This Privacy Policy describes how Vitaliv AS, Norway processes Personal Data pertaining to natural persons that interact with it as website visitors or Prospect Customers/ Customers (meaning how such Personal Data is: Collected; Stored; Accessed; Processed and Shared) both online and by other means, such as by phone while Customers order Vitaliv products; as well as which are the Lawful Bases towards such Processing activities.
The primary goal of Processing Personal Data is to convey Vitaliv’s products portfolio and Services (in the area of food supplements) while supporting the Prospect Customer/ Customer during the purchasing process, which takes place either via email messages, a phone call or enabling the Data Subject (Customer) access to Vitaliv’s website/ online store.
All partner entities with which Vitaliv may have to share some of Personal Data to enable its Service towards its Prospect Customer/ Customers (for such entities deliver a part of that Service) have a Data Processing Agreement in place that also comprehends Standard Contractual Clauses as required under the EU General Data Protection Regulation (EU) 2016/679 (the “GDPR”) pertaining to those which Personal Data Processing activities do not take place in the EU.
Personal Data is exclusively Processed under the scope and purpose of agreed Services between Vitaliv and the Data Subject (natural person to whom such Data pertains to), while the Data Subject maintains full control over it as defined under the GDPR as Data Subject's Rights.
Any questions may be posted via the e-mail privacy@vitaliv.no
II. Who is the Data Controller of your data?
III. How do we collect your data?
V. For what purposes do we process your data?
VI. What legal basis do we employ to process your data?
VII. What third parties can receive my data?
VIII. International Data Transfers and Safeguards Employed
Vitaliv reserves the right to modify this Privacy Policy at all times by posting an updated version on its websites.
As a retailer of food supplements, Vitaliv Processes Personal Data pertaining to those Data Subjects who have freely submitted it with a view (potential intention) to purchase our products (“Prospect Customers”); as those who have already purchased our products (“Customers”) plus staff members who (as Data Subject's) are also entitled to their Privacy Rights.
Upon reaching one of Vitaliv’s “web landing pages”, “Prospect Customers” will be invited to input some information (including Personal Data) that serves the purpose of identifying best-fit products/ services towards their specific needs. While doing so, those Data Subjects are hereby informed by this Privacy Policy that by freely inputting any information they are consenting to the herein described Processing activities.
At this stage where visitors are “Prospect Customers” and prior to having them inputting any Data on Vitaliv’ online forms, the univocal identification of the individual inputting the Data as the Data Subject has not occurred, merely an unidentified source is inputting the Data (for it can be anyone).
The univocal identification of the individual as the Data Subject him/ herself occurs after the individual becomes a Customer and requires making available a two factor authentication process by which Vitaliv submits information/ validation over two separate communications channels that address the same natural person and upon collecting matching feedback from both it is able to document up to its capabilities that the person interacting with Vitaliv is the Data Subject.
Vitaliv does this via a Call Center call with confirmation through email or SMS; sending out an SMS that is confirmed by email; when the Customer buys something through the payment action or when the Customer Logs in to Vitaliv’s tools (username and password).
”Customers” Personal Data is processed within a more extensive range for these have already been interacting with the company, however when becoming a Customer the Data Subject is asked for his/ her explicit Consent towards the Personal Data Processing scope and purpose.
Vitaliv also collects information about its websites' visitors via cookies and similar technologies, regardless of those being “Customers”, “Prospect Customers” or just plain visitors; yet those "users" are informed about the purpose of such Cookies via the Cookies Policy and are allowed to manage those (disabling any Cookies that they may consider to be "inappropriate" for their navigation purposes).
Vitaliv does not cross-reference data/ information gathered through cookies and similar technologies with existing Personal Data pertaining to “Prospect Customers”, except for the IP address in use and for the limited purpose as set out in this Policy (ahead); with regards to “Customers” Vitaliv tacks their visits to its website in order to assess points of interest and therefore better focus its support towards them.
Furthermore, the information gathered via Cookies, is limited in scope and it is hosted/ Processed in separate (segregated) from the Personal Data pertaining to Data Subjects, hence not enabling the univocal identification of a given natural person on its own, meaning not consisting of Personal Data.
Any user that is identified as being under 18 years of age (therefore not bearing full legal capacity as an adult) is not allowed to use our websites, and if any Person Data has been gathered pertaining to such an individual, it shall be immediately erased from all repositories with except of a black-list that will prevent further collection/ Processing of such Data.
