Article 4 GDPR
Definitions

1)

*

personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

(2) processing means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, erasing or destroying;

3) Restriction of processing means marking stored personal data to limit future processing;

4) profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or forecast aspects of that individual's performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement;

(5) pseudonymization means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is covered by technical and organizational measures that prevent its attribution to an identified or identifiable natural person;

(6) dataset means an organized set of personal data accessible according to specific criteria, regardless of whether the set is centralized, decentralized or functionally or geographically dispersed;

(7) "controller" means a natural or legal person, public authority, entity or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, a controller may also be designated by Union or Member State law or specific criteria for its designation may be set forth;

8) "processor" means a natural or legal person, public authority, entity or other entity that processes personal data on behalf of the controller;

(9) "recipient" means a natural or legal person, public authority, entity or other entity to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific proceeding in accordance with Union law or the law of a Member State are not considered recipients; the processing of such data by such public authorities must comply with the data protection laws applicable according to the purposes of the processing;

10) "Third party" means a natural or legal person, public authority, entity or body other than the data subject, controller, processor or persons who, under the authority of the controller or processor, may process personal data;

11) "Consent" of a data subject means a voluntary, specific, informed and unequivocal demonstration of will by which the data subject, in the form of a statement or explicit affirmative action, consents to the processing of personal data concerning him;

12) "Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorized disclosure of, or unauthorized access to personal data transmitted, stored, or otherwise processed;

(13) "Genetic data" means personal data relating to the inherited or acquired genetic characteristics of an individual that reveal unique information about that individual's physiology or health and that result, in particular, from the analysis of a biological sample from that individual;

14) "Biometric data" means personal data that result from special technical processing, concern physical, physiological or behavioral characteristics of a natural person and enable or confirm the unique identification of that person, such as facial image or fingerprint data;

15) "Health data" means personal data about an individual's physical or mental health - including the use of health care services - revealing information about the individual's health status;

16) "main organizational unit" means:

(a) in the case of an administrator having an organisational unit in more than one Member State the place where its central administration is located in the Union, and where decisions on the purposes and methods of processing of personal data are taken by another organisational unit of that administrator in the Union and that organisational unit has the right to order the execution of such decisions, the main organisational unit shall be the organisational unit in which such decisions are taken;

(b) in the case of a processor with organisational units in more than one Member State the place where its central administration is located in the Union or, where the processor does not have a central administration in the Union the organisational unit of the processor in the Union where the main processing operations are carried out within the activities of the organisational unit of the processor, in so far as the processor is subject to specific obligations under this Regulation;

(17) "representative" means a natural or legal person residing or established in the Union who has been designated in writing by a controller or processor pursuant to Article 27 to represent the controller or processor with respect to their obligations under this Regulation;

18) "Entrepreneur" means an individual or legal entity engaged in business, regardless of legal form, including partnerships or associations engaged in regular business activities;

19) "Group of companies" means the controlling company and the companies controlled by it;

(20) "Binding corporate rules" means the personal data protection policies applied by a controller or processor that has an organizational unit on the territory of a Member State when transferring personal data to a controller or processor in one or more third countries on one or more occasions within a group of companies or a group of joint ventures;

21) "Supervisory authority" means an independent public body established by a Member State in accordance with Article 51;

(22) "concerned supervisory authority" means the supervisory authority concerned with the processing of personal data because:

(a) the administrator or processor has an organisational unit in the territory of the Member State of that supervisory authority;

(b) the processing significantly affects or may significantly affect data subjects residing in the Member State of that supervisory authority;

(c) or a complaint has been lodged against it;

23) “cross-border processing” means:

(24) "Relevant and legitimate objection" means an objection to a draft decision regarding whether there has been a violation of this Regulation or whether a planned action against a controller or processor complies with this Regulation, which objection must clearly indicate the gravity of the risk of violation of the fundamental rights or freedoms of data subjects arising from the draft decision and, where applicable, the gravity of the risk of interference with the free flow of personal data within the Union;

(25) “information society service” means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council

**

;

(26) "international organization" means an organization and its subordinate bodies operating under public international law or any other body established by or pursuant to an agreement between two or more states.