- ‘the Regulation’ shall mean the General Data Protection Regulation (GDPR), Regulation2016/679 of the European Parliament;
- ‘the Directive’ shall mean the Directive 95/46/EC of the European Parliament;
- ‘the Law’ shall mean any local applicable privacy law and the GDPR in the EEA (European Economic Area).
- ‘the Statement shall mean this statement, including all its appendices, based upon the principles of the GDPR while respecting the local privacy laws of the countries around the globe Vanderlande is active in;
- ‘personal data’ shall mean any information relating to an identified or identifiable natural person
- ‘data subject’; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processing’ shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as possession, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘filing system’ shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
- ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; This can be Vanderlande Holding, Vanderlande Industries, a Vanderlande local subsidiary or any of our customers. Also potentially independent suppliers of Vanderlande might claim this role.
- ‘Employee’ as Data Subject shall mean any natural person employed by Vanderlande as well as any natural person carrying out paid or unpaid work for Vanderlande.
- ’Company Regulations’ shall mean any local applicable company regulation that is enforced by Vanderlande all Employees should adhere to. This includes but is not limited to the Company Regulations in the Dutch office (Ref: CR) and the Mitarbeiterhandbuch in the German offices.
- ‘Processor’ shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- ‘Sub Processor’ shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller and Processor;
- ‘Third Party’ shall mean any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the (sub)processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the data
- ‘Recipient’ shall mean a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not
- ‘(Data) Privacy Officer’ shall mean the Data Protection Officer (DPO) as defined in article 37 of the Regulation
‘consent’ shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him/her being processed. - ‘special personal data’ shall mean any personal data as defined in article 9 of the Regulation.
- ‘supervisory authority’ shall mean any supervisory authority as defined in article 51 of the Regulation
- ‘cross-border processing’ means either:
a)processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
b)processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State