Article 15Confidentiality
1.An application for authorisation shall include the applicant CSD's policies and procedures put in place for preventing the unauthorised use or disclosure of confidential information. Confidential information shall include the following information:
(a)information relating to participants, clients, issuers or other users of the applicant CSD services;
(b)other information held by the applicant CSD as a result of its business activity not permitted to be used for commercial purposes.
2.An application for authorisation shall include the following information concerning the access of staff to information held by the applicant CSD:
(a)the internal procedures concerning permissions of access to information that ensure secured access to data;
(b)a description of any restrictions on the use of data for reasons of confidentiality.