This Code applies to the processing of personal data by the State and all of its organs, irrespective of whether the processing takes place within or outside the infrastructure of any host jurisdiction.
This Code applies to the processing of personal data by Kaharagian legal persons, regardless of where such legal persons are established, operate, or maintain their technical infrastructure.
This Code applies to the processing of personal data of Kaharagian nationals and of persons who have submitted to the jurisdiction of the Principality, where such processing is carried out by any person or entity that has itself submitted to Kaharagian jurisdiction.
The application of this Code is not dependent on the physical location of data storage, data processing equipment, or communications infrastructure. The Principality exercises personal jurisdiction over data processing activities in accordance with the principles set out in the Fundamental Laws, and the territorial location of data shall not, of itself, exclude the applicability of this Code.
Where the mandatory law of a host jurisdiction in which a Kaharagian organ, legal person, or natural person operates imposes data protection obligations that conflict with this Code, the mandatory law of the host jurisdiction shall prevail to the extent of the conflict, in accordance with Article 42(1) of the Fundamental Laws. The controller shall document any such conflict and the measures taken to comply with both legal orders to the greatest extent possible.
Where personal data is processed jointly by a Kaharagian controller and a controller subject to a foreign legal order, this Code applies to the processing activities carried out by or on behalf of the Kaharagian controller.