The applicable data protection legislation uses specific language and refers to an abstract matter. Below you will find several definitions in order to enable you to better understand the terminology, and by extension, this policy.
a. Data protection legislation
Various legislation can apply, depending on the concrete application in which personal data are processed.
The basic principles and obligations are indicated in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This regulation is also known as the General Data Protection Regulation (GDPR). Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector is applicable in specific cases (e.g. processing of location data; use of cookies).
As well as the European regulations, specific national data protection legislation also applies, such as the Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and the Law of 13 June 2005 on electronic communications.
b. Personal data
Personal data concern all information about an identified or identifiable natural person, also known as the data subject. A person is considered as identifiable when a natural person can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements that are characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
c. Controller
The controller is a natural person or legal person (for example a company), a public authority, agency or other body which, alone or jointly with others, determines the purposes and means for the processing of personal data.
For example, LVD Company nv is a legal person which is the controller that processes the personal data of its employees in the context of its personnel management.
d. Processor
The processor is a natural person or legal person, a public authority, agency or other body that processes personal data on behalf of and only on instructions from the controller.
e. Processing personal data
Processing personal data means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means (e.g. software), such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
An example of processing personal data is when the organisation collects and saves the contact details of its clients’ contact persons in the organisation’s Client Relationship Management software system or in a paper filing system.
f. Filing system
A filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
This implies both electronic structured filing systems by means of the use of software or cloud applications, and paper files and filing systems, provided that these filing systems are organised and structured in a logical way by connecting them to individuals or which are connected to individuals on the basis of criteria.