1.1. "Applicable Privacy Law" means all laws, statutes, regulations, ordinances, codes, rules, guidance, orders, or any other legal entitlement issued by any governmental body governing the collection, use, transfer, and disclosure of Personal Data.
1.2. "Affiliated Companies" means any legal entities controlling, controlled by, or under common control with Data Controller.
1.3. "Data Controller" means the party that has authority over the processing of Personal Data, determining the purpose for its use and the manner that it is processed.
1.4. "Data Processor" means the party that processes Personal Data on behalf of, and under the instruction of, the Data Controller.
1.5. "Data Protection Authority" means the official body that ensures compliance with the Applicable Privacy Law within its applicable jurisdiction.
1.6. "Data Subject" means the directly or indirectly identified or identifiable person to whom the Personal Data relates.
1.7. "Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed.
1.8. "GDPR" means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
1.9. "Personal Data" means any information regulated by Applicable Privacy Law provided by the Data Controller, including information concerning an identified or identifiable individual, such as name, address, age, gender, income, family status, health records, etc.
1.10. "Processing", "processes" and "process" mean either any activity that involves the use of Personal Data or as the Applicable Privacy Law may otherwise define processing, processes, or process. It includes any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing also includes transferring Personal Data to third parties.
1.11. "Standard Contractual Clauses" ("SCC") means contractual clauses established by the European Commission concerning the international transfer of Personal Data, as set out in the Annex to Commission Decision 2010/87/EU.
1.12. "Sub-processor" means third-party data processor engaged by the Data Processor, who has or potentially will have access to, or processes Personal Data.