THIS SEARCH THIS DOCUMENT THIS CR ISSUE GO TO Next Hit Forward Next Document New CR Search Prev Hit Back Prev Document HomePage Hit List Best Sections Daily Digest Help Doc Contents
Documentation of the retrieval and transmission programs;
[Page: S14550] GPO's PDF
b. Documentation of the remote locations/destinations to which a transmission paths (logical paths).
8. Input control
CNA shall provide for the retrospective ability to review and determine the time and the point of the Card Customers' data entry into CNA's data processing system.
This shall be accomplished by:
a. Proof established within CNA's organization of the input authorization;
b. Electronic recording of entries.
9. Instructional control
The Card Customers' data transferred by the Card Service Companies to CNA may only be processed in accordance with instructions of the Card Service Companies.
This shall be accomplished by:
a. Binding policies and procedures for CNA employees, subject to the Card Service Companies' prior approval of such procedures and policies,
b. Upon request, access will be granted to those Card Service Companies' employees and agents who are responsible for monitoring CNA's compliance with this Agreement (c.f. §3 hereof.)
10. Transport control
CNA and the Card Service Companies shall implement suitable measures to prevent the Card Customers' personal dat a from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.
This shall be accomplished by:
a. Encryption of the data for on-line transmission, or transport by means of data carriers, (tapes and cartridges);
b. Monitoring of the completeness and correctness of the transfer of data (end-to-end check).
II. Organization control
CNA shall maintain its internal organization in a matter that meets the requirements of this Agreement.
This shall be accomplished by:
a. Internal CNA policies and procedures, guidelines, work instructions, process descriptions, and regulations for programming, testing, and release, insofar as they relate to data transferred by Card Service Companies;
b. Formulation of a data security concept whose content has been reconciled with the Card Service Companies;
c. Industry standard system and program examination;
d. Formulation of an emergency plan (back-up contingency plan).
§6 DATA PROTECTION SUPERVISOR
1. CNA undertakes to appoint a Data Protection Supervisor and to notify the Card Service Companies of the appointee(s). CNA shall only select an employee with adequate expertise and reliability necessary to perform such a duty, and provide the Card Service Companies with appropriate evidence thereof.
2. The Data Protection Supervisor shall be directly subordinate/accountable to CNA's General Management. He shall not be bound by instructions which obstruct or hinder the performance of his duty in the field of data protection. He shall cooperate with the Card Service Companies' agent--as indicated in §3 hereof--in monitoring the performance of this Agreement and adhering to the data protection requirements in conjunction with the data in question. In the event that CNA chooses to change the person who serves as a Data Protection Supervisor, CNA shall give timely notice to the Card Service Companies of such change. The Data Protection Supervisor shall be bound by confidentiality obligations.
3. The Data Protection Supervisor shall be available as the on-site contact for the Card Service Companies.
§7 CONFIDENTIALITY OBLIGATION
CNA shall impose a confidentiality obligation on those employees entrusted with processing the personal dat a transferred by the Card Service Companies. CNA shall furthermore obligate its employees to adhere to the banking and data secrecy regulations and document such employees' obligation in writing. Upon request, CNA shall provide the Card Service Companies with satisfactory evidence of compliance with this provision.
§8 RIGHTS OF CONCERNED PERSONS
1. At any time, Card Customers whose data are transferred by CIP to the Card Service Companies, and thereafter further transferred by the Card Service Companies to CNA, shall be entitled to make inquiries to CNA (who are required to respond) as to: the stored personal dat a, including the origin and the recipient of the data; the purpose of storage; and the persons and locations/destinations to which such data are transferred on a regular basis.
The requested information sha ll generally be provided in writing.
2. The Card Service Companies shall honour the concerned person's request to correct his personal dat a at any time, provided that the stored data are incorrect. The same shall apply to data stored at CNA.
3. The concerned person may claim from the responsible Card Service Companies the deletion or blocking of any data stored at the Card Service Companies or CNA, in the event that: such storage is prohibited by law; the data in question relate to information abo ut health criminal actions, violations of the public order, or religious or political opinions, and its truth/correctness cannot be proved by the Card Service Companies; and such data are processed to serve Card Service Companies' own purposes, and such data are no longer necessary to serve the purpose of the data storage under the agreement with the respective Card Customers.
Notwithstanding the foregoing, the parties hereto submit to the provisions of §35 of the German Federal Data Protection Law (BDSG), and agree to be familiar with such provisions.
4. The concerned person may demand that the responsible Card Service Companies block his or her personal dat a, if he or she contests the correct nature thereof and if it is not possible to determine whether such data is correct or incorrect. This shall also apply to such data stored by CNA.
5. If CIP. the Card Service Companies or CNA should violate the data protection or banking secrecy regulations, the person concerned shall be entitled to claim damages caused and incurred thereby as provided in the German Federal Data Protection Law (BDSG). CIP's and the Card Service Companies' liability shall moreover extend to those claims arising from breach of this Agreement and asserted against CNA and/or its employees in performance of this Agreement.
