2. ABOUT ME
Member of the Israeli Bar since 2006
Israel Export Institute since 2014
Ex-big law
Hi-tech specialist
E-mail: beverley@ht-ip-law.com
Tel: 054-4877985
3. AGENDA
The basics of export contracts
Typical hi-tech contracts
Please Note
14. PLEASE NOTE !
ANTI-BRIBERY
FCPA – Foreign Corrupt Practices Act
OECD Anti-bribery Convention
UK Bribery Act
Israeli Law
Recommend: Company anti-bribery
policy & undertaking in contracts
15. PLEASE NOTE !
SECURITY
CONTROLS
For goods, services and knowledge
incl. dual use equipment
Registration of company in the export
register
Registration of goods
Prior to marketing need marketing
license
Export license
Final user’s declaration
16. PLEASE NOTE !
GDPR!
Does it apply to you? Do you collect,
Receive, transmit, use, store or
otherwise process personal data of EU
persons?
Do you offer goods or services to
individuals in the EU?
Do you monitor behavior of individuals
in the EU?
Do you do any form of automated
processing intended to evaluate
certain personal aspects of an
individual?
17. PLEASE NOTE !
GDPR (2)
Lawful base for processing
Explicit Consent
Required to perform a contract
Necessary for the purposes of
legitimate interests pursued by the
controller or a third party, except
where such interests are overridden by
the interests, rights or freedoms of the
data subject
18. PLEASE NOTE !
GDPR (3)
The GDPR provides the following
rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erase
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated
decision making and profiling.
20. PLEASE NOTE !
MONEY
LAUNDERING
The process of making illegally gained
proceeds appear legal
Red flags
Ministry of Justice guidelines
Secretive client, incomplete information
Cash
Price is not an issue
Changes seller/lawyer/bank frequently
Using someone else’s letterhead/bank
account
Unusual speed/short -cuts requested
Product, IP, services (usually all three)
End user, reseller, who is your counterparty for warranty
In Israel – applicable law, jurisdiction; over sea…. Not consumer product then easier.
Example – of ACID
Cyber company.
Sells Cyber services….as SaaS and App.
Services – like red-hat, or db
SaaS – like ACID
SLA – like ACID
A value-added reseller (VAR) is a company that purchases the original or component product from the OEM and then adds to its value by adding features or services to the product, or by incorporating it into a larger product, before finally reselling it, most commonly to end users.
FCPA Forbids bribery to foreign officials
OECD forbids bribery of foreign officials
Since 2010 Act – bribery in general – giving or receiving, bribery of public officials; failure to prevent bribery (all commercial organizations which have business in the UK) he Act has been described as "the toughest anti-corruption legislation in the world
he GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Sensitive personal dataThe GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).
The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.
Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.
The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice.
Individuals have the right to access their personal data and supplementary information.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Individuals have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and
processing for purposes of scientific/historical research and statistics.
he GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.