Canada: Data Protection 2008/09

Last Updated: October 13 2008
Article by Martin P.J. Kratz and Stephen Burns

Regulation

1. What national law(s) apply to the collection and use of personal data? If applicable, has Directive 95/46/EC on data protection (Data Protection Directive) been implemented?

Personal information protection is governed by:

  • Federal law.

  • Laws of the ten provinces and three territories.

  • Industry practice.

Privacy laws protect:

  • Personal information in the public sector.

  • Personal information in the private sector (generally, such laws apply to either sector specific activities or information or to personal information that is collected, used or disclosed in the course of commercial activities and, in some circumstances, in the course of employment).

  • Health information.

This chapter considers only generally-applicable legislation that regulates the commercial use of personal information in the private sector.

Specific legislation may also apply to a particular category of information or activity. Different activities and categories of information are regulated by different federal and provincial laws so that obligations can be complex, varied and sometimes overlapping, depending on the nature of the information and the location of the activities associated with it. This means that an organisation collecting, using or disclosing personal information in more than one jurisdiction may be required to comply with more than one law and should therefore analyse the nature of the information, and the nature and location of the activities relating to it, to be sure that it meets all applicable requirements.

At the federal level, personal information protection in the private sector is governed by the Personal Information Protection and Electronic Documents Act 2000 (PIPEDA), which came fully into force on 1 January 2004. PIPEDA applies to all regulated activities, except to the extent that the federal government determines that a province has enacted substantially similar legislation. Provincial counterparts to PIPEDA which are currently in force for personal information in the private sector are the:

  • Personal Health Information Protection Act, 2004, in Ontario (limited to health information).

  • Personal Information Protection Act 2003, in Alberta.

  • Personal Information Protection Act 2003, in British Columbia.

  • Health Information Act 1999, in Alberta (different style of legislation limited to health information, not currently subject of a substantial similarity order. This Act is not discussed further in this chapter).

  • Act Respecting the Protection of Personal Information in the Private Sector 1993 (as amended), in Québec.

Personal information is, at the federal level, the responsibility of the Office of the Privacy Commissioner of Canada, headed by the federal Privacy Commissioner. Some provincial equivalent authorities are:

  • Office of the Information and Privacy Commissioner of Alberta.

  • Office of the Information and Privacy Commissioner for British Columbia.

  • Office of the Information and Privacy Commissioner/Ontario.

  • Québec Access to Information Commission (Commission d'acces a l'information du Québec). (See box, The regulatory authorities.)

2. To whom do the rules apply (EU: data controller)?

At the federal level, the personal information protection rules apply to every organisation collecting, using or disclosing personal information in the course of commercial activities. At the provincial level, the federal law applies unless the province has enacted substantially similar legislation (namely, Alberta, British Columbia, Quebec and Ontario (limited to health information)). In Alberta, British Columbia and Quebec, the legislation applies to every organisation and all personal information, unless otherwise specified. Generally, an organisation includes:

  • Corporations.

  • Unincorporated associations.

  • Partnerships.

  • Individuals acting in a commercial capacity.

  • Trade unions.

The privacy laws may also apply to employment relationships where an organisation collects, uses or discloses the personal information of its employees in one of the following circumstances:

  • In connection with the operation of a federal work, undertaking or business.

  • In the course of a commercial activity.

  • In Alberta or British Columbia.

Obligations vary depending on the nature of the organisation and where its activities relating to the personal information of its employees occur.

Organisations may also be held accountable for personal information in their control and for the activities of third parties undertaken on the organisation's behalf (see Question 15).

As the language used in the different federal and provincial laws varies, an organisation should take care to ensure that all necessary obligations are met under each applicable law.

3. What data is regulated (EU: personal data)?

Private sector privacy laws apply to personal information. The definition of personal information varies between the applicable legislation:

  • Federal. Personal information means information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organisation (PIPEDA).

  • Alberta and British Columbia. Personal information means information about an identifiable individual and excludes business contact information (such as an individual's name, title, business telephone number, address, e-mail address or fax number) where it is used for contacting the individual in their capacity as an employee or official of an organisation (Personal Information Protection Acts).

  • Québec. Personal information includes any information that relates to a natural person and allows that person to be identified (Act Respecting the Protection of Personal Information in the Private Sector).