6. CNA acknowledges the obligation assumed by CIP and the Card Service Companies towards the concerned person, and undertakes to comply with all Card Service Companies' instructions concerning such person. The concerned person may also directly assert claims against CNA and file an action at CNA's applicable place of jurisdiction.
§9 NOTIFICATION TO THE CONCERNED PERSON
The Card Service Companies undertake to appropriately notify the concerned Card Customers of the transfer of their data to CNA.
§10 DATA PROTECTION SUPERVISION
1. According to the German Federal Data Protection Law (BDSG), the Card Service Companies and CIP are subject to public control exercised by the respective responsible supervisory authorities.
2. Upon request of CIP or either of the Card Service Companies, CNA shall provide the respective supervisory authorities with the desired information and grant them the opportunity of auditing to the same extent as they would be entitled to conduct audits at the Card Service Companies and CIP; this includes the entitlement to inspections at CNA's premises by the supervisory authorities or their nominated agents, unless barred by binding instructions of the appropriate U.S. authorities.
§11 BANKING SUPERVISION
1. Any vouchers, commercial books of accounting, and work instructions needed for the comprehension of such documents, as well as other organizational documents shall physically remain at the Card Service Companies, unless electronically archived by scanning devices in a legally permissible fashion.
2. The Card Service Companies and CNA undertake to adhere to the principles of proper accounting practice applicable in Germany for computer-aided processes and the auditing thereof, in particular FAMA 1/1987.
3. The Card Service Companies undertake to submit a data processing concept and a data security concept to the German Federal Authority for the Supervision of Banks (Bundesaufsichtsamt fur das Kreditwesen) prior to commencing transfer of data to CNA.
4. The remote processing of the data shall be subject to the internal audit department of CIP and the Card Service Companies. CNA agrees to cooperate with the internal auditors of CIP and the Card Service Companies, who shall have the right to inspect the files of CNA's internal auditors, insofar as they relate to the data files transferred by the Card Service Companies to CNA. The internal auditors of the Card Service Companies and of CIP shall conduct audits of CNA as required by due diligence.
5. In a joint declaration to the Federal Banking Supervisory Authority; CIP, the Card Service Companies and CNA shall undertake to allow the inclusion of CNA in audits in accordance with the provisions of §44 of the Banking Law (Kreditwesengesetz abbreviated to KWG) at any time and not to impede or obstruct such audits, provided that legal requirements and/or instructions of U.S. authorities bind CNA to the contrary.
6. CNA shall request the US banking supervisory authorities' confirmation in writing to the effect that no objections will be raised against the intended remote data processing concept. In the event that CNA cannot procure such written confirmation upon the Card Service Companies' request, the Card Service Companies and CIP may withdraw from this Agreement and the underlying CNA Service Agreement.
7. CIP, the Card Service Companies and CNA undertake to abide by the requirements for interterritorial remote data processing in bank accounting as set forth in the letter of the Federal Authority for the Supervision of Banks dated October 16, 1992. This letter is appended as a Schedule hereto and forms an integral part of this Agreement.
§12 INDEMNIFICATION CLAIM
1. CNA shall indemnify the Card Service Companies within the scope of their internal and contractual relationship from any claims of damages asserted by the Card Customers, and resulting from CNA's incompliance with the terms and conditions of this Agreement.
2. The Card Service Companies shall indemnify CNA within the scope of their internal and contractual relationship from any claims of damages asserted by the Card Customer, and resulting from one or both of the
[Page: S14551] GPO's PDF
§13 TERM OF THE AGREEMENT
1. This Agreement is effective as of July 1st, 1995, until terminated. It may be terminated by any party hereto at the end of each calendar year upon 12 months notice prior to the expiration date, subject to each party's right of termination of the Agreement for material, unremedied breach hereof. The termination of this Agreement by any one of the parties shall result in the termination of the entire Agreement with respect to the other parties.
2. CNA commits to return and delete all personal dat a stored at the time of termination hereof in accordance with the Card Service Companies' instructions.
§14 CONFIDENTIALITY
The parties hereto commit to treat strictly confidential any trade, business and operating secrets or other sensitive information of the other parties involved. This obligation shall survive termination of this Agreement.
§15 DATA PROTECTION AGREEMENT WITH DEUTSCHE BAHN AG (DB AG)
1. The Deutsche Bahn AG captures personal dat a at its counters and appears as a joint issuer of the DB/Citibank BahnCard. The parties hereto agree that the Deutsche Bahn AG therefore bears responsibility for such data.
2. The Deutsche Bahn AG and CIP concluded a Data Protection Agreement as of February 13, 1996, defining the scope of data protection obligations and commitments between the parties. The parties hereto are familiar with said Data Protection Agreement and acknowledge the obligations arising for CIP thereunder.
3. The parties hereto authorize CIP to provide DB AG with written notification of this Agreement on Interterritorial Data Protection.
