regorousGDPRruleset.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RuleSet xmlns="http://www.nicta.com.au/bpc/CombinedRuleSetDefinition/0.1" description="Personal Data Protection" version="0.1" displayName="GDPR" uri="GDPR">
	<Vocabulary>
		<Term atom="Proc" description="Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or  not  by automated  means, such as collection, recording, organisation, structuring,  storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction"/>
		<Term atom="GiveConsent" description="Consent given by the data subject means any freely given, specific, informed  and  unambiguous indication of  the  data subject's wishes by  which  he  or  she,  by  a  statement or  by  a  clear  affirmative action, signifies  agreement to  the processing of personal data relating to him or her"/>
		<Term atom="Contract" description="Contract: agreement between two parties, either in force or to make in force; one of the parties is the data subject"/>
		<Term atom="VI" description="Vital Interests: interests which safeguard the survival or health of the person concerned"/>
		<Term atom="DemonstrateConsent" description="Consent demonstrated by the controller means that record must be duly kept by the controller (Registry of Processing Activity, ROPA), etc. etc."/>
		<Term atom="WithdrawConsent" description="Right of the data subjec to withdraw his/her consent for the processing of personal data"/>
		<Term atom="ProvideTransparentInfo" description="The controller provide the data subject with transparent information about his rights and how its data are used"/>
		<Term atom="RevealSensitiveData" description="This concept represents the possibility to entail sensitive from processing. Sensitive data can be racial data, entail ethnic, religious beliefs data, genetic data, biometric data, health data, sex life data, or sexual orientation data (see subsequent predicates)"/>
		<Term atom="RevealRacialData" description="This concept represents the possibility to entail racial data from processing."/>
		<Term atom="RevealEthnicOriginData" description="This concept represents the possibility to entail ethnic origin data from processing."/>
		<Term atom="RevealReligiousBeliefsData" description="This concept represents the possibility to entail religious beliefs data from processing."/>
		<Term atom="RevealGeneticData" description="This concept represents the possibility to entail genetic data from processing."/>
		<Term atom="RevealBiometricData" description="This concept represents the possibility to entail biometric data from processing."/>
		<Term atom="RevealHealthData" description="This concept represents the possibility to entail health data from processing."/>
		<Term atom="RevealSexLifeData" description="This concept represents the possibility to entail sex life data from processing."/>
		<Term atom="RevealSexualOrientationData" description="This concept represents the possibility to entail sexual orientation data from processing."/>
		<Term atom="PhysicallyUnableToGiveConsent" description="This concept represents the physical inability for a data subject to give consent (see GDPR, Art.9.2(c))."/>
		<Term atom="LegallyUnableToGiveConsent" description="This concept represents the legal inability for a data subject to give consent (see GDPR, Art.9.2(c))."/>
		<Term atom="PubHealth" description="Public interest in the field of public health."/>	
		<Term atom="Research" description="Scientific or historical research purposes: it is intended in accordance with Article 89(1) based on Union or Member State law and it shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject."/>
		<Term atom="Statistical" description="Statistical purposes: it is intended in accordance with Article 89(1) based on Union or Member State law and it shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject."/>
		<Term atom="Collect" description="Collection of personal data with the aim of processing."/>
		<Term atom="CollectFromThirdParty" description="Collection of personal data from third parties (different from the data subject) with the aim of processing."/>
		<Term atom="ProvideControllerIdentityAndContactDetails" description="The identify and contacts details of the controller of a certain personal data processing."/>
		<Term atom="ProvideControllerRepresentativeIdentityAndContactDetails" description="The identify and contacts details of the representative of the controller of a certain personal data processing."/>
		<Term atom="ProvideDataProtectionOfficerContactDetails" description="The contacts details of the data protection officer of a certain personal data processing."/>	
		<Term atom="ProvideInfoAboutPurpose" description="The final goal of the processing for which the personal data are intended."/>
		<Term atom="ProvideInfoAboutLegalBasis" description="The legal basis that allows and regulates the processing for which the personal data are intended."/>	
		<Term atom="ProvideInfoAboutRecipient" description="Recipient or category of recipients. A recipient is a natural or legal person, public authority, agency or another body, or categories of recipients, to which the personal data are disclosed, whether a  third  party  or  not.  However,  public authorities  which may  receive personal data  in  the framework  of  a  particular inquiry  in  accordance with  Union  or  Member State  law  shall  not  be  regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing."/>
		<Term atom="ProvideInfoAboutStorage" description="The time period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period, to ensure fair and transparent processing."/>
		<Term atom="ProvideInfoAboutRightToRequestAccess" description="The right of the data subject to access at her/his personal data."/>
		<Term atom="ProvideInfoAboutRightToRectify" description="The right of the data subject to ratify her/his personal data."/>
		<Term atom="ProvideInfoAboutRightToErase" description="The right of the data subject to erasure of her/his personal data."/>
		<Term atom="ProvideInfoAboutRightToRestrict" description="The right of the data subject to request the restriction of processing of her/his personal data."/>
		<Term atom="ProvideInfoAboutRightToObject" description="The right of data subject to object to processing of her/his personal data."/>
		<Term atom="ProvideInfoAboutRightToDataPortability" description="The right of portability of the personal data concerning the data subject processing."/>
		<Term atom="ProvideInfoAboutRightToWithdrawConsent" description="The right of withdrawal of consent at any time, where the processing is based on point (a) of Article 6(1), without affecting the lawfulness of processing based on consent before its withdrawal."/>
		<Term atom="ProvideInfoAboutRightToLodgeComplaints" description="The right of the data subject to lodge a complaint with a supervisory authority about the processing of his/her personal data. The supervisory authority is an independent public authority which is established by a Member State pursuant to Article 51"/>
		<Term atom="ProvideInfoAboutContractualObligations" description="Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data."/>
		<Term atom="ProvideInfoAboutAutomatedDecisionMaking" description="Automated decision-making, including profiling, the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."/>
		<Term atom="ProvideInfoAboutSourceOfData" description="The source which the personal data originate and if it came from publicly accessible sources."/>
	</Vocabulary>
    <Rules>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.6.0">
            <ControlObjective>Processing of personal data is prohibited.</ControlObjective>
	    <FormalRepresentation>=&gt; [OM]-Proc</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.6.1a">
            <ControlObjective>Processing shall be lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.</ControlObjective>
            <FormalRepresentation>GiveConsent =&gt; [P]Proc</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.6.1b">
            <ControlObjective>Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.</ControlObjective>
            <FormalRepresentation>Contract =&gt; [P]Proc</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.6.1d">
            <ControlObjective>processing is necessary in order to protect the vital interests of the data subject or of another natural person.</ControlObjective>
            <FormalRepresentation>VI =&gt; [P]Proc</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.7.1">
            <ControlObjective>If processing is based on consent, the controller shall be able to demonstrate the consent.</ControlObjective>
            <FormalRepresentation>GiveConsent =&gt; [OM]DemonstrateConsent</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.7.3.part1">
            <ControlObjective>The data subject can withdraw his/her consent at any time</ControlObjective>
            <FormalRepresentation>=&gt; [P]WithdrawConsent</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.7.3.part2">
            <ControlObjective>If the data subject withdraw his/her consent, processing of personal data is prohibited.</ControlObjective>
            <FormalRepresentation>WithdrawConsent =&gt; [OM]-Proc</FormalRepresentation>
        </Rule>				
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.7.3.part3">
            <ControlObjective>The controller shall inform the data subject about his rights (which include the possibility of withdrawing consent).</ControlObjective>
            <FormalRepresentation>Proc =&gt; [OAPNP]ProvideTransparentInfo</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1">
            <ControlObjective>Processing of personal data revealing sensitive data shall be prohibited.</ControlObjective>