  • Ontario. Personal health information includes identifying information about an individual that relates to the physical or mental health of the individual or the provision of healthcare to the individual. It includes identifying information contained in a record containing such information (Personal Health Information Protection Act).

Although these definitions are very broad, each law only applies to certain categories of activities relating to personal information. Other activities may be regulated by separate legislation (for example, health information or personal information in the public sector) or not regulated at all (for example, certain non-commercial, personal or domestic activities).

4. What acts are regulated (EU: processing)?

Generally, the following activities relating to personal information are regulated:

  • Collection.

  • Use.

  • Disclosure (including transfer, lease or sale).

  • Retention.

  • Storage.

  • Safeguarding.

  • Destruction.

An individual has the right (subject to specific exceptions) to:

  • Know what personal information is being collected.

  • Know the purpose for which personal information is collected.

  • Consent to the collection, use or disclosure of personal information.

  • Access, and request the correction of, personal information held by an organisation.

5. What is the jurisdictional scope of the rules?

PIPEDA applies to regulated activities that occur within Canada or between Canada and another jurisdiction.

Where an activity occurs in a province that has enacted private sector privacy legislation, that activity may be governed by both PIPEDA and by provincial law, or just the provincial law if the activity occurs only in the province.

6. What are the main exemptions (if any)?

Most federal and provincial private sector privacy legislation exclude categories of, and certain activities relating to, personal information that:

  • Is used in relation to an emergency that threatens an individual's life, health or security.

  • Is publicly available (this is narrowly defined by the legislation and is not the same as being in the public domain).

  • Is collected solely for journalistic, artistic or literary purposes.

  • Is disclosed to a barrister or solicitor representing an organisation.

  • Is used for debt collection.

  • Must be disclosed to comply with a subpoena, warrant or court order, or court rules relating to the production of records.

  • Must be disclosed to a provincial or federal government institution if it relates to national security or defence.

  • Must be disclosed to a provincial or federal government institution if it relates to the conduct of international affairs, law enforcement or the administration of any law.

  • Is required for a statistical or scholarly study, and it is impractical to obtain consent from the individuals concerned (or meet other specific requirements).

  • Was recorded at least 100 years before disclosure.

  • Is disclosed more than 20 years after the death of the relevant individual.

  • Must be disclosed by law.

In addition, in Alberta and British Columbia, personal information can be transferred in the context of certain business transactions (such as the sale of shares in, or assets of, a business) without the need for consent from the individuals whose information is being transferred, provided the parties to the transaction have complied with the specific requirements of the applicable legislation. In British Columbia, this includes the provision of notice of such transfer. The definition of business transaction and the types of information that can be collected, used or disclosed in a business transaction varies between the jurisdictions.

7. I s notification or registration required before processing data? If so, please provide brief details.

There are no requirements to notify, or register with, a government body to collect, use or disclose personal information, except when using certain personal information for a statistical or scholarly study in Alberta or Québec (in which case, consent is required).

Consent and notification rights depend on the applicable legislation:

  • Federal. Generally, an individual must consent to the collection, use or disclosure of personal information, for a specified purpose, by an organisation either before or at the time of collection.

  • Alberta and British Columbia. Generally, an individual must consent to an organisation collecting, using or disclosing personal information for a specified purpose either before, or at the time of, collection. Where personal information is collected, used or disclosed for the purpose of establishing, managing or terminating an employment relationship, an employer may, in some circumstances, only be required to provide notice to its employees of the nature of the information and the purpose for which it is to be collected.

MAIN DATA PROTECTION RULES AND PRINCIPLES

8. What are the main obligations imposed on data controllers to ensure that data is processed properly?

An organisation can only collect, use or disclose personal information for a reasonable purpose and only to the extent that is necessary to meet that purpose. Once this threshold is met, an organisation must then ensure that it complies with all necessary obligations in relation to the information that it has collected. These are generally based on ten key privacy principles:

  • Accountability. An organisation is responsible for the personal information in its custody or under its control and must designate an individual or individuals who are accountable for its compliance with the applicable legislation. Organisations are responsible for their agents and employees, including third parties to whom they entrust personal information or who collect, use or disclose personal information on their behalf.

  • Identifying purposes. The purposes for which personal information is collected must be identified by the collecting organisation at or before the time the information is collected. Organisations can only collect personal information for reasonable purposes.

  • Consent. Individuals must be notified of, and consent to, the collection, use or disclosure of their personal information, unless a statutory exemption applies.

