the date of its publication on the Website below. SkillStar reserves the right to amend this policy unilaterally and without explanation, in which case the amendment shall apply from the date of the publication of the amended policy on the Website. Budapest, 25 th May
Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)
Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject) In accordance with articles 13 and 14 of the regulation (EU) 2016/679 OF the European Parliament
More informationPROCEDURE RIGHTS OF THE DATA SUBJECT PURSUANT TO THE ARTICLES 15 TO 23 OF THE REGULATION 679/2016
PROCEDURE RIGHTS OF THE DATA SUBJECT PURSUANT TO THE ARTICLES 15 TO 23 OF THE REGULATION 679/2016 The Regulation (UE) 679/2016 over personal data protection calls for the safeguard of the rights of the
More informationcloser look at Rights & remedies
A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.
More informationDeclaration on the protection of personal data in the company TAJMAC ZPS, a.s.
Declaration on the protection of personal data in the company TAJMAC ZPS, a.s. In this Declaration on the protection of personal data, the company TAJMAC-ZPS, a.s. how it processes personal data of individuals
More informationCharter on personal data
Charter on personal data Paris, May 24 th of 2018 The purpose of this present Charter (hereinafter «the Charter») is to inform the clients, suppliers and more globally any concerned person (hereinafter
More informationArt. I Right to Access to Personal Data
Notification on the data subject s rights in accordance with Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts Should this notification state the section
More information(1) General information
Information regarding the collection of your personal data () in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) This document aims to fulfill our obligations according to Article
More information16 March Purpose & Introduction
Factsheet on the key issues relating to the relationship between the proposed eprivacy Regulation (epr) and the General Data Protection Regulation (GDPR) 1. Purpose & Introduction As the eprivacy Regulation
More informationDATA PROTECTION (JERSEY) LAW 2018
Data Protection (Jersey) Law 2018 Arrangement DATA PROTECTION (JERSEY) LAW 2018 Arrangement Article PART 1 7 INTRODUCTORY 7 1 Interpretation... 7 2 Personal data and data subject... 12 3 Pseudonymization...
More informationPrivacy Notice 1. CONTROLLER S NAME AND DATA
Privacy Notice 1. CONTROLLER S NAME AND DATA Name: Flight Refund Korlátolt Felelősségű Társaság Registered office: 1024 Budapest, Rózsahegy utca 1-2. 1. em. 1. Postal address (official mailing address):
More informationDIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995
DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
More information1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements
PRIVACY NOTICE OF PERSONAL DATA PROCESSING FOR DATA SUBJECT NON-EMPLOYEES Of U. S. Steel Košice, s.r.o. pursuant to Regulation of the European Parliament and the Council (EU) 2016/679 U. S. Steel Košice,
More informationData Protection Policy. Malta Gaming Authority
Data Protection Policy Malta Gaming Authority Contents 1 Purpose and Scope... 3 2 Data Protection Officer... 3 3 Principles for Processing Personal Data... 3 3.1 Lawfulness, Fairness and Transparency...
More informationAct CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information 1 In order to ensure the right of informational self-determination and the freedom of information, and to
More informationPrivacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.
Privacy policy 1. Introduction 1.1 We are committed to safeguarding the privacy of our website visitors. 1.2 This policy applies where we are acting as a data controller with respect to the personal data
More informationThe Act on Processing of Personal Data
The Act on Processing of Personal Data Act No. 429 of 31 May 2000 as amended by section 7 of Act No. 280 of 25 April 2001, section 6 of Act No. 552 of 24 June 2005 and section 2 of Act No. 519 of 6 June
More informationPROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family
More informationGeneral Data Protection Regulation
General Data Protection Regulation Bar Council Guide for Barristers and Chambers Purpose: Scope of application: Issued by: To assist barristers and sets of chambers in their compliance with the GDPR All
More informationEuropean Data Protection Supervisor Your personal information and the EU administration: What are your rights?