            <FormalRepresentation>RevealSensitiveData =&gt; [OM]-Proc</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const1">
            <ControlObjective>Racial data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealRacialData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const2">
            <ControlObjective>Ethnic origin data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealEthnicOriginData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const3">
            <ControlObjective>Religious belief data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealReligiousBeliefsData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const4">
            <ControlObjective>Genetic data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealGeneticData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const5">
            <ControlObjective>Biometric data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealBiometricData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const6">
            <ControlObjective>Health data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealHealthData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const7">
            <ControlObjective>Sex life data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealSexLifeData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.1const7">
            <ControlObjective>Sexual orientation data are sensitive data.</ControlObjective>
            <FormalRepresentation>RevealSexualOrientationData =&gt; RevealSensitiveData</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.2c.part1">
            <ControlObjective>Processing of personal data revealing sensitive data is permitted if it is necessary to protect the vital interests of the data subject or of another natural person AND the data subject is physically unable to give consent.</ControlObjective>
            <FormalRepresentation>VI, RevealSensitiveData, PhysicallyUnableToGiveConsent =&gt; [P]Proc</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.2c.part1">
            <ControlObjective>Processing of personal data revealing sensitive data is permitted if it is necessary to protect the vital interests of the data subject or of another natural person AND the data subject is legally unable to give consent.</ControlObjective>
            <FormalRepresentation>VI, RevealSensitiveData, LegallyUnableToGiveConsent =&gt; [P]Proc</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.2i">
            <ControlObjective>Processing of personal data revealing sensitive data is permitted for reasons of public interest in the field of public health.</ControlObjective>
            <FormalRepresentation>PubHealth, RevealSensitiveData =&gt; [P]Proc</FormalRepresentation>
        </Rule>		
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.2j.part1">
            <ControlObjective>Processing of personal data revealing sensitive data is permitted for scientific or historical research purposes in accordance with Article 89(1) based on Union or Member State law and it shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.</ControlObjective>
            <FormalRepresentation>Research, RevealSensitiveData =&gt; [P]Proc</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.9.2j.part2">
            <ControlObjective>Processing of personal data revealing sensitive data if processing is necessary for statistical purposes in accordance with Article 89(1) based on Union or Member State law and it shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.</ControlObjective>
            <FormalRepresentation>Statistical, RevealSensitiveData =&gt; [P]Proc</FormalRepresentation>
        </Rule>
		<Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1">
            <ControlObjective>If the controller is allowed to process data from the data subject, it is also allowed to collect data from the data subject.</ControlObjective>
            <FormalRepresentation>[P]Proc =&gt; [P]Collect</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1a.part1">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the identity and the contact details of the controller.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideControllerIdentityAndContactDetails</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1a.part2">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the identity and the contact details of the controller's representative.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideControllerRepresentativeIdentityAndContactDetails</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1b">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the contact details of the data protection officer.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideDataProtectionOfficerContactDetails</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1c.part1">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the purposes of the processing for which the personal data are intended.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutPurpose</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1c.part1">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the legal basis of the processing for which the personal data are intended.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutLegalBasis</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.1e">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the recipients or categories of recipients of the personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRecipient</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2a">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutStorage</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part1">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request from the controller access to the personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToRequestAccess</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part2">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request the controller to rectify the personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToRectify</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part3">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request the controller to erase the personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToErase</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part4">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request the controller to restrict the processing of personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToRestrict</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part5">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request the controller to restrict the processing of personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToObject</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2b.part6">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about existence of the right to request the controller to restrict the processing of personal data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToDataPortability</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2dpart1">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the right to withdrawal consent at any time, where the processing is based on point (a) of Article 6(1), without affecting the lawfulness of processing based on consent before its withdrawal.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToWithdrawConsent</FormalRepresentation>
        </Rule>		
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2dpart2">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the right to lodge a complaint with a supervisory authority.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutRightToLodgeComplaints</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2e">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about if the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutContractualObligations</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.13.2f">
            <ControlObjective>Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information about the existence of automated decision-making, including profiling, meaningful information about the logic involved, the significance and the envisaged consequences of such processing for the data subject.</ControlObjective>
            <FormalRepresentation>Collect =&gt; [OAPNP]ProvideInfoAboutAutomatedDecisionMaking</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.14.1">
            <ControlObjective>Data may be collected from third parties. The same obligations for collections of data from the data subject hold.</ControlObjective>
            <FormalRepresentation>CollectFromThirdParty =&gt; Collect</FormalRepresentation>
        </Rule>
        <Rule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="DflRuleType" ruleLabel="Art.14.2f">
            <ControlObjective>Where personal data relating to a data subject are collected from a third party, the controller shall, at the time when personal data are obtained, provide the data subject with the information about from which source the personal data originate, and if applicable, whether it came from publicly accessible sources.</ControlObjective>
            <FormalRepresentation>CollectFromThirdParty =&gt; [OAPNP]ProvideInfoAboutSourceOfData</FormalRepresentation>
        </Rule>
    </Rules>
	<SuperiorityRelations>
		<!-- These three rules permit the processing of personal data. Thus, they override its prohibition. -->
		<SuperiorityRelation superiorRuleLabel="Art.6.1a" inferiorRuleLabel="Art.6.0"/>
		<SuperiorityRelation superiorRuleLabel="Art.6.1b" inferiorRuleLabel="Art.6.0"/>
		<SuperiorityRelation superiorRuleLabel="Art.6.1d" inferiorRuleLabel="Art.6.0"/>
		
