In the event that the Data Controller sends or transfers the Personal Data to a foreign country, the destination country or international organization that receives such Personal Data shall have adequate data protection standard, and shall be carried out in accordance with the rules for the protection of Personal Data as prescribed by the Committee in section 16(5), except in the following circumstances:
(1) where it is for compliance with the law;
(2) where the consent of the data subject has been obtained, provided that the data subject has been informed of the inadequate Personal Data protection standards of the destination country or international organization;
(3) where it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
(4) where it is for compliance with a contract between the Data Controller, and other Persons or juristic persons for the interests of the data subject;
(5) where it is to prevent or suppress a danger to the life, body, or health of the data subject or other Persons, when the data subject is incapable of giving the consent at such time; public interest.
(6) where it is necessary for carrying out the activities in relation to substantial
In the event that there is a problem with regard to the adequacy of Personal Data
protection standards of the destination country or international organization, such problem shall be submitted to the Committee to decide. The decision made by the Committee may be reviewed when there is a new evidence convincing that the destination country or international organization that receives such Personal Data has developed adequate Personal Data protection standards.