Data Protection Policy of RIKUTEC Richter Kunststofftechnik GmbH & Co.KG
Trust is the key to all communication and cooperation. That is why the responsible handling of your data is of great importance to RIKUTEC Richter Kunststofftechnik GmbH & Co.KG (hereinafter referred to as ‘RIKUTEC’).
Thank you for your interest in our company. Data protection is particularly important to the management of RIKUTEC. You can generally use the RIKUTEC website without specifying any personal data. If you wish to use particular services of our company through our website, it may be necessary to process personal data for this purpose. Where it is necessary to process personal data and if there is no legal basis for this processing, we generally obtain consent from you as the data subject.
Personal data, e.g. name, postal address, email address or phone number of a data subject, shall be processed at all times in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations that apply for RIKUTEC. With this Data Protection Policy, our company would like to inform the general public of the type, scope and purpose of the personal data collected, used and processed by us. In addition, this Data Protection Policy serves to inform data subjects of their rights.
RIKUTEC, as the data controller, has implemented numerous technical and organisational measures to ensure that the personal data processed on this website is protected as consistently as possible. Nevertheless, there are inherent security risks in transmitting data through the Internet, which makes it impossible to completely safeguard the data. For this reason, you are at liberty to transmit personal data to us through alternative channels, e.g. by phone. If any of the terms used in the following information require explanation or seem vague, we have attached a glossary as a reference (Appendix 1).
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations of the Member States and other regulations relating to data protection is:
RIKUTEC Richter Kunststofftechnik GmbH & Co.KG
Phone +49 2681 95 46-0
Fax +49 2681 95 46-33
(hereinafter referred to as ‘RIKUTEC’).
II. General information on data processing
You can generally visit our homepage and use our range of online services without providing personal data. Personal data refers to particulars about the personal and factual circumstances of an identified or identifiable person (Section 3 (1) BDSG [German Federal Data Protection Act]), i.e. data that would allow conclusions to be drawn about a certain individual. This data shall only be collected or stored by us if you disclose the data to us voluntarily, e.g. by contacting us.
In this respect, we apply the principles of data economy and data reduction: If, for example, you use our contact form to contact us, you thereby consent to the temporary processing, storage and use of the data provided by you to enable us to contact you. This data shall be erased by us without undue delay once the matter has been resolved and/or your question answered, unless a business deal ensues from this or you explicitly consent to further processing.
We naturally ensure that any use of your data is in strict compliance with data protection regulations, in particular the German Federal Data Privacy Act and the German Telemedia Act.
1. Scope of the processing of personal data
We collect and use the personal data of our users strictly to the extent necessary to provide a fully functioning website and our content and services. We collect and use the personal data of our users strictly with the user’s consent pursuant to Art. 6 (1) a) GDPR. An exception to this rule applies in those cases where it is not possible to obtain prior consent for practical reasons and where statutory regulations permit the data to be processed, e.g. to perform a contract to which the data subject is party pursuant to Art. 6 (1) b) GDPR or where processing is necessary to safeguard the legitimate interests of our company or a third party, and where such interests are not outweighed by the interests or fundamental rights and freedoms of the data subject pursuant to Art. 6 (1) f) GDPR. For purposes of clarification, the statutory privileges pursuant to Art. 6 (1) b) GDPR shall also apply for processing that is necessary for implementing measures prior to entering into a contract.
2. Data erasure and data storage period
Your personal data shall be erased or blocked where there is no longer any reason to store such. Data may be stored beyond this period where stipulated by the European or national legislative authorities in Union regulations, laws or other provisions to which RIKUTEC is subject. Data shall also be blocked or erased where a storage period dictated by the aforementioned standards expires, unless it is necessary to continue to store the data for the purpose of concluding or performing a contract.
III. Providing the website and creating log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer. The following data is collected and processed on the basis of Art. 6 (1) f) GDPR:
(1) Browser types and versions used
(2) The operating system used by the accessing system
(3) The website from which an accessing system was referred to our website (so-called referrer)
(4) The sub-pages of our website that are accessed by an accessing system
(5) The date and time of access to the website
(6) An Internet protocol address (IP address)
(7) The Internet service provider of the accessing system
(8) Other similar data and information that can be used for the prevention of hazards in the event that our IT systems are attacked.
This data is also stored in our system’s log files. This does not include the user’s IP addresses or other data that enables said data to be associated with a specific user. This data shall not be stored together with other personal data of the user.