In the case of Norway, Vitaliv gets the basic Personal Data that allows reaching out to prospective Customers from BISNODE.com, specifically name, email and phone number (those natural persons whom have not registered towards not being target of sales and marketing towards local official sites); and proceeds with a 1st contact to assess if those natural persons are interested or not in joining Vitaliv experience.
Vitaliv AS, a Norwegian limited company located at Kallerudlia, 3, Gjovik, Norway, 2816, (“Vitaliv”) is the entity that acts as the Data Controller for the purpose of this Privacy Policy and all data processing practices herein contemplated. All questions or requests regarding the processing of the personal data under our control or processing may be addressed to privacy@vitaliv.no
Vitaliv collects or obtains Personal Data from the following sources (under the following Lawful Bases):
Vitaliv does not seek Personal Data from third parties (e.g. data brokers), nor does it actively search on-line or otherwise for any publicly available Personal Data (except to verify the data that has been provided by the Data Subjects themselves).
As herein mentioned, all Personal Data that is Processed by Vitaliv has originated from the Data Subjects themselves, while subject to notices and consents, or obtained in the ordinary course of its Service activities.
In the eventuality that Vitaliv becomes in contact with Personal Data via a 3rd party source, which is deemed “relevant” under the scope and purpose of rendered and agreed on services with a given Data Subject, Vitaliv will observe by the GDPR Article 14, meaning immediately informing the Data Subject about what Personal Data has been gathered from which “source” and the inherent purpose; in case the Data Subject does not consent to it or provide any feedback within 1 month, such Personal Data will be erased from all of Vitaliv’ repositories.
When a Data Subject visits Vitaliv’ websites, session cookie files are either placed on his/ her browser device, or the website reads such already existing files.
Vitaliv exclusively uses those cookies that record information about the “IT architecture and Landscape” of the device being used by the visitor (e.g. browser; browsing preferences; other…) however, without identifying that visitor personally (as a Data Subject).
This information, except for IP addresses, is never combined with the data pertaining to either “Prospect Customers”, thus not leading to the identification and habits “profiling” of any specific Data Subject. As previously mentioned and with regards to “Customers”, this Data will support Customer care and Customer focused support services.
IP addresses are exclusively cross-referenced with other data for the purpose of safekeeping the company from fraud attempts plus with regards to “Customers” documenting operations by (1) verifying the identity of a person signing in, and (2) making records of your consent and other legally binding actions (Legitimate Interest).
The IP address is also used (while segregated) for the purposes of web analytics (via Google Analytics).
For detailed information about cookies in use and similar employed technologies please refer to the Cookies Policy.
Vitaliv may reach out to “Prospect Customers” via its call centers under a “cold calling” perspective however observing by GDPR Article 14 ruling; and that means not to act as “cold calling standard” in the sense that the Data Subject is presented with a Sales/ Marketing pitch, yet (and as GDPR allows it for the Controller to gather Personal Data from a source other than the Data Subject), to convey the “scope” and “purpose” of Vitaliv’ activity and inquire about the potential interest from the Data Subject's side. If the answer is “NO” (as per ruled under GDPR) all Personal Data is erased and the contact “black listed” (so it won’t be contacted again), if the DAta Subject on the other hand demonstrates wanting to know more, then Vitaliv will present its Services Portfolio.
Vitaliv may reach out to “Customers” via a phone call aimed at conveying/ selling new Products or Services for that is part of the Service Terms, hence under Data Subjects’ Consent.
On a “lighter” note, a phone call may be issued towards “Prospect Customers” or “Customers” to: (1) gather additional information about those Data Subjects that is relevant towards the Service or (2) confirm an order posted by the Data Subject over Vitaliv’ website.
During such calls the Data Subjects may be informed that the call is being recorded and requested to orally confirm their agreement with the “order terms” (e.g. not exclusively but, this is required under the Norwegian Legislation) or any agreement set forth over that call.
Vitaliv processes the following types of personal data:
Vitaliv does not seek to collect or otherwise Process Sensitive Personal Data as set out in the GDPR Article 9. That means that Vitaliv does not specifically Process Data pertaining to health status in general or physical and mental health conditions that may afflict those Data Subject about whom it Processes Personal Data.
