Electronic Transactions
1
2
2010 No. C 2631
these choices, and the implications of such choices;
(c) how a consumer may review and correct or remove such information;
3
and
4
(d) when the service provider or vendor uses computer cookies, how and
5
why they are used and the consequences of consumers’ refusal to accept
6
a computer cookie.
7
(3) A service provider or vendor shall limit its collection, use and
8
disclosure of personal information to that which a reasonable person would
9
consider appropriate in the circumstances.
10
(4) A service provider or vendor shall not, as a condition for a transaction,
11
require a consumer to consent to the collection, use or disclosure of personal
12
information beyond that necessary to complete the sale.
13
14
personal information is required, and cannot reasonably be obtained, such
15
consent shall be provided separately in a clearly worded, online opt-in or
16
opt-out process.
17
18
information to third parties, the service provider or vendor shall remain
19
responsible for the protection of that information. Before any such transfer,
20
the service provider or vendor shall ensure, through contractual or other
21
means, that the third party complies with the privacy provisions of this Act.
22
36. Any unsolicited electronic messages sent by a service provider or
23
vendor to a consumer shall prominently display a return address and shall
24
clearly provide a simple procedure by which a consumer can notify the sender
25
that he does not wish to receive such messages.
(5) When a consumer’s consent to the collection, use and disclosure of
(6) When a service provider or vendor transfers a consumer’s personal
26
Part VII — Liability of Service Providers or Vendors
27
37.—(1) A service provider or vendor is not liable for providing access
28
to or for operating facilities for transmitting, routing or storage of electronic
29
records via an information system under its control, provided the service
30
provider or vendor —
31
(a) does not initiate the transmission;