This information is needed to
(1) correctly display the contents of our website,
(2) optimise the content of our website and advertising for it,
(3) ensure the functional reliability of our IT systems and our website technology,
(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
2. Explicit purpose of data processing
The aforementioned anonymised data and data types are stored in log files to ensure that the website functions properly. The data also enables us to optimise the website and to ensure the safety of our IT systems. In this context, the data is not evaluated for marketing purposes.
3. Storage period
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. Where data is stored in log files, this shall be the case after seven days at the latest. It is possible for data to be stored beyond these periods. In this case, the IP addresses of the users shall be deleted or irreparably distorted so that a client visiting the website can no longer be identified.
4. Objection and deletion options
The collection of data to enable provision of the website and the storage of data in log files is essential for the website to function properly. Consequently, there is no option available for the user to object.
1. Description and scope of data processing
For this purpose, the following data is stored in the cookies and transmitted:
(1) Language settings
(2) Items in a shopping basket
(3) Log-in information
Art. 6 (1) f) GDPR provides the legal basis for processing the personal data with the use of technically essential cookies.
The cookies enable the following data to be transmitted:
(1) Search terms entered
(2) Frequency of website visits
(3) Use of website functions
In this context, we also offer detailed information on how to prevent the storage of cookies by adjusting your browser settings accordingly. You can prevent cookies from being installed by our website by adjusting the browser settings accordingly at any time; this disables the instalment of cookies on a permanent basis.
2. Purpose of data processing
The user data collected by technically essential cookies shall not be used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies show us how the website is used, enabling us to continue to optimise the content.
These purposes and the purposes of performing our business activities for the well-being of all our employees and shareholders also constitute our legitimate interests in data processing pursuant to Art. 6 (1) f) GDPR.
3. Storage period, objection and deletion options
You will have to change the settings of your Flash Player to prevent the instalment of so-called flash cookies as this cannot be done in your browser settings.
V. Contact form and email contact
1. Description and scope of data processing
A contact form, which can be used to contact us electronically, is available on our website. If the user makes use of this option, the data entered on the input screen is transmitted to us and stored by us. This data includes:
(1) First and last name (optional)
(2) Company name (optional)
(3) Email address
(4) Your message to us
At the time the message is sent, the following data is also stored:
(1) The IP address of the user
(2) The date and time of the interaction
Before the contact form is actually transmitted, we shall obtain your consent for the processing of the data and refer you to this Data Protection Policy.
Alternatively, you may contact us using the email address provided, or by phone or fax. In such cases, the user’s personal data transmitted in the email is processed electronically.
The data shall not be forwarded to third parties in this context. The data shall be used solely for processing the conversation and not for advertising or other informational purposes.
2. Legal basis for data processing
The legal basis for the processing of data, where consent has been given by the user to do so, is Art. 6 (1) a) GDPR.
Art. 6 (1) f) GDPR provides the legal basis for processing the personal data that is transmitted in an email. Additionally, Art. 6 (1) b) GDPR provides the legal basis for processing data where the purpose of the email contact is to conclude a contract.
3. Purpose of data processing
We process the personal data entered in the input screen solely for the purpose of processing the request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data.
The purpose of the other personal data processed during the transmission of the contact form is to prevent misuse of the contact form and to ensure the safety of our IT systems.
4. Storage period
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. With regard to the personal data entered in the input screen of the contact form and the personal data sent by email, this is the case when the conversation with the user has ended. The conversation is deemed ended when the circumstances would suggest that the issue has been conclusively resolved.
Additional personal data collected during the transmission of the contact form is usually erased after a period of seven days.
5. Objection and deletion options
The user has the right at any time to withdraw his/her consent to the processing of the personal data. If the user contacts us by email using the address specified in Section II. above, he/she may object to the storage of his/her personal data at any time. In such cases, the communication can, however, not be continued by email.
In this case, all personal data stored upon contacting us shall be erased without undue delay.
VI. Rights of the data subject
Where personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis RIKUTEC:
1. Right of access
You have the right to obtain from RIKUTEC confirmation as to whether or not personal data relating to you is being processed by us.
If such data is processed, you may obtain from RIKUTEC access to the following information:
(1) The purposes for which the personal data is processed.
(2) The categories of personal data processed.
(3) The recipient or categories of recipients to whom the personal data relating to you was disclosed or is still being disclosed.
(4) The planned storage period for the personal data relating to you or, where specific details are not available, the criteria for determining the storage period.
(5) The existence of the right to rectification or erasure of the personal data relating to you, the right to restriction of processing by RIKUTEC or the right of objection to such processing.
