Controller: An organization which (alone or
jointly with others) determines the purposes and means of the
processing of Personal Data.
Data Transfer Agreement: An agreement containing standard data protection clauses
adopted by the European Union Commission as referred to in
Article 46(2)(c) of the GDPR.
Data Subject: The identified or identifiable
natural person to whom the Personal Data relates.
GDPR:
The European Union General Data Protection Regulation
(2016/679).
Legal Basis: Processing of
Personal Data is only lawful if and to the extent that at least
one legal basis specified in the GDPR applies. The available
legal bases which are applicable in the employment context are
summarized as
- consent of the Data Subject (e.g., pictures, image),
-
processing is necessary to enter into or perform a contract,
-
processing is necessary for compliance with a legal
obligation to which the Controller is subject,
-
processing is necessary in order to protect the vital
interests of the Data Subject or another natural person,
-
processing is necessary for the purposes of the legitimate
interests pursued by the Controller or by a third party,
except where such interests are overridden by the interests
or fundamental rights and freedoms of the Data Subject which
require protection of Personal Data (Legitimate Interests)
Personal Data: Any information relating to an
identified or identifiable natural person; an identifiable
natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as
name, an identification number, location data, an online
identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social
identity of that natural person.
Process/Processing:
Any operation or set of operations which is performed on
Personal Data or on sets of Personal Data, whether or not by
automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination, or
otherwise making available, alignment or combination,
restriction, erasure, or destruction.
Special Categories of Personal Data: Personal
Data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership,
and the processing of genetic data, biometric data for the
purpose of uniquely identifying a natural person, data
concerning health or data concerning a natural person's sex life
or sexual orientation.