Our privacy policy uses terms that are used and defined by the legal provisions of the GDPR. We will explain the key terms here, to ensure that you understand them.

1. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’).  An identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier (e.g. IP address or cookies), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. That fundamentally includes every action involving personal data, such as collection, storage, adaptation or alteration, use, transmission, dissemination, erasure or destruction, etc.

3. Responsible entity (controller)

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller must safeguard such data processing through the use of regularly inspected technical and organizational measures.

4. Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

5. Contract processor

A contract processor is a natural or legal person, public authority, agency or another body that processes personal data on behalf of the controller.

6. Recipient

The recipient is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with the laws of the European Union or its member states shall not be regarded as recipients.

7. Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons which, under the direct authority of the controller or processor, is authorized to process personal data.

8. Consent

Consent is an expression of the right to self-determination under data protection law.  It is the freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent may be revoked at any time.