Definitions
For the purposes of this regulation, the following definitions shall apply:
"personal data" means any information relating to an identified or identifiable natural person ("the data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characterizing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
The first paragraph, opening words and part g, shall not apply if the signature relates to several documents of which the self-declaration is one;
"restrict processing" means marking stored personal data for the purpose of restricting their processing in the future;
"Profiling" means any form of automated processing of personal data in which certain personal aspects of a natural person are evaluated on the basis of personal data, in particular with the aim of analyzing or predicting his professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel;
"pseudonymization" means processing personal data in such a way that the personal data can no longer be linked to a specific data subject without the use of additional data, provided that such additional data are kept separately and technical and organizational measures are taken to ensure that the personal data are not linked to an identified or identifiable natural person;
"File" means any structured set of personal data that are accessible according to certain criteria, regardless of whether this set is centralized, decentralized or distributed on functional or geographical grounds.
"controller" means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, it may determine who the controller is or according to what criteria it is designated;
"processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
"recipient" means a natural or legal person, public authority, agency or any other body, whether a third party or not, to whom/which the personal data are disclosed. However, public authorities that may receive personal data in the context of a special investigation in accordance with Union or Member State law do not count as recipients; the processing of such data by those public authorities is consistent with the data protection rules applicable to the relevant processing purpose;
"third party" means any natural or legal person, public authority, agency or other body, other than the data subject, nor the controller, nor the processor, nor the persons authorized under the direct authority of the controller or processor to process the personal data;
"Consent" of the data subject means any freely given, specific, informed and unambiguous expression of will by which the data subject accepts, by means of a statement or an unambiguous active act, processing of personal data concerning him;
"personal data breach" means a security breach that results in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or unauthorized access to, data transmitted, stored or otherwise processed;
"Genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about that natural person's physiology or health and that result in particular from an analysis of a biological sample from that natural person;
"biometric data" means personal data resulting from a specific technical processing concerning the physical, physiological or behavioral characteristics of a natural person on the basis of which unambiguous identification of that natural person is possible or confirmed, such as facial images or fingerprint data;
"data concerning health" means personal data relating to the physical or mental health of a natural person, including data on health services provided that provide information about his health status;-
"headquarters";
with regard to a controller which has establishments in more than one Member State, the place where its central administration is situated in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller which is also situated in the Union and which is also authorized to carry out those decisions, in which case the establishment where those decisions are taken shall be considered to be the main establishment;
as regards a processor having establishments in more than one Member State, the location of its central administration in the Union or, where the processor does not have central administration in the Union, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor, insofar as the processor is subject to specific obligations under this Regulation data on the undertaking;
"representative" means a natural or legal person established in the Union who has been designated in writing by the controller or processor pursuant to Article 27 to represent the controller or processor in connection with their respective obligations under this Regulation;
"Enterprise" means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships and personal corporations or associations regularly engaged in an economic activity;
"group" means a controlling company and the companies controlled;
"Binding Corporate Rules" means personal data protection policies implemented by a controller or processor established on the territory of a Member State in relation to transfers or series of transfers of personal data to a controller or processor in one or more third countries within a group or group of undertakings engaged in joint economic activity;
"Supervisory authority" means an independent public authority established by a Member State pursuant to Article 51;
"supervisory authority concerned" means a supervisory authority involved in the processing of personal data because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in the Member State of that supervisory authority are or are likely to be substantially affected by the processing; or
a complaint has been filed with that supervisory authority;
"cross-border processing":
processing of personal data in the course of the activities of establishments in more than one Member State of a controller or a Union processor established in more than one Member State; or
processing of personal data in the course of the activities of one establishment of a controller or processor in the Union, which materially affects or is likely to materially affect data subjects in more than one Member State;
"Relevant and reasoned objection" means an objection to a draft decision on the existence of a breach of this Regulation or on the compliance of the proposed measure in relation to the controller or processor with this Regulation, which clearly demonstrates the extent of the risks that the draft decision poses to the fundamental rights and freedoms of data subjects and, where applicable, to the free movement of personal data within the Union;
"information society service" means a service as defined in Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council;
"international organization" means an organization and its constituent public international bodies or other organs established by or pursuant to an agreement between two or more countries.-.
