Serbia: Extended Application Of GDPR To Non-EU Countries In Accordance With The Guidelines 3/2018 On The Territorial Scope Of GDPR

Practical review
Adoption of the General Data Protection Regulation of the European Union (EU) 2016/679 ("GDPR"), applicable as of 25 May 2018, marked a watershed in the regulation of personal data protection and the rights of persons whose data is being processed, while also setting down penalties and making substantial progress in safeguarding the personal right to privacy.
Owing to the ambiguity of Article 3 of the GDPR regulating territorial scope and the necessity for additional interpretation, the European Data Protection Board adopted Guidelines 3/2018 on 16 November 2018, on the territorial scope of the GDPR (the "Guidelines"). The Guidelines are a response to uncertainties surrounding the territorial scope of the GDPR and serve to ensure consistency and uniform practice in this matter.
Article 3 of the GDPR regulates the matter of territorial scope. Fulfilling one of the three prescribed criteria triggers application of the GDPR:

  1. Establishment of a controller or processor in the EU;
     
  2. Targeted activity/Targeting towards the EU territory, even though the controller or processor is not in the EU;
     
  3. Application by virtue of public international law.

The above definition is a solid foundation for determining the territorial scope of the GDPR, but leaves itself open to a broad range of interpretations – hence the need for an "in concreto" assessment.
In this article, we will consider detailed explanations of the extended application rules, as well as practical examples to gain a comprehensive understanding of the significance and impact of these rules on non-EU countries.

1. Application based on establishment of a controller or processor in the EU

"GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

This definition allows for a case-by-case interpretation of whether the GDPR is applicable or not. While characteristic for application within EU Members, in some cases it may also apply to non-EU countries. Establishment implies the effective and real exercise of activity, regardless of the legal form of the controller or processor. What this really means depends on each case. A more precise definition is not provided so that the field of application is determined as broadly as possible. The GDPR may thus potentially apply to non-EU established business entities with branches in the EU.
In particular, a link must be established between the collection and processing of personal data and activities in the EU. Nevertheless, collection and processing of personal data by the controller or processor in the EU will suffice for the GDPR to apply.
 
Example 1: A company established in Belgium that manufactures car parts solely for buyers in the USA and Canada collects and processes personal data only in the United States. Nevertheless, application of the GDPR is mandatory, because the controller is a Belgian company.

Even where personal data are not directly processed by an EU processor or controller, but by an affiliate outside the EU, and where there is a link between the activities of the EU establishment and the processing of data by a non-EU processor or controller, the application of the GDPR is mandatory.

Example 2: A marketing company registered in India has established a branch in France. The Indian company processes all data in respect of market research and the improvement of its services on the territory of France. It may be considered that the business of the branch established in France is related to data processing and therefore the company in India will be obliged to apply the GDPR because of the link with its EU established branch, even if in this specific case it is not possible to prove the direct involvement of the French branch in the data processing, because a certain connection is definitely present, which is enough for application of the GDPR.

The general conclusion is that the existence of a branch or other establishment may trigger application of the GDPR. In some circumstances, i.e. online services, the presence of a single employee or agent of the non-EU entity may be sufficient to trigger application of the GDPR. However, while the definition of "establishment" is broad, it is not without limits. For example, it does not mean that the GDPR will apply to a Serbian company just because its website is accessible to people in the EU.
Application of the GDPR should be considered separately for the controller and processor. It is not enough to conclude that the application of the GDPR is mandatory for the processor simply because it was previously determined that it applies to the controller or vice versa.

The second part of this application criterion demonstrates that data processing does not have to take place within the EU. The GDPR will apply to entities that collect and process personal data only in non-EU countries if they have a business presence, i.e. establishment, in the EU.

2. Application based on targeted activity, i.e. targeting, towards the EU territory, even if a controller or processor have no presence in the EU

"GDPR applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the Union, where the processing activities are related to:

  • the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
     
  • the monitoring of their behaviour as far as their behaviour takes place within the Union."

