Privacy Policy

1.Overview

Urna Consulting LLP, India (hereafter Urna Consulting) has worried about customer data and user privacy, long before it became fashionable, politically correct, or legally binding to take such a position.

The Security and privacy of your data and personal Information is of paramount important to us. We will use your data and personal information only in the manner set out in this Policy. We act in accordance with the applicable data protection laws.

2.Our Data Security and Data Privacy Commitment

We are committed to safeguarding the data and privacy of our clients, prospects, and website visitors

Our commitment towards protecting your data and personal information includes the following obligations:

  • We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure. Individuals, small, medium and large organizations count on our security and data protection to meet their needs.
  • For the URNA HRMIS we always work under terms of non-disclosure, thus we hold any business process information or data you share with our teams as highly proprietary and confidential.
  • We promise to protect your privacy and treat the information you give us as confidential.
  • The information you provide to us will be used by us only for the purpose for which it was sought.
  • We ask for only the least amount of information necessary, gathering only what we believe is essential for doing business, or for the specific transaction at hand.
  • We will not release your personal information to any third party without your consent.
  • We will never try to sell you anything and we will never sell your personal data to anyone.
  • Your decision to provide or not to provide any information will respected without question
  • We let customers know the information we have on them and allow them to opt out of specific engagements.

3. Scope

This Policy sets out how we deal with your data and personal information entrusted to us. The goal of this policy is to:

  1. outline some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.
  2. make explicit the information we gather on our customers and users, how we will use it, and how we will not.

4.Our Current Data Security practices

Physical Security

Our datacentre is hosted in one of the most secure facilities available today in a Mumbai location
of AWS that is protected from physical and logical attacks as well as from natural disasters such
as earthquakes, fires, floods, etc.

  • 7x24x 365 Securities. The data centre that hosts your data is guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
  • Video Monitoring. Each data centre is monitored 7x24x365 with night vision cameras.
  • Controlled Entrance. Access to the data centre is tightly restricted to a small group of pre-authorized personnel.
  • Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter the Urna Consulting data centre.
  • Undisclosed locations. Urna Consulting servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
  • Bullet-resistant walls. Urna Consulting servers are guarded safely inside bulletresistant walls.

ii. Network Security

Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.

  • Secure Communication. All data transmission to Urna Consulting services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
  • IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems WAF & Shield.
  • Control and Audit. All accesses are controlled and also audited.
  • Secured / Sliced Down OS. Urna Consulting applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
  • Virus Scanning. Traffic coming into Urna Consulting Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.

iii. People Processes

Designing and running data centre infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. Urna Consulting’s security team has years of experience in designing and operating data centres and continually improves our processes over time. Urna Consulting has developed a world class practices for managing security and data protection risk.

  • Select Employees. Only employees with the highest clearance have access to our data centre data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to
    provide support and troubleshooting on our customers’ behalf.
  • Audits. Audits are regularly performed and the whole process is reviewed by management.
  • As-Needed Basis. Accessing data centre information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

iv. Redundancy and Business Continuity

One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.

  • Distributed Grid Architecture. Urna Consulting services run on distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail – we have implemented our infrastructure to account for that.
  • Power Redundancy. Urna Consulting configures its servers for power redundancy – from power supply to power delivery.
  • Internet Redundancy. Urna Consulting is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
  • Redundant Network Devices. Urna Consulting runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
  • Redundant Cooling and Temperature. Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. Urna Consulting servers are backed by N+2 redundant HVAC systems and temperature control systems.
  • Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes.
  • Fire Prevention. The Urna Consulting data centres are guarded by industry-standard fire prevention and control systems.
  • Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.

