TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Collection


Contact the data subject

Contact the Office for the Protection of Data Protection


Article 11


(1) In collecting personal data the controller shall be obliged to inform the data subject of the scope in which and the purpose for which the personal data shall be processed, who and in what manner will process the personal data and to whom the personal data may be disclosed, unless the data subject is already aware of this information. The controller must inform the data subject about his right of access to personal data, the right to have his personal data rectified as well as other rights provided for in Article 21.

(2) In case when the controller processes personal data obtained from the data subject, he is obliged to instruct the data subject on whether the provision of the personal data is obligatory or voluntary. If the data subject is obliged pursuant to a special Act to provide personal data for the processing, the controller shall instruct him on this fact as well as on the consequences of refusal to provide the personal data.

(3) The controller shall not be obliged to provide the information and instruction pursuant to paragraph 1 in cases where the personal data was not obtained from the data subject, if

(a) he is processing personal data exclusively for the purposes of state statistical service, scientific or archival purposes and the provision of such information would involve a disproportionate effort or inadequately high costs; or if storage on data carriers or disclosure is expressly provided by a special Act. In these cases the controller shall be obliged to take all necessary measures against unauthorized interference with the data subject's private and personal life.

(b) the personal data processing is imposed on him by a special Act or such data is necessary to exercise the rights and obligations ensuing from special Acts.

(c) he is processing exclusively lawfully published personal data, or

(d) he is processing personal data obtained with the consent of data subject.

(4) The above provisions shall be without prejudice to the rights of the data subject to request information pursuant to special Acts.

(5) In processing the personal data pursuant to Article 5(2)(e) and Article 9(h), the controller shall be obliged to inform without undue delay the data subject on processing of his personal data.

(6) No decision of the controller or processor, the consequence of which is an interference with the legal and legally protected interests of the data subject, may be issued or made without verification solely on the basis of automated personal data processing. This shall not apply where such decision was made in favour of the data subject and upon his request.

(7) The information obligation regulated by Article 11 may be performed by the processor on behalf of the controller.


Contact the Office for the Protection of Data Protection

Article 16 - Notification Obligation


(1) Whoever intends to process personal data as a controller or alter the registered processing pursuant to this Act, with the exception of the processing mentioned pursuant to Article 18, shall be obliged to notify in writing the Office of this fact prior to commencing personal data processing.

(2) The notification must include the following information:

(a) the identification data of the controller, i.e. in the case of a natural person who is not an entrepreneur his first name or names, surname, date of birth and address of permanent residence; in the case of other subjects their trade, corporate or other name, seat and identification number if assigned, and name, eventually first names and surnames of persons that are their statutory representatives;

(b) the purpose or purposes of processing;

(c) the categories of data subjects and of personal data pertaining to these subjects;

(d) the sources of personal data;

(e) a description of the manner of personal data processing;

(f) the location or locations of personal data processing;

(g) the recipient or category of recipients;

(h) the anticipated personal data transfers to other countries;

(i) the description of measures adopted for ensuring the protection of personal data pursuant to Article 13;

(3) If the notification includes all essentials pursuant to paragraph 2 and no proceeding pursuant to Article 17(1) has been initiated, the personal data processing may start after the expiration of 30 days from the delivery of the notification. In such case the Office records the information stated in the notification into the register.

(4) If the notification does not include all essentials pursuant to paragraph 2, the Office shall send without delay a reminder to the notifying subject in which he shall make reference to the missing or insufficient information and set a deadline for supplementing the notification. In case the notification is being supplemented, running of the time limit pursuant to paragraph 3 shall begin as of the day of delivery of the notification supplement. If the Office does not receive the notification supplement within the set deadline, the notification shall be regarded as if it has not been submitted.

(5) Upon the request from the controller the Office shall issue a certificate which includes date of issuance, reference number, first name, surname and signature of the person by whom the certificate has been issued, official stamp, identification data of the controller and purpose of processing.

(6) The Administrative Code shall not apply to the proceedings of the Office pursuant to paragraphs (1) - (5).
© TRILANTIC - All rights reserved. | Disclaimer | Client Login