§16 GENERAL PROVISIONS
1. This Agreement sets forth the entire understanding between the parties hereto in conjunction with the subject matter as laid down herein and none of the parties hereto has entered into this Agreement in reliance upon any representation, warranty or undertaking of any other party which is not contained in this Agreement or incorporated by reference herein. Any subsequent amendments to this Agreement shall be in writing duly signed by authorized representatives of the parties hereto.
2. If one or more provisions of this Agreement becomes invalid, or the Agreement is proven to be incomplete, the validity and legality of the remaining provisions hereof shall not be affected or impaired thereby. The parties hereto agree to substitute the invalid part of this Agreement by such a legally valid provision which constitutes the closest representation of the parties' intention and the economical purpose of the invalid term, and the parties hereto further agree to be bound by such a valid term. An incompleteness of this Agreement shall be bridged in a similar fashion.
3. The Parties hereto submit to the jurisdiction and venue of the courts of Frankfurt/M.
4. This Agreement shall be governed by, interpreted and construed in accordance with German law.
What are the main features of the International Agreement?
1. The parties on both sides of the Atlantic agree to apply German Data Protectional Law to their handling of cardholders' data (§1).
2. Customer data may only be processed in the United States for the purpose of producing the cards (§2).
3. Citibank in the United States and in Europe is not allowed to transfer personal dat a to third parties for marketing purposes except in two cases:
(a) Data of applicants for a RailwayCard with payment function may be transferred to other Citibank companies in order to market financial services; (b) Data of applicants for a pure RailwayCard may only be used or transferred for BahnCard marketing purposes, i.e., to try to convince the cardholder that he should upgrade his RailwayCard to have a ``better BahnCard'' with credit card function (§4 II).
4. The technical requirements on data security according to German law are spelt out in detail in §5.
5. The American Citibank subsidiary has to appoint data protection supervisors again following the German legal requirements (§6).
6. The German card customers have all individual rights against the American Citibank subsidiary which they have under German law. They can ask for inspection, claim deletion, correction or blocking of their data and they can bring an action for compensation under the strict liability rules of German law either against German Railway, the German Citibank subsidiary or directly against the American Citibank subsidiary (§8).
7. The Citibank subsidiaries in the United States accept on-site audits by the German data protection supervisory authority, i.e., the Berlin Data Protection Commissioner, or his nominated agents, e.g. an American consulting or auditing firm acting on his behalf (§10 II).
This very important provision contains a restriction in case US authorities instruct Citibank in their country not to allow foreign auditors in. However, this restriction is not very likely to become practical. On the contrary, US authorities have already declared by way of a diplomatic note sent to the German side that they will accept these audits. This follows an agreement between German and United States banking supervisory authorities on auditing the trans-border processing of accounting data (cf. §11). Indeed this previous agreement very much facilitated the acceptance of German data protection audits by Citibank in the United States. As far as data security concepts are concerned the Federal Banking Supervisory Authority and the Berlin Data Protection Commissioner will be working hand in glove.
8. Finally--and this is not reproduced in the version of the Agreement which you have received--German Railway has been linked to this agreement between Citibank subsidiaries in a specific provision.
By Mr. THOMAS (for himself and Mr. ENZI):
S. 1904. A bill to amend the Internal Revenue Code of 1986 to provide for an election for special tax treatment of certain S corporation conversions; to the Committee on Finance.
ELECTION FOR SPECIAL TAX TREATMENT OF CERTAIN S CORPORATION CONVERSIONS
Mr. THOMAS.
Mr. President, today I join Senator ENZI in introducing legislation that will give small businesses more flexibility in how they choose to operate.
One of the most important decisions for the founder of a business is ``choice of entity,'' whether to operate the business through a corporation, partnership, limited liability company or other form of business. This choice is plainly important for reaching business goals, and may be critical to the survival of the business. For the family business, the choice also is inseparable from the owner's preferences as to how the owner wants to relate to family co-owners. Choice of entity is therefore potentially one of the most important decisions for an owner.
The law concerning choice of entity has changed enormously in the last decade, particularly with the widespread adoption of laws authorizing the limited liability company (LLC). As a result, business owners have more flexibility in this area than ever before. Even so, older family businesses operated as S corporations may be ``locked'' into the corporate form, simply because of the tax cost of changing to another form. These businesses are thus unable to take advantages of the recent advancements in choice of entity.
In order to help these older businesses remain competitive with their younger rivals, the bill Senator ENZI and I introduce today will allow a one-time election for an S corporation to change to another form of business without incurring the normal tax cost of doing so.
Thousands of corporations have elected subchapter S status since President Eisenhower signed into law the Technical Amendments Act of 1958, which added subchapter S to the code. The legislative history makes clear that the purpose of subchapter S was to offer simplified tax rules for the small and family-owned business operating in the corporate form.
THIS SEARCH THIS DOCUMENT THIS CR ISSUE GO TO Next Hit Forward Next Document New CR Search Prev Hit Back Prev Document HomePage Hit List Best Sections Daily Digest Help Doc Contents