Scope. The Inquiry proposes that the scope of the Payment Services Act be expanded by also making the regulations in the fourth and fifth chapters, with the exception of certain provisions, applicable to the parts of a payment transaction completed in the EEA in a third country currency, if all, or only one, of the payment service pro- viders involved in the payment transaction are established in the area, and for the parts of a payment transaction completed in the European Union in all currencies, if any of the payment service providers involved in the transaction are established in the area. The Inquiry also proposes that cash-in-transit companies’ ‘coun- ting services’ not be exempted from the scope of the Payment Services Act, which is currently the case. Finally, the Inquiry proposes that an exemption should be made from the scope of the Act for payment transactions completed using mobile telephones or other technological devices, for example when purchasing an SMS ticket for a journey. One condition for such transactions being exempted is that the cost of the transaction is not to exceed an amount corresponding to EUR 50. Providers of payment initiation services and account information services – known as ‘third-party payment service providers’ – are payment service providers under PSD2. To enable the implemen- tation of the Directive’s authorisation requirement provisions for providers of payment initiation services, the Inquiry proposes that authorisation always be required for provision of these services. Authorisation to provide such services must require that the under- taking in question holds professional indemnity insurance or a comparable guarantee that covers any potential liabilities. The Inquiry proposes that a natural or legal person providing only account information services should be exempted from the authorisation requirement in the Payment Services Act. These actors, however, are required to apply for exemption from the authorisa- tion requirement, after which – if exemption is granted – they must be registered by Finansinspektionen. A natural or legal person pro- viding account information services may be registered only if the undertaking fulfils certain requirements, for example that the provider has professional indemnity insurance or a comparable guarantee against liability.
Scope. These General Terms and Conditions of Sale (“GTC”) shall govern the supply relationship between the parties. Any terms of the customer regardless of any specific or general conditions, which may appear on the purchase order, or other documents of the customer are hereby expressly excluded unless confirmed by written notice. The “Order” means a purchase order placed by a customer (hereinafter “Customer”) for the sale and purchase of goods (hereinafter “Goods”), which, once accepted by Mondi forms a contract (“Contract”) between the Customer and Mondi. “Mondi” shall mean the respective company within the Mondi group selling or offering Goods to the Customer. “Mondi Group” shall mean any company directly or indirectly controlled by Mondi plc (or any of Mondi plc’s legal successors) For the avoidance of doubt, ”control” is constituted by rights, contracts or any other means which confer the possibility of exercising decisive influence on Mondi, in particular by ownership or the right to use all or part of the assets or rights or contracts which confer decisive influence on the composition, voting or decisions of the organs of Mondi. Controlling persons are holders of the rights or persons entitled to rights under the contracts concerned, or while not being holders of such rights or entitled to rights under such contracts, have the power to exercise the rights deriving therefrom. “Affiliate(s)” means all of the respective parties’ present and future, direct and/or indirect subsidiaries or other companies worldwide which are controlled by the respective party, or which are under common control with the respective party, or companies which control the respective party, worldwide. 2.
Scope. The objective of physical access control is to prevent unauthorized persons from getting close to data processing equipment, thereby gaining physical access to the systems used to process or use personal data by implementing various structural, organizational and personnel measures, which shall be laid down in a physical access control policy.
Scope. The objective of equipment access control is to deny an unauthorized individual access to data processing equipment by implementing appropriate measures to ensure that only users who have the appropriate authorization can gain access to data and IT applications. If a user fails to demonstrate that he or she has the necessary authorization, the equipment access control will deny the user access to the IT system.
Scope. The objective of data access control is to ensure that those authorized to use a data processing system can only access data covered by their access authorization, and personal data is not read, copied, modified, or removed by an unauthorized user during processing, use or after it has been stored.
Scope. The objective of the principle of separability is to ensure that data collected for different purposes can be processed separately. Among other things, the purpose is to have the ability to associate data with a specific department, individual, branch or customer, and to comply with the principle of purpose limitation, which is one of the basic principles of data protection. The objective can be achieved in many ways, for example, by implementing a suitable application authorization policy.
Scope. The objective of data transfer control is to ensure that personal data cannot be read, copied, modified or removed without authorisation during their transfer or transport or when storing the data on data carriers, and that it can be checked and determined who are the recipients of the personal data transfer.
Scope. The objective of input control is to ensure that it is possible to check and establish whether and by whom personal data has been input into data processing systems, modified or removed.
Scope. The objective of availability control is to ensure that personal data are protected against accidental destruction or loss.
Scope. The objective of resilience and reliability control is to ensure that systems can handle risk-related changes and have the ability to tolerate and withstand disruptions.