European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed
More informationBASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)
BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR) The undersigned: Basecone N.V., a corporation established under Dutch law, with its corporate domicile at Eemweg 8, 3742 LB Baarn, the Netherlands
More informationREGULATION (EU) 2016/679 General Data Protection Regulation
REGULATION (EU) 2016/679 General Data Protection Regulation An overview to the new legal data protection requirements impacting on all businesses trading within the EU John Greenwood Compliance3 June 2016
More informationInformation about the Processing of Personal Data (Article 13, 14 GDPR)
Information about the Processing of Personal Data (Article 13, 14 GDPR) Dear Sir or Madam, The personal data of every individual who is in a contractual, pre-contractual or other relationship with our
More informationCOMP Article 1. Article 1 Subject matter and objectives
Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention,
More informationEQUILOR BEFEKTETÉSI ZRT. S PRELIMINARY INFORMATION ON DATA PROTECTION
EQUILOR BEFEKTETÉSI ZRT. S PRELIMINARY INFORMATION ON DATA PROTECTION EQUILOR Befektetési Zártkörűen Működő Részvénytársaság (short company name: EQUILOR Zrt.; registered office: H-1037 Budapest, Montevideo
More informationAalto Summer continuing education
1 Aalto University Privacy Notice for Aalto Summer Students General Data Protection Regulation (EU) 2016/679, (GDPR), Articles 13 and 14 Dear Aalto Summer Students, This notice concerns Aalto Summer continuing
More informationDATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")
DATA PROCESSING AGREEMENT between [Customer] (the "Controller") and LINK Mobility (the "Processor") Controller Contact Information Name: Title: Address: Phone: Email: Processor Contact Information Name:
More informationTHE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum
THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT PARTIES This agreement between has been concluded on.. by and between HotSpot System Ltd. a company registered in Hungary under company number 01-09883187 whose registered office
More informationSTATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT
STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT The purpose of this Statoil Binding Corporate Rules Public Document is to explain the content of the Binding Corporate Rules (BCR) and help ensure that
More informationPersonal Data Protection Act
Personal Data Protection Act Promulgated State Gazette No. 1/4.01.2002, effective 1.01.2002, supplemented, SG No. 70/10.08.2004, effective 1.01.2005, SG No. 93/19.10.2004, No. 43/20.05.2005, effective
More information***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 20.12.2012 2012/0010(COD) ***I DRAFT REPORT on the proposal for a directive of the European Parliament and of the Council
More informationPERSONAL DATA PROCESSING AGREEMENT
PERSONAL DATA PROCESSING AGREEMENT between the following parties: 1. Name:............... Registration number / VAT ID:... Address:... Signed by:... Signature:... (hereinafter as Controller ) and 2. Name:
More informationPRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)
PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU) 2016/679 Pursuant to article 13 and ff. of Regulation
More informationREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April on the protection of natural persons
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
More information5418/16 AV/NT/vm DGD 2
Council of the European Union Brussels, 6 April 2016 (OR. en) Interinstitutional File: 2012/0010 (COD) 5418/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DATAPROTECT 1 JAI 37 DAPIX 8 FREMP 3 COMIX 36
More informationData Protection Bill [HL]
[AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE
More informationTHE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE
THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE Digital forensics and incident response is fundamentally about digital evidence, and
More informationInternational Privacy Laws: Those New EU Data Protection Regulations Do Apply to You!
International Privacy Laws: Those New EU Data Protection Regulations Do Apply to You! The Forum on Education Abroad Thursday, March 22, 2018 Presented By: Gian Franco Borio, Legal Counsel to the Association
More informationA Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner
A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key
More informationGeneral Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...
More informationData Protection Bill [HL]
[AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this
More informationSCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...
More informationAn Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018
An Bille um Chosaint Sonraí, 18 Data Protection Bill 18 Mar a ritheadh ag Seanad Éireann As passed by Seanad Éireann [No. b of 18] AN BILLE UM CHOSAINT SONRAÍ, 18 DATA PROTECTION BILL 18 Mar a ritheadh
More informationAn Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018
An Bille um Chosaint Sonraí, 18 Data Protection Bill 18 Mar a tionscnaíodh As initiated [No. of 18] AN BILLE UM CHOSAINT SONRAÍ, 18 DATA PROTECTION BILL 18 Mar a tionscnaíodh As initiated CONTENTS Section
More informationData Processing Addendum
Data Processing Addendum Effective 25 May 2018 or if later the date of Processor s receipt of a valid and fully executed version (the Effective Date ) This Data Processing Addendum forms part of the current
More informationLaw Enforcement processing (Part 3 of the DPA 2018)
Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive
More informationTHE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS
THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)
More informationthe Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States
Agreement between the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States on the Transfer of Certain Personal Data The Public
More informationDATA PROTECTION (JERSEY) LAW 2005
DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005
More informationThe Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017
The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental Mauritius Resort,
More informationData Protection Act 1998
Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.
