7. Article

1. a)) "personal data" means any information relating to an identified or identifiable individual ("data subject");
2. b)) "automated data file" means any set of data undergoing automatic processing;
3. c)) "automatic processing" includes the following operations if carried out in whole or in part by automated means: storage of data, carrying out of logical and/or arithmetical operations on those data, their alteration, erasure, retrieval or dissemination;
4. d)) "controller of the file" means the natural or legal person, public authority, agency or any other body who is competent according to the national law to decide what should be the purpose of the automated data file, which categories of personal data should be stored and which operations should be applied to them.
5. a)) that it will not apply this Convention to certain categories of automated personal data files, a list of which will be deposited. In this list it shall not include, however, categories of automated data files subject under its domestic law to data protection provisions. Consequently, it shall amend this list by a new declaration whenever additional categories of automated personal data files are subjected to data protection provisions under its domestic law;
6. b)) that it will also apply this Convention to information relating to groups of persons, associations, foundations, companies, corporations and any other bodies consisting directly or indirectly of individuals, whether or not such bodies possess legal personality;
7. c)) that it will also apply this Convention to personal data files which are not processed automatically.
8. a)) obtained and processed fairly and lawfully;
9. b)) stored for specified and legitimate purposes and not used in a way incompatible with those purposes;
10. c)) adequate, relevant and not excessive in relation to the purposes for which they are stored;
11. d)) accurate and, where necessary, kept up to date;
12. e)) preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored.
13. a)) to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;
14. b)) to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;
15. c)) to obtain, as the case may be, rectification or erasure of such data if these have been processed contrary to the provisions of domestic law giving effect to the basic principles set out in Articles 5 and 6 of this Convention;
16. d)) to have a remedy if a request for confirmation or, as the case may be, communication, rectification or erasure as referred to in paragraphs b and c of this article is not complied with.
17. a)) protecting State security, public safety, the monetary interests of the State or the suppression of criminal offences;
18. b)) protecting the data subject or the rights and freedoms of others.
19. a)) insofar as its legislation includes specific regulations for certain categories of personal data or of automated personal data files, because of the nature of those data or those files, except where the regulations of the other Party provide an equivalent protection;
20. b)) when the transfer is made from its territory to the territory of a non Contracting State through the intermediary of the territory of another Party, in order to avoid such transfers resulting in circumvention of the legislation of the Party referred to at the beginning of this paragraph.
21. a)) each Party shall designate one or more authorities, the name and address of each of which it shall communicate to the Secretary General of the Council of Europe;
22. b)) each Party which has designated more than one authority shall specify in its communication referred to in the previous sub-paragraph the competence of each authority.
23. a)) furnish information on its law and administrative practice in the field of data protection;
24. b)) take, in conformity with its domestic law and for the sole purpose of protection of privacy, all appropriate measures for furnishing factual information relating to specific automatic processing carried out in its territory, with the exception however of the personal data being processed.
25. a)) the name, address and any other relevant particulars identifying the person making the request;
26. b)) the automated personal data file to which the request pertains, or its controller;
27. c)) the purpose of the request.
28. a)) the request is not compatible with the powers in the field of data protection of the authorities responsible for replying;
29. b)) the request does not comply with the provisions of this Convention;
30. c)) compliance with the request would be incompatible with the sovereignty, security or public policy (ordre public) of the Party by which it was designated, or with the rights and fundamental freedoms of persons under the jurisdiction of that Party.
31. a)) may make proposals with a view to facilitating or improving the application of the Convention;
32. b)) may make proposals for amendment of this Convention in accordance with Article 21;
33. c)) shall formulate its opinion on any proposal for amendment of this Convention which is referred to it in accordance with Article 21, paragraph 3;
34. d)) may, at the request of a Party, express an opinion on any question concerning the application of this Convention.
35. a)) any signature;
36. b)) the deposit of any instrument of ratification, acceptance, approval or accession;
37. c)) any date of entry into force of this Convention in accordance with Articles 22, 23 and 24;
38. d)) any other act, notification or communication relating to this Convention.