5.Our Privacy PolicyThis Privacy Policy is divided into three parts:

Part I – Information Urna Consulting collects and controls
  • This part deals with how Urna Consulting collects and uses information about website visitors, potential customers, users of Urna Consulting’s products and services, and others who contact Urna Consulting through forms or email addresses published on or linked to our websites.
Part II – Information that Urna Consulting processes on your behalf
  • This part deals with how Urna Consulting handles data that you entrust to Urna Consulting when you use our products and services, or when you share any personal or confidential information with us while requesting customer support.
Part III – General
  • This part deals with topics that are relevant to both Parts I and II, and other general topics such as Urna Consulting’s security commitments and how we will inform you when we change this Privacy Policy.

Part I – Information Urna Consulting collects and controls

What information Urna Consulting collects

We collect information about you only if we need the information for some legitimate purpose. Urna Consulting will have information about you only if :

  1. you have provided the information yourself,
  2. Urna Consulting has automatically collected the information, or
  3. Urna Consulting has obtained the information from a third party.

Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.

Information that you provide us
  1. Account signup : When you sign up for an account to access one or more of our services, we ask for information like your name, contact number, email address, company name and country to complete the account signup process. You’ll also be required to choose a unique username and a password for accessing the created account. You may also provide us with more information such as your photo, time zone and language, but we don’t require that information to sign up for an account. After signing up, you will have the option of choosing a security question and an answer to the security question — if you provide these, they will be used only while resetting your password.
  2. Event registrations and other form submissions: We record information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order to download any product, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support or to contact Urna Consulting for any other purpose.
  3. Payment processing: When you buy something from us, we ask you to provide your name, contact information, and credit card information or other payment account information. When you submit your card information, we store the name and address of the cardholder, the expiry date and the last four digits of the credit card number. We do not store the actual credit card number. For quick processing of future payments, if you have given us your approval, we may store your credit card information or other payment information in an encrypted format in the secured servers of our Payment Gateway Service Providers.
  4. Testimonials: When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us at +91 82872 11599
  5. Interactions with Urna Consulting: We may record, analyze and use your interactions with us, including email, telephone, and chat conversations with our sales and customer support professionals, for improving our interactions with you and other customers.
Information that we collect automatically
  1. Information from browsers, devices and servers : When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL,
    date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites.
  2. Information from first party cookies and tracking technologies: We use temporary and permanent cookies to identify users of our services and to enhance user experience. We embed unique identifiers in our downloadable products to track usage of the products. We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites.
  3. Information from application logs and mobile analytics: We collect information about your use of our products, services and mobile applications from application logs and in-house usage analytics tools, and use it to understand how your business use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.

Information that we collect from third parties

  1. Signups using federated authentication service providers: You can log in to Urna Consulting Services using supported federated authentication service providers such as LinkedIn, Microsoft and Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.
  2. Referrals: If someone has referred any of our products or services to you through any of our referral programs, that person may have provided us your name, email address and other personal information. You may contact us at support@urnaconsulting.com to request that we
    remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.
  3. Information from our reselling partners and service providers: If you contact any of our reselling partners, or otherwise express interest in any of our products or services to them, the reselling partner may pass your name, email address, company name and other information to Urna Consulting. If you register for or attend an event that is sponsored by Urna Consulting, the event organizer may share your information with us. Urna Consulting may also receive information about you from review sites if you comment on any review of
    our products and services, and from other third-party service providers that we engage for marketing our products and services.
  4. Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites such as Facebook, Twitter, Google+ and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites. Urna Consulting may also add and update information about you, from other publicly available sources.
Purposes for using information
In addition to the purposes mentioned above, we may use your information for the following purposes:
  1. To communicate with you (such as through email) about products that you have downloaded and services that you have signed up for, changes to this Privacy Policy, changes to the Terms of Service, or important notices;
  2. To keep you posted on new products and services, upcoming events, offers, promotions and other information that we think will be of interest to you;
  3. To ask you to participate in surveys, or to solicit feedback on our products and services;
  4. To set up and maintain your account, and to do all other things required for providing our services, such as enabling collaboration, providing website and mail hosting, and backing up and restoring your data;
  5. To understand how users use our products and services, to monitor and prevent problems, and to improve our products and services;
  6. To provide customer support, and to analyze and improve our interactions with customers;
  7. To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of Urna Consulting, Urna Consulting’s users, third parties and the public;
  8. To update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you;
  9. To analyze trends, administer our websites, and track visitor navigations on our websites to understand what visitors are looking for and to better help them;
  10. To monitor and improve marketing campaigns and make suggestions relevant to the user.
Legal bases for collecting and using information