		<!-- If the consent is withdrawn, processing is no longer permitted: Art.6.1a must be overriden. --> 
		<SuperiorityRelation superiorRuleLabel="Art.7.3.part2" inferiorRuleLabel="Art.6.1a"/>
		
		<!-- given consent allows the processing of sensitive data (racial, genetic, biometric, sexual orientation, etc. data) -->
		<SuperiorityRelation superiorRuleLabel="Art.6.1a" inferiorRuleLabel="Art.9.1"/>

		<!-- protection of the vital interests of the data subject or of another natural person allows the processing of sensitive data (racial, genetic, biometric, etc. data),
		but only on condition that the data subject is physically or legally incapable of giving consent (predicate PhysicallyOrLegallyUnableToGiveConsent) -->
		<SuperiorityRelation superiorRuleLabel="Art.9.2c" inferiorRuleLabel="Art.9.1"/>
		
		<!-- reasons of public interest in the field of public health allows the processing of sensitive data (racial, genetic, biometric, etc. data) -->
		<SuperiorityRelation superiorRuleLabel="Art.9.2i" inferiorRuleLabel="Art.9.1"/>
		
		<!-- scientific or historical research purposes in accordance with Article 89(1) based on Union or Member State law allows the processing of sensitive data (racial, genetic, biometric, etc. data) -->
		<SuperiorityRelation superiorRuleLabel="Art.9.2j.part1" inferiorRuleLabel="Art.9.1"/>
		
		<!-- statistical purposes in accordance with Article 89(1) based on Union or Member State law allows the processing of sensitive data (racial, genetic, biometric, etc. data) -->
		<SuperiorityRelation superiorRuleLabel="Art.9.2j.part2" inferiorRuleLabel="Art.9.1"/>
	</SuperiorityRelations>
</RuleSet>