“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any process or set of processes that handle personal data, whether or not by automatic means, such as the collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
“File system”: any structured collection of personal data that is accessible based on specified criteria, whether such collection is maintained in a centralized, decentralized or functional or geographical manner;
“Controller” refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Recipient”: a natural or legal person, public authority, agency or other body to whom personal data is disclosed, be it a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as Recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
“Consent” means the freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to them.