More informationOTrack Data Processing Terms
BACKGROUND These Personal Data Processing Terms (the Agreement ) are entered into between Optimum Records Limited ( Optimum ) and the school using the services provided by Optimum (the School ) whose details
More informationLAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS
LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS Article 1. Subject matter of the Law 1. This Law shall regulate the procedure and conditions for processing personal
More informationTelekom Austria Group Standard Data Processing Agreement
Telekom Austria Group Standard Data Processing Agreement This Agreement is entered into by and between: I. [TAG Company NAME], a company duly established and existing under the laws of [COUNTRY] with its
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP 257 rev.01 Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules Adopted on 28 November
More information9091/17 VH/np 1 DGD 2C
Council of the European Union Brussels, 24 May 2017 (OR. en) Interinstitutional File: 2017/0002 (COD) 9091/17 NOTE From: To: Presidency Council No. prev. doc.: 8431/17 Subject: Proposal DATAPROTECT 94
More informationApplication for a visa for a long stay in Belgium This application form is free
Application for a visa for a long stay in Belgium This application form is free PHOTO 1. Surname (Family name) (x) FOR OFFICIAL USE ONLY 2. Surname at birth (Former family name(s)) (x) Date of application:
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationRESTREINT UE/EU RESTRICTED
Council of the European Union General Secretariat Brussels, 16 March 2015 (OR. en) 7236/15 RESTREINT UE/EU RESTRICTED JAI 177 USA 10 DATAPROTECT 32 RELEX 228 NOTE From: To: Subject: Commission Services
More informationGDPR. EU General Data Protection Regulation. ebook Version 1.2
GDPR EU General Data Protection Regulation ebook Version 1.2 Table of Contents Introduction... 6 The GDPR... 6 Source... 6 Objective... 6 Restrictions... 6 Versions... 6 Feedback... 6 CHAPTER I - General
More informationAct CVIII of on certain issues of electronic commerce services and information society services 1
Act CVIII of 2001 on certain issues of electronic commerce services and information society services 1 With a view to promoting the development of electronic commerce and thereby the economic growth, and
More informationIndividual Rights (Data Privacy) Policy
October 2017 Please see the cover sheet to the Information Policies on the Staff Intranet and Board Intelligence. Individual Rights (Data Privacy) Policy 1. Introduction 1.1 UK data protection law gives
More informationAdequacy Referential (updated)
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 254 Adequacy Referential (updated) Adopted on 28 November 2017 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
More informationSTATUTORY INSTRUMENT 2002 NO THE ELECTRONIC COMMERCE (EC DIRECTIVE) REGULATIONS Statutory Instruments No. 2013
STATUTORY INSTRUMENT 2002 NO. 2013 THE ELECTRONIC COMMERCE (EC DIRECTIVE) REGULATIONS 2002 Statutory Instruments 2002 No. 2013 ELECTRONIC COMMUNICATIONS The Electronic Commerce (EC Directive) Regulations
More informationPRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.
Page 1 of 10 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. MEGT will fulfil its obligations under the Privacy Amendment (Enhancing
More informationPort Glasgow St Andrew s Data Protection Policy
Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy
More informationThe NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS
Provides for the protection of personal data and changes Law No. 12,965, of April 23, 2014 (the Brazilian Internet Law ). The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS Art. 1 This Law
More informationThe European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018
The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018 1 The European Union has set an effective date of May 25, 2018, for the General
More informationDECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means
DECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means In order to ensure an efficient protection of the fundamental rights and liberties of natural persons,
More informationMannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy
Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special
More information8557/16 SHO/ra 1 DGD 2
Council of the European Union Brussels, 18 May 2016 (OR. en) Interinstitutional Files: 2016/0127 (NLE) 2016/0126 (NLE) 8557/16 JAI 347 USA 24 DATAPROTECT 44 RELEX 343 LEGISLATIVE ACTS AND OTHER INSTRUMENTS
More informationData Protection Policy
Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data
More informationConsolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.
More informationCoordinated text from 10 August 2011 Version applicable from 1 September 2011
Coordinated text of the Act of 30 May 2005 - laying down specific provisions for the protection of persons with regard to the processing of personal data in the electronic communications sector and - amending
More informationSSLI \6.0 v1.0
SCHEDULE 3 STANDARD CONTRACTUAL CLAUSES (PROCESSORS) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of Personal Data to Processors established in third countries which do not
More informationPE-CONS 71/1/15 REV 1 EN
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 27 April 2016 (OR. en) 2011/0023 (COD) LEX 1670 PE-CONS 71/1/15 REV 1 GVAL 81 AVIATION 164 DATAPROTECT 233 FOPOL 417 CODEC 1698 DIRECTIVE OF THE
More informationELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan
ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing
More informationDATA PROTECTION LAWS OF THE WORLD. Romania
DATA PROTECTION LAWS OF THE WORLD Romania Downloaded: 21 July 2018 ROMANIA Last modified 24 May 2018 LAW The General Data Protection Regulation (Regulation (EU) 2016/679) (" GDPR") is a European Union
More informationFragomen Privacy Notice
Effective Date: May 14, 2018 Fragomen Privacy Notice Fragomen, Del Rey, Bernsen & Loewy, LLP, Fragomen Global LLP, and our related affiliates and subsidiaries 1 (collectively, Fragomen or "we") want to
More informationPrinciples and Rules for Processing Personal Data
data protection rules LAW AND DIGITAL TECHNOLOGIES INTERNET PRIVACY AND EU DATA PROTECTION Principles and Rules for Processing Personal Data Gerrit-Jan Zwenne Seminar III October 31th, 2018 lawfulness,fairness
More informationConsolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.
More informationDATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...
DATA PROTECTION (AMENDMENT) REGULATIONS 2018 DATA PROTECTION (AMENDMENT) REGULATIONS 2018 1. Amendments to the Data Protection Regulations 2015... 2 2. Insertion of new sections... 9 3. Short title, extent
More informationSchools Subject Access Request Procedures
Schools Subject Access Request Procedures Policy reviewed by Academy Transformation Trust on June 2018 This policy links to: Located: Data Protection Policy Freedom of Information Policy Review Date May
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More informationTerms of Business
Terms of Business Terms of Business PLEASE NOTE: These terms of business govern the relationship between You as a Buyer or Supplier respectively and Us as a provider of Services to You in your capacity
More informationCHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II
CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Short Title 2. Interpretation 3. Scope of Application PART II DATA PROTECTION AUTHORITY 4. Establishment
More informationDate recieved Recieved by (name) Authority (stamp) Personal ID / Udl.nr. Previous surnames / family names (if applicable)
Application form For official use only Date recieved Recieved by (name) Authority (stamp) Personal ID / Udl.nr. PA2_en_280518 Application to renew a Danish alien s passport Use You can use this form to
More informationASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT]
ok Search Rua de São Bento n.º 148-3º 1200-821 Lisboa - Tel: +351 213928400 - Fax: +351 213976832 - e-mail: geral@cnpd.pt ASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT] Act 67/98 of 26 October Act on
More information6153/1/18 REV 1 VH/np 1 DGD2
Council of the European Union Brussels, 16 February 2018 (OR. en) Interinstitutional File: 2017/0002 (COD) 6153/1/18 REV 1 DATAPROTECT 16 JAI 107 DAPIX 40 EUROJUST 19 FREMP 14 ENFOPOL 71 COPEN 39 DIGIT
More informationOfficial Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002
Official Gazette 2002 No. 55 issued on 8 May 2002 Data Protection Act of 14 March 2002 I hereby grant my consent to the following resolution adopted by the Diet: I. General provisions Article 1 Objective
More informationPERSONAL DATA PROTECTION POLICY OF GOPET
PERSONAL DATA PROTECTION POLICY OF GOPET General provisions 1. (1) "GOPET" means any of the companies in the GOPET group: GOPET TRANS EOOD, GOPET LOGISTICS EOOD, GOPET OOD, GOPET ROMANIA SRL, GOPET POLAND
More informationGeneral Part of the Economic Activities Code Act 1
Issuer: Riigikogu Type: act In force from: 06.07.2017 In force until: 02.01.2018 Translation published: 10.07.2017 General Part of the Economic Activities Code Act 1 Amended by the following acts Passed
More informationAGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING
AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING Between K MEDIA TECH Ltd, a company established and existing in accordance with the laws of the Republic of Bulgaria, with seat and registered
More informationDATA PROTECTION LAWS OF THE WORLD. Ireland
DATA PROTECTION LAWS OF THE WORLD Ireland Downloaded: 22 July 2018 IRELAND Last modified 24 May 2018 LAW The General Data Protection Regulation (Regulation (EU) 2016/679) (" GDPR") is a European Union
More informationEDPS Opinion on the proposal for a recast of Brussels IIa Regulation
Opinion 01/2018 EDPS Opinion on the proposal for a recast of Brussels IIa Regulation (Council Regulation on jurisdiction, the recognition and enforcement of decisions in matrimonial matters and the matters
More informationCase C-553/07. College van burgemeester en wethouders van Rotterdam. M.E.E. Rijkeboer. (Reference for a preliminary ruling from the Raad van State)
Case C-553/07 College van burgemeester en wethouders van Rotterdam v M.E.E. Rijkeboer (Reference for a preliminary ruling from the Raad van State) (Protection of individuals with regard to the processing
More informationDATA PROTECTION LAWS OF THE WORLD. Ukraine
DATA PROTECTION LAWS OF THE WORLD Ukraine Downloaded: 8 December 2017 UKRAINE Last modified 25 January 2017 LAW The Law of Ukraine No. 2297 VI 'On Personal Data Protection' as of 1 June 2010 (Data Protection
More informationData Processing Addendum
Data Processing Addendum The parties conclude this Data Processing Addendum ( DPA ), which forms part of the Agreement between Customer and Licensor ( Epignosis ), to reflect our agreement about the Processing
More informationTerms and Conditions GDPR Ready Data
Terms and Conditions GDPR Ready Data 1. DEFINITIONS (1) Corpdata means Corpdata Limited, registered in England and Wales No. 02690712. (2) controller means the natural or legal person, public authority,
More informationAccess to Personal Information Procedure
Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be
More information