Definicije iz člena 4 Splošne uredbe Evropske unije o varstvu podatkov:

Osebni podatki: vse informacije o določeni ali določljivi fizični osebi (“oseba s podatki”), ki se lahko neposredno ali posredno identificira, zlasti glede na identifikator, kot so ime, identifikacijska številka, podatki o lokaciji, spletni identifikator ali na enega ali več dejavnikov, značilnih za fizično, fiziološko, gensko, duševno, gospodarsko, kulturno ali družbeno identiteto te fizične osebe.

Občutljivi osebni podatki: osebni podatki, ki so po svoji naravi posebej občutljivi glede na temeljne pravice in svoboščine, zaslužijo posebno varstvo, saj bi kontekst njihove obdelave lahko povzročil znatno tveganje za temeljne pravice in svoboščine. Ti osebni podatki vključujejo osebne podatke, ki razkrivajo rasno ali etnično poreklo, politična prepričanja, verska ali filozofska prepričanja ali članstvo sindikatov, genetske podatke, biometrične podatke z namenom enolične identifikacije fizične osebe, podatki o zdravju ali podatki o spolu fizične osebe življenje ali spolno usmerjenost.

Upravljalec podatkov (nadzornik ali kontrolor podatkov): fizična ali pravna oseba, javni organ, agencija ali kateri koli drug organ, ki sam ali skupaj z drugimi določa namene in sredstva za obdelavo osebnih podatkov.

Obdelovalec podatkov (procesor podatkov): fizična ali pravna oseba, javni organ, agencija ali kateri koli drug organ, ki obdeluje osebne podatke v imenu upravljalca podatkov.

Obdelava: Operacija ali niz operacij, ki se izvajajo na osebnih podatkih ali na skupinah osebnih podatkov, ne glede na to, ali z avtomatskimi sredstvi, kot so zbiranje, beleženje, organizacija, strukturiranje, shranjevanje, prilagajanje ali spreminjanje, iskanje, razkritje s prenosom, razširjanje ali dostopnost na drug način, usklajevanje ali kombiniranje, omejevanje, brisanje ali uničevanje podatkov.

Anonimizacija: nepopravljivo odkrivanje osebnih podatkov, tako, da oseb ni mogoče identificirati z uporabo razumnega časa, stroškov in tehnologije, bodisi s strani upravljalca ali katere koli druge osebe, da identificira to osebo. Načela obdelave osebnih podatkov se ne uporabljajo za anonimne podatke, saj niso več osebni podatki.

Psevdonimizacija: obdelava osebnih podatkov na tak način, da osebnih podatkov ni več mogoče pripisati določenemu posamezniku, na katerega se podatki nanašajo, brez uporabe dodatnih informacij, pod pogojem, da se take dodatne informacije vodijo ločeno in so predmet tehničnih in organizacijskih ukrepov, s katerimi se zagotovi, da se osebni podatki ne pripisujejo določeni ali določljivi fizični osebi. Psevdonimizacija zmanjšuje, vendar ne popolnoma odpravlja, možnost povezovanja osebnih podatkov s posameznikom, na katerega se podatki nanašajo. Ker so psevdonimizirani podatki še vedno osebni podatki, mora biti obdelava psevdonimiranih podatkov v skladu z načeli obdelave osebnih podatkov.

Čezmejna obdelava osebnih podatkov: Obdelava osebnih podatkov, ki potekajo v okviru dejavnosti ustanov v več kot eni državi članici upravljavca ali obdelovalca v Evropski uniji, kjer ima upravljavec ali obdelovalec sedež v več kot eni državi članici; ali obdelavo osebnih podatkov, ki poteka v okviru dejavnosti ene same ustanove upravljavca ali obdelovalca v Evropski Uniji, vendar bistveno prizadene ali bi lahko bistveno vplivala na posameznike, na katere se podatki nanašajo, v več kot eni državi članici.

Nadzorni organ: neodvisen javni organ, ki ga država članica ustanovi v skladu s členom 51 BDP EU;

Vodilni nadzorni organ: nadzorni organ, pristojen za obravnavanje dejavnosti čezmejne obdelave podatkov, na primer, ko posameznik, na katerega se podatki nanašajo, vloži pritožbo pri obdelavi njegovih osebnih podatkov; je med drugim odgovoren za prejemanje obvestil o kršitvi podatkov, ki jih je treba priglasiti v zvezi s tvegano predelovalno dejavnostjo, in bo imela polno pooblastilo v zvezi z njegovimi dolžnostmi za zagotavljanje skladnosti z določbami BDP EU;

Vsak “lokalni nadzorni organ” bo še vedno nadziral in spremljal vsako lokalno obdelavo podatkov, ki vpliva na posameznike, na katere se podatki nanašajo, ali ki jih izvaja upravljalec ali obdelovalec v EU ali izven EU, kadar je obdelava namenjena osebam s podatki, ki prebivajo na njenem ozemlju . Njihove naloge in pooblastila vključujejo izvajanje preiskav in uporabo upravnih ukrepov in glob, spodbujanje ozaveščenosti javnosti o tveganjih, pravilih, varnosti in pravicah v zvezi z obdelavo osebnih podatkov ter dostop do vseh prostorov upravljavca in obdelovalca , vključno z opremo in sredstvi za obdelavo podatkov.

“Glavna poslovna enota oz. sedež upravljavca”, s poslovnimi enotami ali podjetji v več kot eni državi članici, je kraj njegove osrednje uprave v EU, razen če se odločitve o namenih in sredstvih za obdelavo osebnih podatkov sprejmejo v drugi enoti upravljavca v EU in je slednja pooblaščena za izvajanje takih odločitev, pri čemer se ustanova, ki je sprejela take odločitve, šteje za glavno poslovno enoto;

” Glavna poslovna enota oz. sedež obdelovalca” s poslovnimi enotami ali podjetji v več kot eni državi članici EU, je kraj njegove osrednje uprave v EU ali, če predelovalec nima centralne uprave v EU, ustanovitev obdelovalca v EU, kjer glavne obdelovalne dejavnosti v okviru dejavnosti obratov obdelovalca potekajo v obsegu, za katerega veljajo posebne obveznosti v skladu s to uredbo;

PRIJAVA NA E-NOVICENE ŽELIM E-NOVIC Strinjam se s splošnimi pogoji in pogoji zasebnosti

The following definitions of terms used in this document are drawn from Article 4 of the European Union’s General Data Protection Regulation:

Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.

Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.

Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data.

Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles.

Cross-border processing of personal data: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State;

Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the EU GDPR;

Lead supervisory authority: The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the EU GDPR;

Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers includes conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means.

“Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;

“Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;

Group Undertaking: Any holding company together with its subsidiary.