This criterion leaves greater scope for application to be extended to non-EU countries, although satisfaction of the application criterion must be examined on a case-by-case basis. While the citizenship of the data subject is irrelevant, its location in the territory of the EU is a determining factor.
In the first scenario, simply offering goods or services to data subjects in the EU would trigger the application of the GDPR, but it is necessary to determine whether the "offer" has been made. Various factors can be taken into consideration when determining whether a particular action is considered offering goods or services to data subjects in the EU. These include, but are not limited to: the use of a language of an EU Member State other than the language used in the country of the supplier of the goods or services; allowing payment in a foreign currency; offering the delivery of goods in EU Member States; mentioning dedicated phone numbers or addresses for EU users; the use of common EUR domain names such as ".de" or ".eu". Taken alone, these factors may not amount to a clear indication of the intention of a data controller to offer goods or services to data subjects in the EU; however, they should each be taken into account to determine whether a combination of factors can together be considered as an offer of goods or services directed at data subjects in the EU and in turn trigger application of the GDPR. The key point here is to determine whether an activity is targeted towards data subjects in the EU.

Example 3: The internet address of a Chinese company, established in China, sells cameras and related equipment. The website is available in Chinese, English, German and French. It offers delivery to England, Germany and France, and accepts payment in euros and pounds. If these parameters are fulfilled, they together lead to the application of the GDPR in this particular situation, even though all data collection and processing is carried out in China.

Example 4: The Russian Agency for Programming and Software Development has announced a job vacancy on its website, stating that knowledge of English and German is required. The question here is whether it is subject to the GDPR given that these languages are widely spoken in the EU? In this context, the answer is no. Knowledge of English and German cannot serve as the sole indicator that data subjects in the EU are being targeted exclusively. The presence of other factors would be necessary for such a conclusion.

In the second scenario, the GDPR applies if the behaviour of a data subject in the EU is monitored, but only if that monitoring is performed in the EU. It is necessary to determine precisely what data subject behaviour is being monitored, the purpose of the monitoring, and whether the data subject will be subject to profiling and certain conclusions will be drawn as a result.  

Example 5: A marketing agency from Mexico provides consultation services in the field of tourism. With the help of a Wi-Fi network, the behaviour of a data subject in Berlin is monitored and local restaurants in the city are recommended via social networks.

It is clear from this example that monitoring is being carried out to provide restaurant recommendations and that the data subject is in the EU, hence the GDPR applies.
Controllers or processors not established in the EU but engaging in processing activities falling under Article 3(2) are required to designate a representative in the EU. Appointment should be by written agreement, which will regulate a connection between the controller or processor and the EU representative, as well as mutual rights, obligations and responsibilities.
It is commonplace for non-EU controllers and processors to engage specialised companies with experience in this field as a representative. The role of representative and the role of Data Protection Officer are not compatible and should be kept separate. The role of the representative is to act as a point of contact for subjects whose data are processed and the controller, to maintain a registry of communications with the competent EU authorities in charge of data protection. The designation of a representative does not affect the responsibility or liability of the controller or processor outside the EU.
Designating a representative is not mandatory where collection and processing is occasional, where there is a remote risk of personal data being breached, or where processing is carried out by a public authority or body.

Example 6: If we look back to Example 3, where it is concluded that the GDPR is applicable, there is an obligation to designate a representative either in England, France or Germany. It is also necessary to provide the name and contact information of the controller among the data available to customers on the website.

3. Application based on Member State law by virtue of public international law

"GDPR applies to the processing of personal data by a controller not established in the Union, but in a place where the EU Member's law applies by virtue of public international law."
This application criterion differs from that set down in the Serbian Data Protection Act, which does not make specific provision for it. The scope of this criterion is limited, but still leads to the application of the GDPR to non-EU countries. This criterion primarily concerns foreign diplomatic and consular missions, but also several other situations.