(6) The existence of the right to lodge a complaint with a supervisory authority.
(7) All available information on the origin of the data, where the personal data is not collected from the data subject.
(8) The existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to request information on whether the personal data relating to you is transmitted to a third country or to an international organisation. In this context, you may request information on the appropriate safeguards pursuant to Art. 46 GDPR in connection with such a transmission.
2. Right to rectification
You have the right to obtain from RIKUTEC rectification and/or completion, insofar as the processed personal data relating to you is inaccurate or incomplete. RIKUTEC shall rectify the data without undue delay.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of the personal data relating to you be restricted:
(1) Where you contest the accuracy of the personal data relating to you for a period enabling RIKUTEC to verify the accuracy of the personal data.
(2) Where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead.
(3) Where RIKUTEC no longer requires the personal data for the purposes of processing, but you require this data for the establishment, exercise or defence of legal claims.
(4) Where you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of RIKUTEC override yours.
Where processing of the personal data relating to you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted under any of the aforementioned conditions, you shall be informed by RIKUTEC before the restriction on processing is lifted.
4. Right to erasure
a) Duty to erase
You have the right to obtain from RIKUTEC the erasure of personal data relating to you without undue delay and RIKUTEC shall be obligated to erase this personal data without undue delay where one of the following grounds applies:
(1) The personal data relating to you is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing pursuant to Art. 6 (1) a) or Art. 9 (2) a) GDPR was based, and where there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
(4) The personal data relating to you was processed unlawfully.
(5) It is necessary to erase the personal data relating to you for compliance with a legal obligation under the Union or Member State law to which RIKUTEC is subject.
(6) The personal data relating to you was collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
There shall be no right to erasure where processing is necessary
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation, which requires processing under the Union or Member State law to which RIKUTEC is subject, or for the performance of a task carried out in the public interest; or
(3) for the establishment, exercise or defence of legal claims.
5. Right to notification
Where you have exercised your right to obtain rectification, erasure or restriction of processing from RIKUTEC the latter shall be obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request that RIKUTEC notify you of these recipients.
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is performed on the basis of Art. 6 (1) e) or f) GDPR; this shall also apply for any profiling based on these provisions.
RIKUTEC shall no longer process the personal data relating to you, unless it can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims.
Where the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data relating to you for said purposes; this shall also apply for profiling to the extent that it is related to such direct marketing.
Where you object to the processing of data for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. Right to withdraw consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.
8. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar manner. This shall not apply where the decision
(1) is necessary for the purpose of concluding or performing a contract between you and RIKUTEC;
(2) is permissible under the Union or Member State law to which RIKUTEC is subject, and these statutory regulations stipulate suitable measures for safeguarding your rights and freedoms and your legitimate interests;
(3) is made with your explicit consent.
However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a) or g) GDPR applies and suitable measures for safeguarding your rights and freedoms and your legitimate interests are in place.
In the cases referred to in (1) and (3), RIKUTEC shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of RIKUTEC, to express your point of view and to contest the decision.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual place of residence, place of work or place of the alleged infringement, where it is your opinion that the processing of the personal data relating to you is in breach of GDPR regulations.
The supervisory authority with which the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.
10. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data relating to you and provided to us by you in a structured, commonly used and machine-readable format. You also have the right to transmit said data to another controller without hindrance from us, where the processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) b), and the processing is carried out by automated means, insofar as the processing is not essential for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising your right to data portability pursuant to Art. 20 (1) GDPR, you also have the right to have the personal data transmitted directly from us to another controller, where this is technically feasible and does not adversely affect the rights and freedoms of others.
We offer you the opportunity to apply for jobs with our company via our website. In the case of these digital applications, we collect your application data electronically in order to process your application.
The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations.
The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months.
In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR and §24 Para. 1 No. 2 BDSG. Our legitimate interest lies in any legal defense we may have to mount .
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. You may withdraw your consent at any time with future effect per Art. 7 Para. 3 GDPR with future effect.
10. what is Cookiebot?
Cookiebot is a software product of the company Cybot. The software automatically creates a DSGVO compliant cookie notice for our website visitors. Furthermore, the technology behind Cookiebot scans, controls and evaluates all cookies and tracking measures on our website.
11. Why do we use Cookiebot on our website?
12. Which data is stored by Cookiebot?
If you allow cookies, the following data will be transferred, stored and processed by Cybot.