Legal processing bases applicable to Urna Consulting : our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on

  1. contractual necessity,
  2. one or more legitimate interests of Urna Consulting or a third party that are not overridden by your data protection interests.
  3. your consent.

Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.

Withdrawal of consent:

Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.

Legitimate interests notice: Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.

Your choice in information use
  1. Opt out of non-essential electronic communications : You may opt out of receiving
    newsletters and other non-essential messages by using the ‘unsubscribe’ function included in
    all such messages. However, you will continue to receive notices and essential transactional
    emails.
  2. Disable cookies : You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.
  3. Optional information : You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
Who we share your information with

At Urna Consulting we have access to the information covered in Part I. We do not sell any personal information. We share your information only in the ways that are described in this Privacy Policy, and only with parties who adopt appropriate confidentiality and security measures.

  1. Employees and independent contractors: Employees and independent contractors of Urna Consulting have access to the information covered in Part I on a need-to-know basis. We require all employees and independent contractors of Urna Consulting to follow this Privacy Policy for personal information that we share with them.
  2. Third-party service providers: We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organizers, web analytics providers and
    payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.
  3. Reselling partners: We may share your personal information with our authorized reselling partners in your region, solely for the purpose of contacting you about products that you have downloaded or services that you have signed up for. We will give you an option to opt out of continuing to work with that partner.
Other cases :

Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.

Your rights with respect to information we hold about you as a controller

Urna Consulting undertakes to provide you these rights no matter where you choose to live.

  1. Right to access : You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information’s source, purpose and period of processing, and the persons to whom the information is shared
  2. Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
  3. Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
  4. Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  5. Right to data portability : You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
  6. Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
  7. Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.
Retention of information

We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other
legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

Part II – Information that Urna Consulting processes on your behalf

Information entrusted to Urna Consulting and purpose

  1. Information provided in connection with services : You may entrust information that you or your organization (“you”) control, to Urna Consulting in connection with use of our services or for requesting technical support for our products. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared to us as part of a request for technical support or other services.
  2. Information from mobile devices: When you elect to allow it, some of our mobile applications have access to the camera, call history, contact information, photo library, and other information stored on your mobile device. Our applications require such access to provide their services. Similarly, when you elect to provide access, location-based information is also collected for purposes including, but not limited to, locating nearby contacts or setting location-based reminders. This information will be exclusively shared with our mapping providers and will be used only for mapping user locations. You may disable the mobile applications’ access to this information at any time by editing the settings on your mobile device. The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application, and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).
  3. (All the information entrusted to Urna Consulting is collectively termed “service data”)
Ownership and control of your service data

We recognize that you own your service data. We provide you complete control of your service data by providing you the ability to

  1. access your service data,
  2. share your service data through supported third-party integrations, and
  3. request export or deletion of your service data.
How we use service data

We process your service data when you provide us instructions through the various modules of our services. For example, when you generate an invoice, information such as the name and address of your customer will be used to generate the invoice; and when you use our campaign management service for email marketing, the email addresses of the persons on your mailing list will be used for sending the emails.

Push notifications

If you have enabled notification on our desktop and mobile applications, we will push notifications through a push notification provider such as Apple Push Notification Service, Google Cloud Messaging or Windows Push Notification Services. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.