Example 7: The German Embassy in Russia has opened an application process for the recruitment of administrative staff to process the data of temporary work visa applicants. Although the German Embassy is not established in the EU, as it is an EU Member State embassy in accordance with public international law, the application of German law – and thus the GDPR – is mandatory. Applicants' personal data should therefore be collected in accordance with the GDPR.

Example 8: An Austrian aircraft flying over Mexican territory processes the data of passengers on board to improve the quality of its services and send special offers from the airline for future flights. Although the aircraft is located outside EU territory, the fact that it is registered in Austria means that by virtue of public international law, the laws of Austria – and therefore the GDPR – shall be applicable.

The impact of the GDPR on non-EU countries is plain to see in the legislation enacted in this area by EU candidate countries, which for the most part incorporate the uniform GDPR rules. Meanwhile, the rules on the extended territorial scope of the GDPR move its impact far beyond the borders of Europe. The loose wording in respect of its application has left the door open for multiple interpretations, hence the need to develop legal practice to establish rules for every possible situation. Clearly the effect of the GDPR is significant even outside Europe, but it remains to be seen how it will be implemented in practice, in particular the provisions on the obligation to designate a representative in the EU.

 


Proairena primena GDPR-a na dr~ave van Evropske Unije prema Smernicama 3/2018 o
teritorijalnoj primeni GDPR-a

Praktični osvrt

Donoaenjem Opate Uredbe o zaatiti podataka o ličnosti Evropske Unije (EU) 2016/679 (General Data Protection Regulation (EU) 2016/679) ("GDPR"), koja je počela da se primenjuje od 25.05.2018. godine, izvraena je značajna promena u regulisanju zaatite ličnih podataka, kao i u postupanju sa ličnim podacima, pravima lica čiji se podaci obrađuju, predviđenim sankcijama i generalno je ostvaren značajan pomak u sferi zaatite prava lica na privatnost.

Zbog nedovoljno jasnih odredbi člana 3 GDPR-a, koji reguliau teritorijalnu primenu i potrebe za njihovim dodatnim tumačenjem, Evropski odbor za zaatitu podataka ("European Data Protection Board"), usvojio je 16.11.2018. godine Smernice 3/2018 o teritorijalnoj primeni GDPR-a ("Smernice"). Smernice su usvojene sa nastojanjem da se odgovori na potencijalne sumnje i pitanja oko primene GDPR-a kao i da se obezbedi doslednost i ujednačena praksa u ovoj oblasti.

Članom 3 GDPR-a je uređeno pitanje teritorijalne primene. Ispunjenjem jednog od predviđena tri osnova dolazi do primene GDPR-a:

  1. Poslovno prisustvo rukovaoca ili obrađivača u EU;
  2. Usmerene aktivnosti / targetiranja, ka teritoriji EU, iako rukovalac ili obrađivač nemaju prisustvo u EU;
  3. Primena na osnovu pravila međunarodnog javnog prava.

Ovakvim definisanjem je u značajnoj meri određeno kada dolazi do primene GDPR-a, ali je ipak ostavljeno airoko polje primene i tumačenja, koje je potrebno u svakom konkretnom slučaju utvrditi "in concreto".

U nastavku slede detaljnija obrazlo~enja pravila proairene primene kao i praktični primeri kako bi se potpunije shvatio značaj i uticaj ovih pravila na dr~ave van EU.

