1) Personal data: any information relating to an identified or identifiable natural person (the data subject). An identifiable natural person is any person whose identity can be established, directly or indirectly, by using an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of that person’s physical, physiological, genetic, mental, economic, cultural or social identity.
2) Processing: any operation or set of operations which is performed upon personal data or upon a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3) Profiling: any form of automated processing of personal data consisting of using such data to evaluate personal aspects relating to a natural person, in particular to analyse or predict aspects of that person’s professional performance, financial situation, health, personal preferences, interests, trustworthiness, behaviour, location or movements.
4) Pseudonymisation: processing of personal data in such a way that they cannot be attributed to a data subject without the use of additional information, provided that this information is separated and subject to technical and organisational measures designed to ensure that the personal information is not attributed to an identified or identifiable natural person.
5) File: a structured set of personal data accessible according to specified criteria, whether centralised, decentralised or distributed in a functional or geographical manner.
6) Controller or controller: the natural or legal person, public authority, service or any other body which, alone or jointly with others, decides on the purpose of the processing.
7) Processor or processor: the natural or legal person, public authority, service or any other body processing personal data on behalf of the controller.
8) Recipient: the person to whom personal data are disclosed, whether or not that person is a third party. However, public authorities that may receive personal data in the framework of a specific investigation should not be considered as recipients.
9) Third party: a natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct authority of the controller or the processor.
10) Data subject’s consent: any freely given, specific, informed and unambiguous indication of his or her agreement, by means of a clear affirmative statement or action, to the processing of personal data relating to him or her.
11) Supervisory authority: the independent public authority established by a member state in accordance with Article 51 of the GDPR.
12)Cross-border processing: