| Ti | = | Article 4 - Definitions |
|
| 0.sec | = | For the purposes of this Regulation: |
|
| 1.sec | = | '{_personal_data}' means any information relating to an identified or identifiable {_natural_person} ('{_data_subject}'); an identifiable {_natural_person} is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that {_natural_person}; |
|
| 2.sec | = | '{_processing}' means any operation or set of operations which is performed on {_personal_data} or on sets of {_personal_data}, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; |
|
| 3.sec | = | '{_restriction_of_processing}' means the marking of stored {_personal_data} with the aim of limiting their {_processing} in the future; |
|
| 4.sec | = | '{_profiling}' means any form of automated {_processing} of {_personal_data} consisting of the use of {_personal_data} to evaluate certain personal aspects relating to a {_natural_person}, in particular to analyse or predict aspects concerning that {_natural_person}'s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; |
|
| 5.sec | = | '{_pseudonymisation}' means the {_processing} of {_personal_data} in such a manner that the {_personal_data} can no longer be attributed to a specific {_data_subject} without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the {_personal_data} are not attributed to an identified or identifiable {_natural_person}; |
|
| 6.sec | = | '{_filing_system}' means any structured set of {_personal_data} which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis; |
|
| 7.sec | = | '{_controller}' means the {_natural_or_legal_person}, {_public_authority}, agency or other body which, alone or jointly with others, determines the purposes and means of the {_processing} of {_personal_data}; where the purposes and means of such {_processing} are determined by Union or Member State law, the {_controller} or the specific criteria for its nomination may be provided for by Union or Member State law; |
|
| 8.sec | = | '{_processor}' means a {_natural_or_legal_person}, {_public_authority}, agency or other body which processes {_personal_data} on behalf of the {_controller}; |
|
| 9.sec | = | '{_recipient}' means a {_natural_or_legal_person}, {_public_authority}, agency or another body, to which the {_personal_data} are disclosed, whether a {_third_party} or not. However, public authorities which may receive {_personal_data} in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as {_recipients}; the {_processing} of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the {_processing}; |
|
| 10.sec | = | '{_third_party}' means a {_natural_or_legal_person}, {_public_authority}, agency or body other than the {_data_subject}, {_controller}, {_processor} and persons who, under the direct authority of the {_controller} or {_processor}, are authorised to process {_personal_data}; |
|
| 11.sec | = | '{_consent}' of the {_data_subject} means any freely given, specific, informed and unambiguous indication of the {_data_subject}'s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the {_processing} of {_personal_data} relating to him or her; |
|
| 12.sec | = | '{_personal_data_breach}' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, {_personal_data} transmitted, stored or otherwise processed; |
|
| 13.sec | = | '{_genetic_data}' means {_personal_data} relating to the inherited or acquired genetic characteristics of a {_natural_person} which give unique information about the physiology or the health of that {_natural_person} and which result, in particular, from an analysis of a biological sample from the {_natural_person} in question; |
|
| 14.sec | = | '{_biometric_data}' means {_personal_data} resulting from specific technical {_processing} relating to the physical, physiological or behavioural characteristics of a {_natural_person}, which allow or confirm the unique identification of that {_natural_person}, such as facial images or dactyloscopic data; |
|
| 15.sec | = | '{_data_concerning_health}' means {_personal_data} related to the physical or mental health of a {_natural_person}, including the provision of health care services, which reveal information about his or her health status; |
|
| 16.0.sec | = | '{_main_establishment}' means: |
|
| 16.1.sec | = | as regards a {_controller} with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the {_processing} of {_personal_data} are taken in another establishment of the {_controller} in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the {_main_establishment}; |
|
| 16.2.sec | = | as regards a {_processor} with establishments in more than one Member State, the place of its central administration in the Union, or, if the {_processor} has no central administration in the Union, the establishment of the {_processor} in the Union where the main {_processing} activities in the context of the activities of an establishment of the {_processor} take place to the extent that the {_processor} is subject to specific obligations under this Regulation; |
|
| 16. | = | [G/Z/ol-a/s2] |
|
| 17.sec | = | '{_representative}' means a {_natural_or_legal_person} established in the Union who, designated by the {_controller} or {_processor} in writing pursuant to Article 27, represents the {_controller} or {_processor} with regard to their respective obligations under this Regulation; |
|
| 18.sec | = | '{_enterprise}' means a {_natural_or_legal_person} engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity; |
|
| 19.sec | = | '{_group_of_undertakings}' means a controlling undertaking and its controlled undertakings; |
|
| 20.sec | = | '{_binding_corporate_rules}' means {_personal_data} protection policies which are adhered to by a {_controller} or {_processor} established on the territory of a Member State for transfers or a set of transfers of {_personal_data} to a {_controller} or {_processor} in one or more third countries within a {_group_of_undertakings}, or group of {_enterprise}s engaged in a joint economic activity; |
|
| 21.sec | = | '{_supervisory_authority}' means an independent {_public_authority} which is established by a Member State pursuant to Article 51; |
|
| 22.0.sec | = | '{_supervisory_authority_concerned}' means a {_supervisory_authority} which is concerned by the {_processing} of {_personal_data} because: |
|
| 22.1.sec | = | the {_controller} or {_processor} is established on the territory of the Member State of that {_supervisory_authority}; |
|
| 22.2.sec | = | {_data_subjects} residing in the Member State of that {_supervisory_authority} are substantially affected or likely to be substantially affected by the {_processing}; or |
|
| 22.3.sec | = | a complaint has been lodged with that {_supervisory_authority}; |
|
| 22. | = | [G/Z/ol-a/s3] |
|
| 23.0.sec | = | '{_cross-border_processing}' means either: |
|
| 23.1.sec | = | {_processing} of {_personal_data} which takes place in the context of the activities of establishments in more than one Member State of a {_controller} or {_processor} in the Union where the {_controller} or {_processor} is established in more than one Member State; or |
|
| 23.2.sec | = | {_processing} of {_personal_data} which takes place in the context of the activities of a single establishment of a {_controller} or {_processor} in the Union but which substantially affects or is likely to substantially affect {_data_subjects} in more than one Member State. |
|
| 23. | = | [G/Z/ol-a/s2] |
|
| 24.sec | = | '{_relevant_and_reasoned_objection}' means an objection as to whether there is an infringement of this Regulation or not, or whether the envisaged action in relation to the {_controller} or {_processor} complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of {_data_subjects} and, where applicable, the free flow of {_personal_data} within the Union; |
|
| 25.sec | = | '{_information_society_service}' means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council; |
|
| 26.sec | = | '{_international_organisation}' means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries. |
|
| = | [G/Z/ol/s26] |
|
/Docs/G/EU-GDPR-Law-CmA/Sec/Article/4.md