Nevertheless, Vitaliv is fully aware and wishes to make it crystal that some of the Personal Data identifiers gathered and Processed under its Services (e.g. weight; age; gender; sleeping problems; other…), may lead any 3rd party that potentially could have access to those to infer upon potential health status or medical conditions that may affect those Data Subjects who bear them.
Vitaliv exclusively Processes such Personal Data in order to provide its “Prospect Customers” and “Customers” with assertive support towards finding a product (that is legally certified as a food supplement in accordance with the EU Directive 2002/46/ EC) which may prove to be beneficial for the Data Subject.
Further note (as a disclaimer) that Vitaliv products, although may be beneficial to human health, do not fall into the category of “medicinal products” within the meaning of Council Directives 65/65/EC and 92/73/EC while instead fitting the definition of “food supplements” as set out in Article 2 (a) of the Directive 2002/46/EC.
Financial information may also configure Sensitive Personal Data (depending in concrete on which data), to mitigate in advance the inherent risk towards the Data Subject, Vitaliv does not collect nor process Personal Data such as payment cards or bank accounts, resorting instead to the services of third-party providers, such as acquirers and payment services, that effectuate your payments.
The purposes for which Vitaliv may process Personal Data include:
Vitaliv accounts receivable, i.e. a debt that the Data Subject may owe towards Vitaliv for purchasing its products, is "sold" under factoring services scope to the partner company Riverty Financial Solutions (RFS). RFS is a licensed financial company operating its offices throughout Europe and providing factoring services to us. Full information about Riverty may be found via the link: www.riverty.com.
Factoring helps Vitaliv pricing become both affordable for its Customers as well as competitive in the marketplace by enabling revenue cash advance (cash flow) while allowing our “Customers” the chance to pay for our products later.
On the other hand, selling accounts receivable to RFS leads to the fact that (potentially) the debt that the Data Subject holds towards Vitaliv is transported towards RFS, hence making them the "creditor" and Controller towards such pecuniary debt context.
Nevertheless, the shared Personal Data is limited to name, address, the amount in debt and to what it pertains to.
This entire process, however, is fully "innocuous " for the Data Subject in the sense that it both neither beats an additional "burden" / difficulty while interacting with Vitaliv nor does it diminish in any way the Data Subject's rights under the GDPR.
Although there is Automated Processing, namely with regards to "Profiling" activities via Vitaliv internal algorithms, there is no Automated Decision Making in place over Vitaliv platforms/ Services.
As stated above, Vitaliv does not process Personal Data that concerns to human health, yet it enables help towards the Data Subject and based on his/ her feedback with finding a product (among those merchandised by Vitaliv) that may prove to be relevant towards the Data Subject as a Food Supplement.
Such activity comprehends activities such as sending a tailored newsletter towards the Data Subject according to his/ her interest in Vitaliv products. As a tool that enables such focused personalized assistance, Vitaliv may resort to the Quiz feedback, which may include questions about the Data Subject’s bodily conditions and habits, e.g.: “Do you sleep well each night?”.
Vitaliv takes every reasonable step to ensure that Personal Data under its Processing activities is absolutely limited to the amount and type that is necessary to deliver Service towards our "Customers" as it has been agreed by them, not maintained over redundant repositories nor for any longer than required under the scope of agreed services.
In processing your Personal Data in connection with the purposes set out in this Privacy Policy, Vitaliv may rely on one or more of the following legal bases, depending on the specific context:
(1) The processing is necessary for connection with an existing contract of sale of Vitaliv product and /or Services that the Data Subject has entered into with Vitaliv; or to take necessary steps at the request of the Data Subject prior to entering into such a contract (e.g., when the Data Subject has provided Vitaliv with his/her data on Vitaliv website request form so it can contact the Data Subject by phone or e-mail to conclude the sale).
(2) Vitaliv has obtained the Data Subject's prior consent to the processing. Vitaliv seeks the Data Subject's consent for, among other topics, sending newsletters and other direct marketing messages to “Prospect Customers”.
Please, note that whenever a Data Subject provides Vitaliv his/her consent towards the Processing activities at hand, he/she is entitled by law and may at any point in time withdraw such consent free of charge.
There are however circumstances where Vitaliv may refuse to comply with such a request, namely where Contractual obligations have not been met by the Data Subject and withdrawing Consent implies the inability for Vitaliv to have documented proof of such status.
