Glossary
Controller: A Controller is an organisation who (alone or jointly with others) determines the purposes and means of the processing of personal data.
Data Transfer Agreement: An agreement containing standard data protection clauses adopted by the European Union Commission as referred to in Article 46(2)(c) of the GDPR.
Data Subject: The identified or identifiable natural person to whom the Personal Data relates.
GDPR: The European Union General Data Protection Regulation (2016/679).
Legal Basis: Processing of Personal Data is only lawful if and to the extent that at least one legal basis specified in the GDPR applies. The available legal bases which are applicable in the employment context are summarised as:
· consent of the data subject
· processing necessary to enter into or perform a contract
· necessary for compliance with a legal obligation
· processing necessary in order to protect the vital interests of the Data Subject or another natural person processing necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data (Legitimate Interests).
Personal Data: Any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Process/Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special Category Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.