Data protection - Meaning of terms
"Personal information" means any information relating to an identified or identifiable living person. An identifiable person is anyone who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier.
"Special or Sensitive Personal information" is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal information relating to criminal offences and convictions.
"Processing" means any activity that involves the use of personal information. It includes obtaining, recording or holding the information, or carrying out any operation or set of operations on the information including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal information to other Recipients.
"Data Subject" a living, identified or identifiable individual about whom we as the Controller hold personal information.
"Controller" means the person or organisation (in this case us) that determines when, why and how to process personal information.
"Privacy Notices" are notices setting out the information given to you at the time we collect information from you or within a reasonable time period after we obtain information about you from someone else. These notices may take the form of an overarching privacy statement (as available on our web site) or apply to a specific group of individuals (for example, service specific or employee privacy notices) or they may be stand-alone, one time privacy statements covering processing related to a specific purpose.
"Consent" must be freely given, specific, informed and unambiguous indication of an individuals' wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Explicit Consent" requires a very clear and specific statement, leaving no room for misinterpretation.
"Third Party" is a living individual other than the person who is the data subject
"Recipient" means a person or organisation who receives your personal information from us. This may be a company with whom we have entered into a contract to provide services on our behalf or another Controller with whom we are either required or permitted to share personal information.
"Latest due date" means 1 calendar month counted from the first working day after proof of ID and any requested information is received by us, except where this falls on a weekend or a bank holiday in which case the "latest due date" is treated as the first working day after the weekend or bank holiday. The same method is applied to calculating the "latest due date" for complex requests where an extension of time is permitted and claimed.
"Automated Processing" means any processing of personal information that is automated through the use of computers and computer software.
"Automated Decision-Making (ADM)" means a decision which is based solely on Automated Processing (including Profiling) which produces legal effects or significantly affects an individual. The GDPR generally prohibits Automated Decision-Making except in defined circumstances, subject to certain conditions and safeguards being met.
"Profiling" means the recording and analysis of a person's psychological and behavioural characteristics, so as to assess or predict their capabilities in a certain sphere or to assist in identifying categories of people.
"General Information Protection Regulation (GDPR)" means the General Information Protection Regulation ((EU) 2016/679).
"Data Protection Act 2018" means UK legislation that repeals the 1998 Act; implements discretions delegated to EU Member States under the GDPR; provides for the role, responsibilities and enforcement powers of the Information Commissioner and sets data protection standards for processing activities that do not fall within the purview of the GDPR.