  • Limiting collection. The collection of personal information must be limited to that which is necessary for the purposes identified by the organisation, and information must be collected by fair and lawful means.

  • Limiting use, disclosure and retention. Personal information cannot be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information can only be retained for as long as necessary to fulfil the purposes for which it was collected.

  • Accuracy. Personal information must be kept as accurate, complete and up to date as is necessary for the purposes for which it is to be used.

  • Safeguards. Personal information must be protected by safeguards appropriate to the sensitivity of the information.

  • Openness. Certain specific information about the organisation's policies and practices relating to the management of personal information must be made readily available to individuals.

  • Individual access. If they request, individuals have the right (subject to certain exemptions) to be informed of the existence, use and disclosure of, and be given access to, their personal information. Individuals can challenge the accuracy and completeness of their information and have it amended as appropriate.

  • Challenging compliance. Individuals must be able to submit a complaint to the person(s) responsible for the organisation's compliance, challenging its adherence to the obligations.

The various privacy laws may contain exceptions to these requirements, impose additional specific obligations or present the key principles in such a way that their scope varies from that set out above

9. I s the consent of data subjects required before processing personal data? If so:

  • What rules are there regarding the form and content of consent? Would online consent suffice?

  • Are there any special rules regarding the giving of consent by minors?

Form and content of consent

Depending on the sensitivity of the personal information being collected, consent can be:

  • Express. Consent can be given orally, electronically or in writing. It can also be given online but, as with any other form of consent, must meet the requirements of the applicable privacy legislation and, in some circumstances, the applicable electronic commerce legislation).

  • Implied. Consent can reasonably be inferred from an individual's actions or inaction. For example, when an individual enters into an agreement with an organisation, it can be implied that he has consented to the collection, use and disclosure of his personal information for purposes related to the performance of that agreement and for any other purposes identified to him at the relevant time.

  • Deemed. Consent can be deemed using an opt-out mechanism. The requirements for such mechanisms are either established in the privacy laws or the Commissioners' decisions and generally include:

  • the personal information must be clearly non-sensitive in nature and context;

  • the information-sharing situation must be limited and well-defined as to the nature of the personal information to be used or disclosed, and the extent of the intended use or disclosure;

  • the organisation's purposes must be limited and welldefined, stated in a reasonably clear and understandable manner, and brought to the individual's attention at the time the personal information is collected;

  • the organisation must establish a convenient procedure for easily, inexpensively and immediately opting out of, or withdrawing consent to, secondary purposes and must notify the individual of this procedure at the time the personal information is collected.

The consent requirements apply to information already in the custody or control of an organisation when the applicable legislation came into force (legacy information), as well as to all future collection activities. The various laws differ in their treatment of legacy information. Some provincial laws provide for consent to be deemed so that an organisation can continue using or disclosing legacy information for the purpose for which it was collected. This is not the case under PIPEDA.

Consent by minors

Consent rules depend on the applicable legislation:

  • Federal. Consent from minors is not expressly prohibited in PIPEDA but, as consent from a guardian is described as an acceptable form of consent for information relating to minors, it is generally advisable to seek consent from a guardian rather than a minor.

  • Alberta. Minors can give consent provided they understand the nature and consequences of doing so. Otherwise, consent must be obtained from the minor's guardian.

  • British Columbia. Guardians can consent on behalf of a minor if the minor is incapable of exercising his right to consent.

10. I f there is no consent, on what other grounds (if any) can processing be justified?

There are several exemptions to the need for consent (see Question 6). In addition, in Alberta and British Columbia, certain personal information about employees that is collected, used or disclosed solely for the purposes of establishing, managing or terminating the employment relationship does not require consent provided that the required notices have been provided to the employees.

11. Do special rules apply in the case of certain types of personal data, for example sensitive data? If so, please provide brief details.

Generally, the more sensitive the personal information, the more onerous the requirements to show that:

  • It is being collected, used or disclosed for a reasonable purpose, and only to the extent necessary to meet such purpose.

  • The individual has consented to the collection, use or disclosure of their personal information (express consent is more likely to be required and deemed consent is less likely to be effective (see Question 9)).

Whether personal information is sensitive depends on individual circumstances (for example, the names and addresses of subscribers to periodicals are not normally considered sensitive personal information, except in the case of certain special-interest periodicals). Social insurance numbers and health and financial information are almost always considered sensitive personal information. In addition, information from which it is possible to determine an individual's beliefs and/or interests is often considered sensitive.