- IP address (in anonymous form, the last 3 digits are set to 0)
- Date and time of your consent
- our website URL
- technical browser data
- encrypted, anonymous key
- the cookies you have allowed (as proof of consent)
Purpose: In this cookie your consent status is stored. This enables our website to read and follow the current status during future visits.
Expiration date: after one year
Purpose: This cookie is set when you allow all cookies and have thus activated a “collective consent”. The cookie then stores its own random and unique ID.
Expiration date: after one year
Note: Please bear in mind that this is an exemplary list and that we cannot claim to be complete. In the cookie declaration at https://www.cookiebot.com/de/cookie-declaration/ you can see which other cookies can be used.
IX. Data protection provisions about the application and use of Google Analytics (with anonymization function)
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of the website visitors. For this, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data may be combined by Google in a profile that is assigned to the respective user or his or her end device.
Google Analytics uses technologies which enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google on the use of this website is usually transferred to a Google server in the USA and stored there.
This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transmission to the US is based on the standard contractual clauses of the EU Commission, details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services related to website and Internet use. The IP address transmitted by your browser within the context of Google Analytics is not combined with other data by Google.
You can prevent Google from collecting and processing your information by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Data stored by Google at the user and event level, which is linked to cookies, user names (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID), is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de
This website uses CleverElements to send newsletters. The provider is CleverElementsGmbH, Prinzessinnenstr. 19-20, 10969 Berlin (Germany).
CleverElements is a service which, among other things, allows you to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on the servers of CleverElements in Germany.
If you do not want to receive any analysis by CleverElements, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.
Data analysis by CleverElements
CleverElements enables us to analyse our newsletter campaigns. Among other things, we can see whether a newsletter message was opened and which links were clicked on, if applicable.
In this way, we can determine, among other things, which links were clicked on particularly often. CleverElements also allows us to divide newsletter recipients according to different recipient categories (e.g. place of residence). In this way, the newsletter can be better adapted to the respective target groups.
For detailed information on the functions of CleverElements, please see the following link:https://cleverelements.com/product.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have cancelled your subscription. Data stored by us for other purposes remain unaffected by this.
After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Conclusion of a contract on order processing
We have entered into an agreement with CleverElements in which we commit CleverElements to protect our customers’ information and not to disclose it to third parties.
XI. Use of Google APIs or Google Hosted Libraries
We use Google Hosted Libraries on our website. Google Hosted Libraries is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The integration of the libraries into Google services is carried out via an interface (“API”). When incorporating the libraries, Google may collect and process information (including personally identifiable information). To do this, Google may also transmit the information to a server in a third country.
The following personal data in particular is processed by Google Hosted Libraries:
- Log data (IP address in particular)
- Location-related information
- Unique application numbers
- Cookies and similar technologies
Data transmission to the US is based on the standard contractual clauses of the EU Commission, for details see https://privacy.google.com/businesses/controllerterms/mccs/.
For details on the terms of Google Hosted Libraries please visit:
For technical information on Google Hosted Libraries please visit:
Google may place cookies on your device to use Google Hosted Libraries. Google uses these cookies exclusively for the purposes of security and as a measure to prevent any misuse.
The aim of incorporating Google Hosted Libraries is to integrate the libraries required to optimise the functionality of the site.
The legal basis for the processing of personal data described here is Article 6 (1) letter f) GDPR. Our legitimate interest in so doing is the great benefit derived from integrating Google Hosted Libraries. The integration of libraries via Google reduces our maintenance costs and minimises the load on the website and the load on the server and website traffic. Google also has a legitimate interest in the collection of (personal) information, including to improve Google’s services.
The right to object
You have the right to object. You can send or communicate your objection to us at any time (e.g. via email to firstname.lastname@example.org ).
You can also change your cookie settings (delete or block cookies, etc.).Weitere Informationen hierzu finden Sie unter „ Cookies “. For more information, see section “IV Cookies”.
The provision of personal data is neither required by law nor arising from a contract, nor is provision of such necessary to conclude an agreement. Furthermore, you are under no obligation to provide personal information. However, if you do not provide such data, circumstances may arise where you cannot use the full or partial functionalities of our website.
XII. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
XIII. Appendix 1: Definitions
The Data Protection Policy of RIKUTEC is based on the terms used by the European legislator in the GDPR. Our Data Protection Policy should be easy to read and understand not only for the general public, but also for our clients and business partners. To this end, we would like to explain the terms used. The terms we use in this Data Protection Policy include the following:
a) personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) data subject
A ‘data subject’ is every identified or identifiable natural person, whose personal data is processed by the controller.
‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) restriction of processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting the processing of such in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.