Definitions

“personal data”

any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;

“Processing”

any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, collection, organisation, classification, storage, adaptation or alteration, reading, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction;

“Profiling.”

any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or relocation of that natural person;

“Pseudonymization”

the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;

“Responsible”

the natural or legal person, authority, body, office or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller may or may provide for the specific criteria for his appointment in accordance with Union law or the law of the Member States;

“Contract processor”

a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller;

“Recipient”

a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;

“Third”

a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor;

“Consent”

to the data subject any voluntary statement of intent in the specific case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act, to which the data subject indicates his or her consent to the processing of personal data concerning him or her;