Skip to main content

Glossary of Terms

Automated Decision-Making (ADM)

When a decision is made which is based solely on Automated processing (including profiling) which produces legal effects or significantly affects an individual. Data Protection Law prohibits Automated Decision-Making (unless certain conditions are met) but not Automated processing.

Automated Processing

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated processing.

Agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the processing of personal data relating to them.

Controller

The person or organisation that determines when, why and how to process personal data. It is responsible for establishing practices and policies in line with Data Protection Law. We are the Data Controller of all personal data relating to our Personnel and personal data used in our business for our own purposes.

Criminal Offence Data

Personal data relating to criminal offences and convictions, or related security measures.

Data Subject

A living, identified or identifiable individual about whom we hold personal data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their personal data.

Data Privacy Impact Assessment (DPIA)

Tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major systems or business change programs involving the processing of personal data.

Data Protection Officer (DPO)

Replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.

Related Policies and Guidelines

The Organisation’s policies, operating procedures or processes related to this policy and designed to protect personal data.

Special Category Data

Information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Staff

All employees, workers contractors, agency workers, consultants, directors, members and others.