... 2. Ní áireofar na sonraí pearsanta ar fad ná na catagóirí sonraí pearsanta ar fad atá sa chlár i gcás aistrithe de bhun phointe (g) den chéad fhomhír de mhír 1. I gcás ina bhfuil sé beartaithe go bhféadfaidh daoine a bhfuil leas dlisteanach acu an clár a cheadú, ní dhéanfar an t-aistriú ach ar iarraidh ó na daoine sin nó má tá siad le bheith ina bhfaighteoirí. ...
... 2. A transfer pursuant to point (g) of the first subparagraph of paragraph 1 shall not involve the entirety of the personal data or entire categories of the personal data contained in the register. Where the register is intended for consultation by persons having a legitimate interest, the transfer shall be made only at the request of those persons or if they are to be the recipients. ...
... 4. Déanfar an leas poiblí dá dtagraítear i bpointe (d) den chéad fhomhír de mhír 1 a bheith aitheanta i ndlí an Aontais nó i ndlí an Bhallstáit a bhfuil an rialaitheoir faoina réir. ...
... 4. The public interest referred to in point (d) of the first subparagraph of paragraph 1 shall be recognised in Union law or in the law of the Member State to which the controller is subject. ...
... ...
... Under Article 12.1, the default position for the provision of information to, or communications with, data subjects is that the information is in writing. [23] (Article 12.7 also provides for information to be provided in combination with standardised icons and this issue is considered in the section on visualisation tools at paragraphs 49 to 53). However, the GDPR also allows for other, unspecified “means” including electronic means to be used. WP29’s position with regard to written electronic means is that where a data controller maintains (or operates, in part or in full, through) a website, WP29 recommends the use of layered privacy statements/ notices, which allow website visitors to navigate to particular aspects of the relevant privacy statement/ notice that are of most interest to them (see more on layered privacy statements/ notices at paragraph 35 to 37). [24]However,the entirety of the information addressed to data subjects should also be available to them in one single place or one complete document (whether in a digital or paper format) which can be easily accessed by a data subject should they wish to consult the entirety of the information addressed to them. Importantly, the use of a layered approach is not confined only to written electronic means for providing information to data subjects. As discussed at paragraphs 35 to 36 and 38 below, a layered approach to the provision of information to data subjects may also be utilised by employing a combination of methodsto ensure transparency in relation to processing. ...
... 8. Déanfaidh an Coimisiún liosta a fhoilsiú, in Iris Oifigiúil an Aontais Eorpaigh agus ar a shuíomh gréasáin, de na tríú tíortha, de na críocha agus de na hearnálacha sonraithe i dtríú tír agus de na heagraíochtaí idirnáisiúnta ar chinn an Coimisiún ina leith go raibh nó nach raibh a leibhéil chosanta leormhaith. ...
... 8. The Commission shall publish in the Official Journal of the European Union and on its website a list of the third countries, territories and specified sectors within a third country and international organisations for which it has decided that an adequate level of protection is or is no longer ensured. ...
... 5. Cuirfidh Cathaoirleach an Bhoird an cinneadh dá dtagraítear i mír 1 in iúl do na húdaráis mhaoirseachta lena mbaineann gan aon mhoill mhíchuí. Cuirfidh sé an Coimisiún ar an eolas ina thaobh sin. Foilseofar an cinneadh gan mhoill ar shuíomh gréasáin an Bhoird tar éis don údarás maoirseachta fógra a thabhairt faoin gcinneadh críochnaitheach dá dtagraítear i mír 6. ...
... 5. The Chair of the Board shall notify, without undue delay, the decision referred to in paragraph 1 to the supervisory authorities concerned. It shall inform the Commission thereof. The decision shall be published on the website of the Board without delay after the supervisory authority has notified the final decision referred to in paragraph 6. ...