Who we share service data with
  1. Urna Consulting group and third party sub-processors: In order to provide services and technical support for our products, the contracting entity within the Urna Consulting group engages other and third parties.
  2. Employees and independent contractors: We may provide access to your service data to our employees and individuals who are independent contractors of the Urna Consulting involved in providing the services (collectively our “employees”) so that they can (i) identify, analyze and resolve errors, (ii) manually verify emails reported as spam to improve spam detection, or (iii) manually verify scanned images that you submit to us to verify the accuracy of optical character recognition. We ensure that access by our employees to your service data is restricted to specific individuals, and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the Urna Consulting group.
  3. Collaborators and other users: Some of our products or services allow you to collaborate with other users or third parties. Initiating collaboration may enable other collaborators to view some or all of your profile information. For example, when you edit a document that you have shared with other persons for collaboration, your name and profile picture will be displayed next to your edits to allow your collaborators to know that you made those edits.
  4. Third-party integrations you have enabled: Most of our products and services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service information and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.

Other cases: Other scenarios in which we may share information that are common to information covered under Parts I and II are described in Part III.

Retention of information

We hold the data in your account as long as you choose to use Urna Consulting Services. Once you
terminate your Urna Consulting user account, your data will eventually get deleted from active
database during the next clean-up that occurs once in 6 months. The data deleted from active
database will be deleted from backups after 3 months.

Part III – General

Children’s personal information

Our products and services are not directed to individuals under 16. Urna Consulting does not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please write to support@urnaconsulting.com with the details, and we will take the necessary steps to delete the information we hold about that child.

How secure is your information

At Urna Consulting, we take data security very seriously. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, we encourage you to write to us at support@urnaconsulting.com with any questions.

Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to support@urnaconsulting.com

Do Not Track (DNT) requests

Some internet browsers have enabled ‘Do Not Track’ (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don’t wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.

External links on our websites

Some pages of our websites may contain links to websites that are not linked to this Privacy Policy. If you submit your personal information to any of these third-party sites, your personal information is governed by their privacy policies. As a safety measure, we recommend that you not share any personal information with these third parties unless you’ve checked their privacy policies and assured yourself of their privacy practices.

Blogs and forums

We offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. Urna Consulting is not responsible for the personal information you elect to disclose publicly. Your posts and certain
profile information may remain even after you terminate your account with Urna Consulting. To request the removal of your information from our blogs and forums, you can contact us at support@urnaconsulting.com

Social media widgets

Our websites include social media widgets such as Facebook “like” buttons and Twitter “tweet” buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate in the website, and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.

Disclosures in compliance with legal obligations

We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.

Enforcement of our rights

We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.

Business Transfers

We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honour our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the uses of your personal information and service data. We will also notify you about any choices you may have regarding your personal information and service data.

Compliance with this Data Security and Data Privacy Policy

We make every effort, including periodic reviews, to ensure that personal information you provide is used in conformity with this Data Security and Data Privacy Policy. If you have any concerns about our adherence to this Privacy Policy or the manner in which your personal information is used, kindly write to us support@urnaconsulting.com We’ll contact you, and if required, coordinate with the appropriate regulatory authorities to effectively address your concerns.

Notification of changes

We may modify the Privacy Policy at any time, upon notifying you through a service announcement or by sending an email to your primary email address. If we make significant changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days’ advance notice of the changes by email to your primary email address.
If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the Privacy Policy will be deemed to be your agreement to the modified Privacy Policy. You will not receive email notification of minor changes to the Privacy Policy.

6.Review and Updates

This Policy will be periodically updated to reflect changes in LexisNexis’ information policies and practices and legal requirements. Urna Consulting Information Security Team/department is responsible for updating this Policy.

7. Effective Date

This Policy is effective upon publication.

8.Questions about This Policy

Questions regarding compliance with this Policy should be directed to us at support@urnaconsulting.com

Appendix

Definitions/Abbreviations

Acronyms/terms to be
defined
Definition
Personal Data:Any information relating to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive Personal Data:Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific
protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those
personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data Controller:The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor:A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.
Processing:An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data
Anonymization:Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data.
Pseudonymization:.The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles.