Processing of personal data
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on data protection)
Basic concepts:
"REGULATION (EC) 2016/679" - General Data Protection Regulation 2016/679 of 27 April 2016 replaces Data Protection Directive 95/46. It has direct effect and implies a change in the legislation of the member states in the field of personal data protection. Its purpose is to protect the "rights and freedoms" of individuals and to ensure that personal data are not processed without their knowledge and, where possible, processed with their consent.
"Personal data" means any information relating to an identifiable natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual;
"Special categories of personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions and the processing of genetic data, biometrics for unique identifying an individual, data concerning health or data on the sexual life of an individual or sexual orientation.
"Processing" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission , spreading or otherwise making available data, sorting or combining, limiting, deleting or destroying;
"Administrator" means any natural or legal person, public body, agency or other body which, either alone or jointly with others, defines the purposes and means of processing personal data, where the purposes and means of such processing are determined by EU law or the Member State, the administrator or the specific criteria for determining it may be laid down in Union law or in the law of a Member State;
"Data subject" means any natural person who is the subject of personal data stored by the Administrator.
"Consent of the data subject" means any free expression, specific, informed and unambiguous indication of the will of the data subject by means of a statement or a clear confirmatory action expressing the consent of the data subject to be processed;
"Child" - The regulation defines a child as anyone below the age of 16, although this can be reduced to 13 from the Member State's law. The processing of personal data of a child is legal only if the parent or trustee has given its consent. The Administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or has been authorized to give his consent.
"Profiling" means any form of automated processing of personal data involving the use of personal data for the assessment of certain personal aspects relating to an individual and in particular for the analysis or forecasting of aspects relating to the performance of professional duties that physical person, his or her economic condition, health, personal preferences, interests, reliability, behavior, location or movement;
"Personal data breach" means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;
"Main place of establishment" - the EU administrator's headquarters will be the place where he takes the basic decisions about the purpose and means of his data processing activities. For personal data processors, its main place of establishment in the EU will be its administrative center.
If the controller is based outside the EU, he must appoint a representative in the jurisdiction where the administrator works to act on behalf of the controller and deal with supervisors.
"Recipient" means a natural or legal person, a public authority, an agency or other body to which personal data is disclosed, whether a third party or not.