In some other cases/ circumstances, withdrawing Consent may imply that Vitaliv is no longer capable of delivering the agreed Services, in which case the Data Subject shall be informed in detail and asked to confirm his/her decision.
Where the Data Subject does so wish, yet is not able to find a direct way to withdraw his/her Consent towards Vitaliv; he/she may via the website or through the newsletter e-mails submit such withdrawal request to privacy@vitaliv.no
(3) Under some circumstances, Vitaliv has a legitimate interest in carrying out the processing of Personal Data. This may be the ground where: (i) providing or improving its services, such as developing the CRM software; (ii) fulfilling regulatory and compliance obligations; (iii) contacting the Data Subject, subject always in compliance with applicable law; (iv) detecting, and protecting against, breaches of its policies, contracts, and applicable legislation; or (v) establishing, exercising or defending its legal rights; (vi) where the Data Subject has previously freely submitted his/ her Personal Data towards Vitaliv. Vitaliv acts in plain conscience that it may only rely on such Lawful Base for Processing Personal Data where and to the extent that such Legitimate Interest is not overridden by the fundamental rights and freedoms of those Data Subjects to whom the Personal Data pertains to.
(4) The processing is necessary for compliance with a legal obligation. This is the case where (as an example) Vitaliv needs to process payroll or tax data pertaining to its staff. Likewise and as another example both towards "Prospect Customers" as "Customers" where Vitaliv is required by law to produce towards a law-enforcement agency any of the Personal Data in its possession.
As with regards to the overwhelming majority of organizations in our days, the Services delivered by Vitaliv comprehend some components that are executed by some partners, which in some cases imply the access and processing of Personal Data.
Vitaliv may, therefore, share some Personal Data with such other companies that act as Processors or Controllers in complement towards Vitaliv direct service components.
Wherever possible, Personal Data is transferred in a way that does not constitute Personal Data in the sense that (on its own) it does not allow those recipients to univocally identify the natural person to whom it pertains to.
However, it is not possible for Vitaliv to be aware of the existence of any repositories at those partners' sides that may contain data/ information which when cross-referenced with what is submitted by Vitaliv allows such identification.
The categories of these 3rd party recipients of Person Data include: web hosting and web hosting backup (e.g., Amazon services), marketing (e.g., Ontraport.com), financial services (e.g., Riverty Financial Services), customer support (e.g., Teamwork.com), remote customer support (e.g., Maskineriet AS), telemarketing (e.g., Telemagic system), electronic payment (e.g. Ecompay), postal services employed to send you ordered products, lawyers, auditors, tax and other professional consultants.
Where a third party (Processor or Controller) is engaged by Vitaliv, those companies shall be subject to binding contractual obligations as prescribed under Art. 28 GDPR, via a Data Processing Agreement.
Among others, the Processor/ Controller will have to/ commit to (i) process Personal Data provided by Vitaliv exclusively as per provided documented instructions; and (ii) implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks pertinent to such processing.
Vitaliv has in place a schedule of regular audits towards those Processors, hence monitoring (up to its capability) the adherence of its partners towards these and other obligations pertaining to Personal Data Protection assurance and GDPR Compliance.
Our websites use Google Analytics, a web analytics service provided by Google, Inc., USA. Google Analytics employs cookies which are used to generate information about your use of our websites (including your IP address). This information is then transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our websites, compiling reports on website activity and providing other services relating to website activity and Internet usage. Google will not associate your IP address with any other data held by Google. For more information about Google’s privacy policies, please, visit http://www.google.com/analytics/
We utilize a range of globally recognized online services, including SaaS and cloud solutions, which may process your data in some form, such as Dropbox, Amazon, Google Suite, Microsoft Office, and others. Most such providers have their storage and processing facilities in Europe so that your data do not leave the EU. Where they do not have such facilities or let data leave the EU, they are under obligation to comply with the GDPR. For information about compliance with applicable data protection laws, you can find on the website of the OSPs and software providers.
Some of Vitaliv’ partners (Processors or Controllers) are established on 3rd countries (meaning not the EU Member States nor within the European Economic Area), therefore not enjoying an adequacy qualification by the European Commission pursuant to GDPR Article 45 ruling, such as Belize, Bosnia and Herzegovina, and Russia.