1. Primena na osnovu poslovnog prisustva rukovaoca ili obrađivača u okviru EU

"GDPR se primenjuje na obradu ličnih podataka u okviru aktivnosti poslovnog prisustva rukovaoca ili obrađivača u EU, bez obzira na to da li se radnja obrade obavlja u EU ili ne"

Ovakvim definisanjem ostavljena je mogućnost tumačenja u svakom konkretnom slučaju da li je potrebno primeniti GDPR ili ne. Ovaj osnov biće karakterističan za primenu u okviru dr~ava članica EU, ali ipak u određenim slučajevima mo~e uticati i na dr~ave izvan EU. Poslovno prisustvo treba tumačiti kao svaki vid efektivne i stvarne poslovne aktivnosti, bez ograničavanja na pravni oblik organizovanja rukovaoca ili obrađivača. `ta to zaista znači zavisi od svakog konkretnog slučaja, preciznija definicija nije data, kako bi se polje primene ato aire odredilo. Na osnovu toga moguće je da druatvo koje je osnovano van EU osnuje ogranak u EU u okviru čijeg poslovanja će se primenjivati GDPR.

Potrebno je posebno utvrditi vezu između prikupljanja i obrade podataka i aktivnosti u okviru poslovnog prisustva u EU. Prikupljanje i obrada ličnih podataka od strane rukovaoca ili obrađivača u EU, bez obzira na pravnu formu organizovanja, biće osnov primene GDPR-a u svakom slučaju.

Primer 1: Druatvo osnovano u Belgiji bavi se proizvodnjom auto delova isključivo za kupce u SAD i Kanadi. Prikupljanje i obrada podataka obavlja se isključivo na teritoriji SAD. Bez obzira na to, primena GDPR-a je obavezna, samo na osnovu toga ato je rukovalac belgijsko druatvo.

Čak i u slučajevima kada lične podatke direktno ne obrađuje obrađivač ili rukovalac prisutan u EU, već njegovo povezano druatvo van EU, a jasno je da postoji određena veza između poslovne aktivnosti u EU i same obrade podataka od strane obrađivača ili rukovaoca van EU, primena GDPR-a će biti obavezna.

Primer 2: Druatvo osnovano u Indiji koje se bavi pru~anjem marketinakih usluga osnovalo je ogranak u Francuskoj. Druatvo iz Indije u potpunosti vrai obradu podataka u svrhu istra~ivanja tr~iata i poboljaanja svojih usluga na teritoriji Francuske. Mo~e se smatrati da je poslovanje ogranka osnovanog u Francuskoj povezano sa obradom podataka, te će druatvo u Indiji, biti obavezno da primeni GDPR zbog postojanja veze sa ogrankom osnovanim u okviru EU, čak i ako u konkretnom slučaju nije moguće dokazati direktnu ulogu francuskog ogranka u obradi podataka, jer određena veza svakako postoji, koja je dovoljna za primenu GDPR-a.

Zaključak je da postojanje ogranka ili neke slične forme organizovanja mo~e biti osnov za primenu GDPR-a. U određenim slučajevima postojanje samo jednog zaposlenog ili agenta druatva van EU, mo~e biti osnov za primenu GDPR-a, npr. ako se usluge nude putem interneta. Međutim, iako je definicija "prisustva u EU" (tj. establishment-a) airoka, ipak nije bez ikakvih ograničenja. Naime, ne znači da će do primene GDPR-a doći samo zaato ato privredno druatvo u Srbiji ima website koji je dostupan licima u EU.

Primenu GDPR-a treba posmatrati odvojeno u odnosu na rukovaoca i obrađivača, nije dovoljno zaključiti da je primena GDPR-a obavezna za obrađivača, samo zato ato je prethodno utvrđeno da se primenjuje na rukovaoca ili obrnuto.

U drugom delu ovog osnova primene određeno je da radnja obrade ne mora biti u okviru EU, tako da mo~e doći do situacije da se GDPR primenjuje na druatva koja isključivo prikupljaju i obrađuju lične podatke u dr~avama van EU.

2. Primena na osnovu usmerene aktivnosti, targetiranja, ka teritoriji EU, iako rukovalac ili obrađivač nemaju prisustvo u EU

"GDPR se primenjuje na obradu ličnih podataka lica u EU koju vrae rukovalac ili obrađivač u slučaju

  • nuđenja roba ili usluga licima u EU (bez obzira da li se plaća naknada);
  • praćenja njihovog ponaaanja dokle god se takvo ponaaanje odvija unutar EU".

