More Information on Some Key Terms of the GDPR

At the beginning of this document, DPP provided information on what the concept of “personal data” and its protection is all about. The following will provide you with some additional details about certain key terminology, which is used and which is important to know if you want to learn about your rights and how your personal data is being handled at the Prague Public Transit Company (DPP). 

  1. The term “processing” refers to any operation (or set of operations) involving personal data (or sets of personal data) which is carried out with (or without) the use of automated procedures -  such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieval, inspection, use, disclosure by transmission, dissemination or release in any other way. Processing can also involve the correlation and combining of such information, selective sorting and its deletion and destruction.
  2. The term “processing restriction” refers to a designation applied to stored personal data with a view to restricting (or conditioning) its further processing at some point in the future. 
  3. The term “profiling” refers to any type of automated processing of personal data for sorting purposes based on the characteristics, information about and other aspects of natural persons. In particular, this can include sorting based on assessments of performance at work, financial situation, health status, personal preferences, interests, assumed or evident reliability, behavior, where one lives, travel, etc.  
  4. The term “pseudonymization” refers to the management and processing of personal data in such a way that it can no longer be associated with a specific data subject or individual without the use of additional information; and, it assumes such additional information is kept separate from the related de-identified personal data and subject to technical and organizational measures to ensure that identification or identifiable information is not assigned to a specific physical person.
  5. The term “anonymization” refers to the management and processing of personal data in such a way that after anonymization, the data can no longer be associated with a specific data subject or physical individual in any way. Anonymization must be irreversible.
  6. The term “Administrator (or Controller)” can refer either to a physical person or a legal entity, public authority, agency or other body, either alone or jointly with others, who or which is going to determine the purpose and means to be used for the processing of personal data; where the purpose and means of such processing are determined and regulated by laws of the European Union or a Member State. Such multinational and national entities can designate the party (parties) with the right to be the Administrator (Controller) in specific situations and / or the specific criteria to be used to designate the party fulfilling this function and responsibility in defined situations and circumstances.
  7. The term “processor” refers to a physical person or a legal entity, public authority, agency or other body which is responsible for processing personal data for the Administrator (Controller) on the basis of their instructions.
  8. The term "recipient" refers to a physical or legal entity, public authority, agency or any other body to which the personal data is disclosed. Such a recipient may (or may not) be a third party
  9. The term "personal data breach" refers to a situation in which there has been an intentional or unintentional crack or break in the security of personal data. Such a breach can involve the data’s accidental or unlawful destruction, loss, alteration or its unauthorized disclosure and its transmission, storage or processing in another manner.