... 6. Glacfaidh an príomhúdarás maoirseachta, nó, de réir mar a bheidh, an t-údarás maoirseachta ar taisceadh an gearán leis cinneadh críochnaitheach ar bhonn an chinnidh dá dtagraítear i mír 1 den Airteagal seo, gan aon mhoill mhíchuí agus tráth nach déanaí ná aon mhí amháin tar éis don Bhord fógra a thabhairt maidir lena chinneadh. Déanfaidh an príomhúdarás maoirseachta, nó, de réir mar a bheidh, an t-údarás maoirseachta ar taisceadh an gearán leis, an Bord a chur ar an eolas faoin dáta a gcuirfear fógra faoina chinneadh críochnaitheach chuig an rialaitheoir nó chuig an bpróiseálaí agus chuig an ábhar sonraí, faoi seach. Glacfar cinneadh críochnaitheach na n-údarás maoirseachta lena mbaineann faoi théarmaí Airteagal 60(7), (8) agus (9). Tagrófar sa chinneadh críochnaitheach don chinneadh dá dtagraítear i mír 1, agus sonrófar ann go ndéanfar an cinneadh dá dtagraítear i mír 1 den Airteagal seo a fhoilsiú ar shuíomh gréasáin an Bhoird i gcomhréir le mír 5 den Airteagal seo. Ceanglófar leis an gcinneadh críochnaitheach an cinneadh dá dtagraítear i mír 1 den Airteagal seo. ...
... 6. The lead supervisory authority or, as the case may be, the supervisory authority with which the complaint has been lodged shall adopt its final decision on the basis of the decision referred to in paragraph 1 of this Article, without undue delay and at the latest by one month after the Board has notified its decision. The lead supervisory authority or, as the case may be, the supervisory authority with which the complaint has been lodged, shall inform the Board of the date when its final decision is notified respectively to the controller or the processor and to the data subject. The final decision of the supervisory authorities concerned shall be adopted under the terms of Article 60(7), (8) and (9). The final decision shall refer to the decision referred to in paragraph 1 of this Article and shall specify that the decision referred to in that paragraph will be published on the website of the Board in accordance with paragraph 5 of this Article. The final decision shall attach the decision referred to in paragraph 1 of this Article. ...
... (23) Chun a áirithiú nach ndéantar an chosaint atá daoine nádúrtha i dteideal a fháil faoin Rialachán seo a bhaint díobh, ba cheart an phróiseáil a dhéanann rialaitheoir nó próiseálaí nach bhfuil bunaithe san Aontas ar shonraí pearsanta na n-ábhar sonraí agus atá san Aontas a bheith faoi réir an Rialacháin seo i gcás ina mbaineann na gníomhaíochtaí próiseála le hearraí nó seirbhísí a thairiscint d'ábhair sonraí den sórt sin beag beann ar cé acu an bhfuil an tairiscint bainteach le híocaíocht nó nach bhfuil. Chun a chinneadh an bhfuil earraí nó seirbhísí á dtairiscint ag an rialaitheoir nó ag an bpróiseálaí sin d'ábhair sonraí, ar daoine iad atá san Aontas, ba cheart a fháil amach an bhfuil sé soiléir go bhfuil sé beartaithe ag an rialaitheoir nó ag an bpróiseálaí seirbhísí a thairiscint d'ábhair sonraí i gceann amháin nó níos mó de na Ballstáit atá san Aontas. De bhrí nach leor inrochtaineacht ar shuíomh gréasáin an rialaitheora, an phróisealaí ná idirghabhálaí san Aontas, ar sheoladh ríomhphoist nó ar shonraí teagmhála eile nó ar theanga a mbaintear úsáid aisti i gcoitinne i dtríú tír ina bhfuil an rialaitheoir bunaithe, chun a fháil amach an bhfuil rún den sórt sin ag an rialaitheoir, d'fhéadfadh sé go dtabharfaí le fios, le fachtóirí amhail úsáid teanga nó airgeadra a mbaintear úsáid aisti nó as i gcoitinne i mBallstát amháin nó níos mó a bhfuil an deis ann nó iontu earraí agus seirbhísí a ordú sa teanga eile sin, nó le fachtóir amhail custaiméirí nó úsáideoirí atá san Aontas a bheith á lua, go bhfuil sé beartaithe ag an rialaitheoir earraí nó seirbhísí a thairiscint san Aontas d'ábhair sonraí. ...
... (23) In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects who are in the Union by a controller or a processor not established in the Union should be subject to this Regulation where the processing activities are related to offering goods or services to such data subjects irrespective of whether connected to a payment. In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union. ...
... (32) Ba cheart toiliú a thabhairt trí ghníomh soiléir dearfach lena mbunaítear cur in iúl a thugann a t-ábhar sonraí faoi shaoirse agus atá sonrach, feasach agus gan athbhrí á rá go n-aontaíonn an t-ábhar sonraí le sonraí pearsanta a bhaineann leis nó léi a phróiseáil, amhail trí ráiteas scríofa, lena n-áirítear trí mheán leictreonach, nó ráiteas ó bhéal. D'fhéadfaí go n-áireofaí air sin tic a chur i mbosca nuair a thugtar cuairt ar shuíomh gréasáin idirlín, socruithe teicniúla a roghnú do sheirbhísí na sochaí faisnéise nó trí ráiteas nó iompar eile lena gcuirtear in iúl go soiléir sa chomhthéacs sin go dtoilíonn an t-ábhar sonraí leis an bpróiseáil atá beartaithe a dhéanamh ar a shonraí pearsanta nó ar a sonraí pearsanta. Dá bhrí sin, níor cheart gurbh ionann agus toiliú iad tost, boscaí ar cuireadh tic leo roimh ré nó neamhghníomhaíocht. Ba cheart don toiliú gach gníomhaíocht próiseála arna déanamh chun na críche céanna nó chun na gcríoch céanna a chumhdach. I gcás ina bhfuil an iliomad críoch leis an bpróiseáil, ba cheart toiliú a thabhairt dóibh uile. Má tá an t-ábhar sonraí le toiliú leis an bpróiseáil tar éis iarraidh trí mheán leictreonach a fháil chuige sin, ní mór don iarraidh sin a bheith soiléir achomair agus níor cheart di cur isteach barraíocht ar úsáid na seirbhíse ar ina leith a tugadh an toiliú. ...
... (32) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided. ...
... (58) Ceanglaítear le prionsabal na trédhearcachta gur cheart é a bheith éasca rochtain a fháil ar aon fhaisnéis atá dírithe ar an bpobal nó ar an ábhar sonraí, gur cheart don fhaisnéis sin a bheith gonta agus éasca a thuiscint agus gur cheart í a bheith i dteanga shoiléir shimplí agus, sa bhreis air sin, gur cheart úsáid a bhaint as léirshamhlú, i gcás inarb ábhartha. D'fhéadfaí faisnéis den sórt sin a chur ar fáil i bhfoirm leictreonach, mar shampla, agus í dírithe ar an bpobal, trí shuíomh gréasáin. Tá ábharthacht ar leith ag baint leis sin i staideanna ina bhfágann iomadú na ngníomhaithe agus castacht theicneolaíoch an chleachtais nach éasca don ábhar sonraí a bheith ar an eolas faoi cibé an bhfuil sonraí pearsanta a bhaineann leis nó léi á mbailiú, faoi cé atá á mbailiú agus faoi cad chuige a bhfuil siad á mbailiú, agus nach éasca dó nó di an méid sin a thuiscint, amhail i gcás fógraíocht ar líne. Toisc go bhfuil cosaint ar leith dlite do leanaí, ba cheart aon fhaisnéis agus cumarsáid maidir le próiseáil a bhaineann le leanbh a thabhairt i dteanga shoiléir shimplí le go bhféadfaidh an leanbh í a thuiscint go héasca. ...
... (58) The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand. ...
... (67) I modhanna chun srian a chur leis an bpróiseáil a dhéantar ar shonraí pearsanta, d'fhéadfaí a áireamh, inter alia, na sonraí a roghnaítear a aistriú go sealadach chuig córas eile próiseála, rud a chuirfeadh na sonraí pearsanta a roghnaítear ar fáil d'úsáideoirí, nó na sonraí a foilsíodh a bhaint de shuíomh gréasáin ar bhonn sealadach. I gcórais chomhdúcháin uathoibrithe, is trí bhealach teicniúil ba cheart an srianadh ar phróiseáil sonraí pearsanta a áirithiú i bprionsabal ar shlí nach bhfuil na sonraí pearsanta faoi réir tuilleadh oibríochtaí próiseála agus nach féidir iad a athrú. Ba cheart a léiriú go soiléir sa chóras go bhfuil srian ar shonraí pearsanta a phróiseáil. ...
... (67) Methods by which to restrict the processing of personal data could include, inter alia, temporarily moving the selected data to another processing system, making the selected personal data unavailable to users, or temporarily removing published data from a website. In automated filing systems, the restriction of processing should in principle be ensured by technical means in such a manner that the personal data are not subject to further processing operations and cannot be changed. The fact that the processing of personal data is restricted should be clearly indicated in the system. ...