To make such transfers fully compliant with the GDPR, the Data Processing Agreements with those partners include the EU Standard Contractual Clauses in accordance with Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
Direct marketing is a Service that Vitaliv renders to the Data Subjects about whom it Processes Personal Data and one of added value in the sense that allows “Prospect Customers” and Customers to become aware of VîtaLiv’ portfolio items that may represent effective leverage towards them.
Notwithstanding that fact, Vitaliv’ Direct Marketing approach depends upon the established relationship with the Data Subject:
Vitaliv attempts at minimizing the chance of its messages constituting “spam” (meaning uninteresting information under the perspective of the Data Subject), hence tailoring them, as much as possible towards the interest points of each Data Subject. For this purpose, Vitaliv collects from the Data Subjects some specific data (e.g. age; gender; Quiz answers) as well as purchasing history. This is “profiling” in the sense that an assessment is done to ensure the Data Subject does not get irrelevant Marketing information, hence in the interest of the Data Subject him/ herself, however, if the Data Subject does not wish the newsletters be tailored they can convey that request by e-mail to privacy@vitaliv.no.
Whether a “Prospect Customer” or “Customer”, the Data Subject may simply choose to opt-out from the newsletters service altogether and stop receiving them, by submitting such request via the e-mail privacy@vitaliv.no.
Vitaliv will maintain Personal Data pertaining to its “Prospect Customers” and “Customers” for the duration of the Services, where warranty applies or contractual terms need to be observed, under Legitimate Interest if undergoing a dispute on a court of Law with the Data Subject or where Legal requirements apply (e.g. invoices must be maintained by Law for 7 years after document date).
Customer Data. Vitaliv may retain Personal Data of Customers for the longest of the following terms: (i) three years in order to be able to respond to any questions or complaints which may be addressed to Vitaliv; (ii) for the term necessary to comply with all applicable laws; and (iii) for the duration of any period necessary to establish, exercise or defend any legal rights.
Under the GDPR, the Data Subject has the following set of established rights:
Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information. Vitaliv will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject in order to ensure authorized secure access. Customers may exercise this right by reviewing information on Vitaliv’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Vitaliv Customers.
Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject. Customers may directly amend existing information on Vitaliv’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Vitaliv Customers.
Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by Vitaliv erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents Vitaliv from observing such right, in which case the Data Subject shall be duly informed. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Lawful Base of Legitimate Interest by the side of Vitaliv. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. Vitaliv will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject in order to ensure authorized secure access. Customers may directly amend existing information on Vitaliv’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Vitaliv Customers.
Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.
Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding Vitaliv’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. Vitaliv is however also available to provide any clarification towards those Data Subjects who may feel that it's Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.
Under the scope of Personal Data Protection, the Data Subjects may address Vitaliv via:
The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence Vitaliv may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.
Links to 3rd Party Sites. Our Websites includes links to other websites whose privacy practices may differ from those of Vitaliv. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
Our Contacts. You may contact us for any reason in connection with this Privacy Policy at Kallerudlia, 3, Gjovik, Norway, 2816 or at privacy@vitaliv.no.
“Agreed Services” or “Services” means those Services being rendered by the Controller towards the Data Subject towards which he/ she has agreed with and/ or comprehending Processing legitimacy that derives from an existing and documented Lawful Base.
“Controller” means the “Party” which determines the “scope”, “purpose” and form of Personal Data Processing activities.
“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.
“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while replacing the Directive 95/46/EC and having become enforceable on May 25th, 2018.
“IT Landscape” means the set of IT assets and services of and at the disposal of either the Data Subject, Vitaliv or its Partners that enables their Personal Data Processing to occur, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.
“Lawful Bases” means the enlisted lawful grounds that a Controller has to entice Personal Data Processing activities under “GDPR”, namely (but not limited to) having documented: the Data Subject’ Explicit Consent towards those Personal Data Processing activities; the Controller’ Legitimate Interest in proceeding with those activities; accessory legal obligations that the Controller must observe and which entitled it to proceed with such activities within the limits of GDPR ruling and inherent obligations.
“Partner” means any 3rd party entity towards which the Controller may resort in order to ensure Personal Data Processing activities under an established Lawful Base (as defined under the “GDPR”) and within the scope of agreed Services with the Data Subject.
“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify a specific natural person, the “Data Subject”.
“Personal Data Processing” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as: collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).
“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.
“Processor” means the entity which proceeds with authorized Personal Data Processing activities on behalf of the “Controller”.