Article 10 - Transfers to jurisdictions without adequate level of protection

(1) A Data Controller may transfer Personal Data to a Recipient which is not subject to laws and regulations which ensure an adequate level of protection within the meaning of Article 9(1) on condition that:
(A) the QFC Authority has granted a permit for the transfer or the set of transfers and the Data Controller applies adequate safeguards with respect to the protection of this Personal Data;
(B) the Data Subject has given his unambiguous consent to the proposed transfer;
(C) the transfer is necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of precontractual measures taken in response to the Data Subject's request;
(D) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party;
(E) the transfer is necessary or legally required on grounds important in the interests of the QFC, or for the establishment, exercise or defence of legal claims;
(F) the transfer is necessary in order to protect the vital interests of the Data Subject;
(G) the transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case;
(H) the transfer is necessary for compliance with any legal obligation to which the Data Controller is subject;
(I) the transfer is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided that such is pursued in accordance with international financial standards and except where such interests are overridden by legitimate interests of the data subject relating to the Data Subject's particular situation; or
(J) the transfer is necessary to comply with auditing, accounting or anti money laundering obligations that apply to a Data Controller which is established in the QFC.
(2) An appeal against a decision by the QFC Authority to refuse to issue a permit referred to in Article 10(1)(A) may be made to the Tribunal.