U ovom slučaju veća je mogućnost proairene primene na dr~ave van EU, ali je takođe u svakom konkretnom slučaju potrebno utvrditi da li su ispunjeni pomenuti kriterijumi za primenu. Pitanje dr~avljanstva lica čiji se podaci obrađuju nije relevantno, bitno je samo da se oni nalaze na teritoriji EU kako bi se GDPR primenio.

U prvom slučaju dovoljno je da se roba ili usluge nude licima u EU kako bi doalo do primene, međutim potrebno je utvrditi da li je do "nuđenja" zaista doalo. Kako bismo utvrdili da li se određena radnja smatra nuđenjem roba ili usluga licima u EU mogu se koristiti različiti kriterijumi. Pomenuti kriterijumi mogu biti na primer: koriaćenje jezika zemlje članice EU koji se razlikuje od zemlje ponuđača robe ili usluga, nuđenje plaćanja u stranoj valuti, mogućnost dostavljanja u zemlje EU, brojevi telefona ili adrese za korisnike iz EU, koriaćenje domena koji se odnosi na zemlje članice EU npr. ".de" ili ".eu". Kombinacijom viae ovakvih kriterijuma dolazi se do zaključka u svakom konkretnom slučaju da li je ispunjen kriterijum za primenu GDPR-a. Bitno je utvrditi da je takva aktivnost upućena, odnosno targetirana ka licima u EU.

Primer 3: Internet adresa kineskog druatva, koja se vodi u Kini nudi usluge prodaje foto aparata. Internet stranica dostupna je na kineskom, engleskom, nemačkom i francuskom jeziku. Takođe postoji mogućnost dostavljanja robe u Englesku, Nemačku i Francusku, kao i plaćanje u evrima i funtama. Time je ispunjeno viae parametara i oni zajedno dovode do primene GDPR-a u konkretnom slučaju iako će se kompletno prikupljanje i obrada podataka obavljati u Kini.

Primer 4: Agencija iz Rusije koja se bavi programiranjem i razvijanjem softvera objavila je na svojoj internet stranici oglas za posao u kome je između ostalog naznačeno da je obavezno poznavanje engleskog i nemačkog jezika. U datom slučaju postavlja se pitanje da li je potrebno primeniti GDPR pravila zbog pomenutih jezika, kao dominantnih među građanima EU? U ovom kontekstu odgovor je ne. Samo poznavanje engleskog i nemačkog jezika ne mo~e biti indikator da su targetirana isključivo lica iz EU kao kandidati za pomenuti posao. Bili bi potrebni dodatni kriterijumi kako bi se takav zaključak doneo.

U drugom slučaju do primene dolazi ako se prati ponaaanje lica koje se nalazi u EU, ali samo onog ponaaanja koje se odvija u EU. Potrebno je precizno utvrditi da li se prati ponaaanje lica i za koju svrhu se dato ponaaanje prati kao i da li će se na osnovu takvog prikupljanja izvraiti profilisanje lica i donositi određeni zaključci, kako bi ovaj osnov primene bio ispunjen.

Primer 5: Marketinaka agencija iz Meksika pru~a usluge savetovanja u oblasti ugostiteljstva. Na osnovu Wi-fi mre~e prati se ponaaanje lica koje se nalazi u Berlinu, i preporučuju se lokali u tom gradu putem druatvenih mre~a.

Iz prethodnog primera jasno je da je praćenje izvraeno sa ciljem preporuke restorana i da se lice nalazi u EU, tako da će svakako biti obavezna primena GDPR.

