In order to ensure the comprehensibility of this privacy statement, the terms used, which are based on the European General Data Protection Regulation (GDPR), are explained in advance:
In order to ensure comprehensibility of our Privacy Information, the terms that are based on the European General Data Protection Regulation are explained below:
a) “Personal data”
is any information that relates to an identified or identifiable natural person (subsequently referred to as “data subject”). A natural person is considered identifiable if they can be identified through personal data either directly or indirectly. This data can, for example, be information related to a natural person’s physical, physiological, genetic, psychological, business-related, cultural or social identity that can be assigned to an identifier, such as a name, an identification number, location data, online identification data or one or multiple particular attributes.
b) “Processing”
is any procedure performed with or without the help of automatic processes, or any series of procedures in relation to personal data. This includes, for example, collecting, registering, organising, arranging, storing, adjusting or amending, reading, retrieving, using, disclosure through transmission, distribution or any other form of provision, synchronisation or linking, restricting, deleting or destroying of personal data.
c) “Restriction of processing”
means that stored personal data is marked in order to restrict future processing.
d) “Profiling”
is any form of automated processing of personal data in which such personal data is used in order to assess certain personal aspects that relate to a natural person. These can be aspects regarding a natural person’s work performance, financial situation, health, personal preferences, interests, reliability, behaviour, whereabouts or changes thereof, which are analysed or predicted.
e) “Pseudonymisation”
is the processing of personal data in such a way that the data can no longer be assigned to a specific data subject without the help of additional information. For this purpose it is necessary that such additional information is stored separately and subject to technical and organisational measures that ensure that the personal data is not matched to an identified or identifiable natural person.
f) A “file system”
is any structured collection of personal data that can be accessed based on particular criteria. It is not relevant in this context, whether such a collection is arranged centrally, decentralised or based on functional or geographic aspects.
g) The “controller”
is the natural person or legal entity, authority, facility or other body that decides about the purposes and means of processing personal data, either solely or together with others. If the purposes and means of such processing are specified by EU law or the laws of the member states, the controller or the particular criteria based on which the controller is determined may be provided by EU law or the law of the member states.
h) A “processor”
is a natural person or legal entity, authority, facility or other body that processes personal data on behalf of the controller.
i) A “recipient”
is a natural person or legal entity, authority, facility or other body to whom personal data is disclosed, regardless of whether such recipient is a third party or not. However, authorities who may receive personal data in the context of a particular investigation order based on EU law or the law of the member states are not considered recipients. Processing of such data by the authorities indicated above takes place in line with the applicable data protection provisions and according to the purposes of processing.
j) A “third party”
is any natural person or legal entity, authority, facility or other body, other than the data subject, the controller, the processor and those individuals, who are authorised to process the personal data under direct responsibility of the controller or processor.
k) “Consent”
of the data subject is any declaration of intent for a particular case that is made voluntarily, unambiguously and in an informed manner in the form of a statement or another clear, affirming act, through which the data subject expresses their approval for processing of their personal data.