RIGHTS OF INDIVIDUALS

12. What information should be provided to data subjects at the point of collection of the personal data?

Before, or at the time that, personal information is collected, individuals must (unless otherwise provided by legislation) be made aware of the:

  • Nature of the personal information being collected.

  • Purposes for which their personal information is to be collected, used or disclosed.

  • Name of a person who is able to answer, on behalf of the collecting organisation, the individual's questions about the collection.

For the consent to be valid, it must be given voluntarily and without reliance on deceptive or misleading collection practices. Consent to purposes beyond what is reasonably necessary to supply a product or service cannot be a precondition to the supply of that product or service.

In Québec, consent must be manifest, free and enlightened and must be given for specific purposes. Such consent is valid only for the length of time needed to achieve the purposes for which it was requested.

As consent given for one purpose is not valid for other purposes, organisations should anticipate their use and disclosure requirements in advance and develop their consent practices to ensure that all eventualities are covered.

13. What other specific rights (such as a right of access to personal data or the right to object to processing) are granted to data subjects?

Right of access

Generally, individuals have the right, subject to certain exceptions and restrictions, to:

  • Be informed of the existence, use and disclosure of their personal information.

  • Have access to their personal information.

Organisations can, if permitted or required by the applicable legislation, refuse to grant access to some or all personal information. When this is possible depends on the applicable law but, generally, organisations can refuse access if:

  • The information contains references to other individuals that cannot reasonably be removed.

  • The information is subject to a legal privilege.

  • Disclosure of the information would reveal confidential commercial information that it is reasonable to withhold.

  • The information was collected for an investigation or legal proceeding.

  • The disclosure of the information might result in that type of information no longer being provided to the organisation when it is reasonable to expect that that type of information should be provided.

  • The information was collected by a mediator or arbitrator, or created in the conduct of a mediation or arbitration, provided for by an agreement, enactment or court appointment.

  • The information may be used in the exercise of prosecutorial discretion.

  • The disclosure of the information can reasonably be expected to threaten the life or security of another individual.

  • The information would reveal the identity of an individual who has provided an opinion about another individual in confidence and who has not consented to the disclosure of their identity.

Organisations may be required to respond to an individual's request in a relatively short time frame (between 30 and 45 days, depending on the legislation) and without any, or only a minimal, fee. Extensions of response time periods may be available depending on the circumstances and the applicable law.

If an individual can demonstrate that his information is inaccurate or incomplete, the organisation may be required to make appropriate changes and inform any third parties that have received this information of the changes. In certain circumstances an organisation can refuse to make a requested correction, but may be required to annotate the applicable records to indicate that a correction was requested but not made.

SECURITY REQUIREMENTS

14. What security requirements are imposed in relation to personal data?

Organisations must implement safeguards to protect personal information against:

  • Loss or theft.

  • Unauthorised access, collection, use, disclosure, copying, modification, disposal or destruction.

  • Other similar risks.

Generally, the nature of the safeguards required varies depending on the:

  • Sensitivity of the information collected (organisations must protect personal information with safeguards appropriate to the sensitivity of the information).

  • Amount, distribution and format of the information.

  • Method of storage.

When considering the nature of the safeguards to be employed, organisations should consider:

  • Physical protection, such as locked cabinets and restrictedaccess areas.

  • Organisational safeguards, such as security clearances or limiting access on a need-to-know basis.

  • Technological measures, such as passwords and encryption.

PROCESSING BY THIRD PARTIES

15. What additional requirements (if any) apply where a third party processes the data on behalf of the data controller?

Generally, an organisation is responsible for ensuring that third parties acting on its behalf comply with privacy laws if:

  • The third party collects, uses, processes or discloses personal information on behalf of the organisation.

  • Personal information collected by or for the organisation is in the custody of the third party.

This applies whether the third party is within or outside of Canada.

The risks associated with these obligations are often addressed through contractual arrangements with the third parties to ensure that they:

  • Comply with all applicable laws.

  • Apply the same standards and care as the organisation.

INTERNATIONAL TRANSFER OF DATA

16. What rules govern the transfer of data outside your jurisdiction?

Personal information collected in Canada and transferred to another jurisdiction is subject to the same privacy rules as personal information collected and disclosed within Canada.

