Personal data refers to data that includes an information related to an identified or identifiable physical personal, such as:
- last name
- first name
- postal or e-mail address
- telephone number
- IP address
- license plate number
When collecting, processing, or transferring data containing personal information, people and entities responsible for the data are required to comply with applicable laws and regulations.
In order for a transaction concerning a file containing personal data to be lawful, both the buyer and supplier must comply with these laws and regulations.
At every step in the process, Dawex informs the buyer and supplier regarding their rights and obligations related to processing data that contains personal information. Dawex declines all responsibility in the event that either the buyer or supplier does not respect legal obligations.
What is individual personal data?
Individual personal data is data that is defined, by European Data Protection Directive No. 95/46 of 1995, as being sensitive, that is, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life;
- biometric data, that is, data derived from computer processing that enables individuals to be identified by their physical, biological, or behavioral characteristics;
- genetic data;
- data concerning criminal offenses and convictions, or security measures.
Processing and transferring individual personal data
Transferring data of this type is not allowed on Dawex.
In fact, it is forbidden to process this type of data within the European Union and in a number of other countries. There are exceptions, but processing individual personal data is generally subject to authorization from the data protection authorities in the country in which the person or entity responsible for processing the data resides (for example: the CNIL in France).
In addition, transferring individual personal data from a country in the European Union to another country that does not offer an adequate level of protection is also subject to authorization by the appropriate data protection authorities, as well as the notification or even prior consent of the people concerned.