‘Personal data’: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Special categories of personal data’: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
‘Data concerning health’: personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
‘Processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Data protection officer’: a natural person designated by the controller and the processor for the purposes provided for in law, on the basis of professional qualities and expert knowledge of data protection law and practices, with primary task to be involved in all issues which relate to the protection of personal data.
‘Consent of the data subject’: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
‘Existing legislation’: the provisions of Greek, Union or other law, to which STILVI Pharmaceuticals S.A. is subject to, determining personal data protection issues, such as:
- Law 2472/1997 on the protection of individuals with regard to the processing of personal data;
- Law 3471/2006 on the protection of personal data and privacy in the electronic telecommunications sector and amendment of Law 2472/1997;
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), as amended;
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR, and any implementing laws.