Canada's privacy commissioners are likely to assert jurisdiction over foreign disclosures and require the disclosing organisation to follow all the applicable Canadian rules, particularly those relating to use and disclosure (that is, that use or disclosure must be for a reasonable purpose and limited to the extent necessary to meet this purpose, and an individual must consent to, or be notified of, the collection, use or disclosure of his personal information).

17. Are data transfer agreements contemplated or in use? Have any standard forms or precedents been approved by national authorities?

Although data transfer or privacy compliance agreements are used in Canada, no standard forms or precedents have been approved by national authorities.

18. I s a data transfer agreement sufficient to legitimise transfer, or must additional requirements (such as the need to obtain consent) be satisfied?

A data processing agreement should ensure that the transferee will comply with privacy laws, as the transferring organisation remains responsible for privacy obligations (see Question 15).

Generally, any transfer of personal information within Canada or to another jurisdiction will only be permitted if:

  • The disclosure is for a reasonable purpose and limited to the extent necessary to meet this purpose.

  • The individual has consented to, or been notified of, the disclosure of his personal information, in the manner required by the applicable law.

  • All other requirements for disclosure specified in the applicable legislation have been met.

19. Does the relevant national regulator need to approve the data transfer agreement? If so, please provide brief details.

Data transfer agreements do not need to be approved by privacy commissioners.

ENFORCEMENT AND SANCTIONS

20. What are the enforcement powers of the national regulator?

Federal

Individuals can submit written complaints to the Federal Privacy Commissioner about any activity that they believe contravenes PIPEDA. The Federal Privacy Commissioner can also initiate a review.

When conducting an investigation, the Federal Privacy Commissioner can:

  • Summon and compel a witness to give evidence under oath, and to produce records and things, in the same manner as a superior court.

  • Administer oaths.

  • Accept evidence that would not be admissible in a court.

  • Enter premises other than a dwelling house, provided any security requirements of the organisation are met.

  • Converse in private with anyone on any premises that is entered for investigation.

  • Examine or obtain copies of, or extracts from, records held on investigated premises.

Within one year of receiving a complaint or initiating an investigation, the Privacy Commissioner must prepare a report unless she determines any of the following:

  • Other grievance procedures need to be exhausted first.

  • Another legal procedure would be more appropriate to deal with the complaint.

  • A report would not be useful.

  • The complaint is frivolous.

The report includes:

  • Findings and recommendations.

  • A description of any settlement.

  • If appropriate, a request that the Privacy Commissioner be given notice of any action taken to implement the recommendations or reasons why action is not taken.

After a report is issued, a complainant can then apply to the relevant court for a hearing in respect of any matter relating to the complaint.

The Privacy Commissioner can also audit the privacy practices of an organisation subject to her jurisdiction on reasonable notice.

Provincial

The provincial privacy commissioners generally have the same or stronger powers of enforcement as the federal Privacy Commissioner. In particular, they can:

  • Conduct investigations to ensure compliance with their legislation.

  • Initiate investigations of their own accord.

  • Receive, investigate and resolve complaints.

  • Mediate settlements.

  • Make binding orders.

  • Give advice to organisations on compliance.

  • Give advance rulings on issues arising under the legislation.

  • Conduct a formal inquiry.


21. What are the sanctions and remedies for non-compliance with the data protection laws? To what extent are the laws actively enforced?

Federal

Fines of up to Can$10,000 (about US$10,000) on summary conviction or Can$100,000 (about US$100,000) on indictment can be issued for:

  • Obstructing an investigation or audit by the Privacy Commissioner.

  • Unlawfully destroying evidence.

  • Retaliating against an employee for initiating a complaint or inquiry.

The Federal Court can order an organisation to:

  • Correct its practices.

  • Publish a notice of any action taken, or proposed to be taken, to correct its practices.

  • Pay civil damages to a complainant, including damages for any humiliation suffered.

Provincial

In addition to the various Commissioners' broad order-making powers, fines can be imposed, the amount of which vary depending on the province:

  • Alberta. Individuals can be fined up to Can$10,000 and entities can be fined up to Can$100,000.

  • British Columbia. Individuals can be fined up to Can$10,000 and entities can be fined up to Can$100,000.

  • Québec. The maximum fine is Can$20,000 (about US$20,000).

Organisations can also face civil liability for the breach of provincial privacy legislation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Martin P.J. Kratz
Stephen Burns
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions