Cookies |
A cookie is a small amount of data the web server sends to the browser and then stores on your computer, tablet or other device from which you access the web. Each time the browser visits the same server, the browser sends the data back to the web server.
Cookies are commonly used to distinguish individual users, store user preferences and so on. They also help the server know what sections of the site you have been to, and enable you to return to the previous page. Cookies can also be set on the server side.
Cookies as such are not executable code and are not dangerous to your computer, but may be a means of interfering with your privacy.
|
Supervisory authority concerned |
The supervisory authority which deals with the processing of personal data because:
- the administrator or processor is established in the territory of the Member State of that supervisory authority;
- data subjects residing in the Member State of that supervisory authority are, or are likely to be, substantially affected by the processing; or
- a complaint was filed with them
|
Supervisory authority |
An independent public authority set up by a Member State under Article 51 of the GDPR.
|
International organisation |
An organisation and its subordinate entities subject to international law by a public or other entity established by or on the basis of an agreement between two or more countries.
|
Restricted processing |
Designation of personal data stored to restrict their processing in the future.
|
Personal data and data subject |
Any information about an identified or identifiable natural person (a "data subject"); an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identities of this natural person.
|
Data breach |
Breaches of security resulting in the accidental or unlawful destruction, loss, alteration or unauthorised provision or disclosure of transferred, stored or otherwise processed personal data.
|
Profiling |
Any form of automated processing of personal data involving their use in evaluating certain personal aspects relating to a natural person, in particular to analyse or assess aspects relating to their performance, economic situation, state of health, personal preferences, interests, reliability, behaviour, location or movement.
|
Cross-border processing |
- the processing of personal data in connection with the activities of establishments in more than one Member State of the administrator or processor in the EU where such administrator or processor is established in more than one Member State; or
- the processing of personal data which takes place in connection with the activities of a single office of the administrator or processor in the EU, but which will or is likely to substantially affect data subjects in more than one Member State
|
Recipient |
A natural or legal person, a public authority, an agency or other entity to whom personal data is provided, whether or not a third party. However, public authorities which can obtain personal data in a special inquiry in accordance with the law of a Member State are not considered to be recipients; the processing of such personal data by those public authorities must be in accordance with the applicable data protection rules for the purposes of processing.
|
Pseudonymisation |
The processing of personal data so that it can no longer be assigned to a specific data subject without the use of additional information if this additional information is kept separately and is subject to technical and organisational measures to ensure that no identified or identifiable natural person is assigned.
|
Relevant and justified objection |
An objection to a draft decision in order to assess whether the GDPR has been violated or whether the action envisaged is in line with the GDPR, which clearly demonstrates the significance of the risks arising from the draft decision as regards the fundamental rights and freedoms of the data subjects, or the free movement of personal data within the EU.
|
Consent of data subject |
Any free, specific, informed and unambiguous manifestation of will by which the data subject gives a declaration or other apparent confirmation of their consent to the processing of their personal data.
|
Administrator |
A natural or legal person, a public authority, an agency or any other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purpose and means of such processing are determined by the law of the EU or of a Member State, that authority may designate the person concerned or the specific criteria for determining it.
|
Third party |
A natural or legal person, a public authority, an agency or other entity that is not authorised to process personal data by a data subject, a controller, a processor, or a person directly subject to the controller or processor.
|
Health data |
Personal data relating to the physical or mental health of a natural person, including data on the provision of health services, which indicate their state of health.
|
Processing |
Any operation or set of operations of personal data or sets of personal data that is performed with or without the help of automated procedures, such as assembling, recording, arranging, structuring, storing, customising or altering, finding, viewing, using, accessing, transmitting, any other disclosure, sorting or combining, restriction, deletion or destruction.
|
Processor |
A natural or legal person, public authority, agency or other entity processing personal data for an administrator.
|