Ako su ispunjeni kriterijumi za primenu GDPR-a, u slučaju da je reč o obrađivaču ili rukovaocu van EU, postoji obaveza imenovanja zastupnika u EU. Imenovanje se vrai kroz pismeni ugovor, koji će predstavljati vezu između rukovaoca ili obrađivača i zastupnika u EU, ali i urediti međusobna prava, obaveze i odgovornosti. U praksi je zastupljeno anga~ovanje različitih kompanija sa iskustvom u ovoj oblasti kao zastupnika. Ovog zastupnika treba razlikovati od lica za zaatitu podataka, jer njihove funkcije moraju biti odvojene. Obaveze zastupnika su da predstavlja vezu između lica čiji se podaci obrađuju i rukovaoca, vodi registar komunikacija za nadle~nim organima EU zadu~enim za zaatitu podataka. Postojanje zastupnika ni u kom slučaju ne isključuje odgovornost rukovaoca ili obrađivača van EU.

Izuzetak postoji kada je reč o povremenom prikupljanju i obradi, kada postoji mali rizik da će doći do povrede ličnih podataka kao i kada se obrada vrai od strane dr~avnih organa, kada imenovanje zastupnika nije obavezno.

Primer 6: Ako se vratimo na primer 3, gde je zaključeno da je potrebno primeniti GDPR, postoji obaveza imenovanja zastupnika ili u Engleskoj ili u Francuskoj ili u Nemačkoj. Takođe potrebno je i navesti ime i kontakt podatke rukovaoca među podacima koji su dostupni kupcima na internet stranici.

3. Primena na osnovu prava članice EU, odnosno na osnovu međunarodnog javnog prava

"Primena na osnovu obrade od strane rukovaoca koji nema prisustvo u EU, već u mestu gde se pravo dr~ave članice EU primenjuje na osnovu međunarodnog javnog prava"

Ovaj osnov primene predstavlja razliku o odnosu na domaći Zakon o zaatiti podataka o ličnosti, koji ga ne predviđa posebno. Polje primene ovog osnova je ograničeno, ali ipak dovodi do primene pravila GDPR-a van teritorije dr~ava članica EU. Ovaj osnov primene prevashodno se odnosi na strana diplomatska i konzularna predstavniatva, ali i na određene ostale situacije koje dovode do primene.

Primer 7: Nemačka ambasada u Rusiji je raspisala konkurs za zapoaljavanje administrativnih radnika koji će raditi na obradi podataka podnosilaca zahteva za privremenu radnu vizu. Iako Nemačka ambasada nije osnovana u EU, sama činjenica da je reč o ambasadi dr~ave EU, i da po pravilima međunarodnog javnog prava dolazi do primene prava Nemačke, a samim tim i pravila GDPR-a, pa će se to odnositi i na prikupljane ličnih podataka kandidata za pomenuti konkurs.

Primer 8: Austrijski avion leti preko teritorije Meksika pri čemu se prikupljaju podaci putnika kako bi se ocenio kvalitet usluge i slale posebne ponude avio kompanije za buduće letove. Iako se avion nalazi van teritorije EU, sama činjenica da je avion registrovan u Austriji je odlučujuća kako bi se na osnovu međunarodnog javnog prava zaključilo da treba primeniti pravo Austrije, a samim tim i GDPR.

Uticaj GDPR-a na zemlje van EU veoma je izra~en kroz zakonodavstvo zemalja kandidata za članstvo u EU, koje su donele zakone u ovoj oblasti, koji u velikoj meri odgovaraju uniformnim pravilima GDPR. Pravilima o proairenoj teritorijalnoj primeni izlazi se iz okvira Evrope i uticaj se dalje airi. `irokim načinom definisanja primene ostavljen je prostor za tumačenje, te je potrebno dodatno upotpuniti praksu kako bi se ustanovila pravila za svaku moguću situaciju. Nesporno je da je uticaj koji je izvraen velik i da on prevazilazi prostor starog kontinenta, ostaje da se vidi kolika će biti stvarna primena ovih odredbi, posebno onih kojima je određena obaveza imenovanja zastupnika u EU.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions