Consent: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Data Protection Officer (DPO): the person designated in charge of the protection of personal data.

Recipient: a natural or legal person, or any other body that receives communication of personal data.

Personal data: any information relating to a data subject, particularly by reference to an identifier such as a name, an identification number, an ID card number, a salary, health records, bank account information, driving or consumption habits, location data, an online identifier, etc. The term "personal data" includes sensitive personal data.

Sensitive personal data: refers to personal data revealing or based on:

• racial or ethnic origin, political, religious, or philosophical opinions
• membership in a trade union
• physical or mental health
• sexual orientation or sex life
• genetic and biometric data
• data relating to criminal convictions, offenses, or related security measures.

Applicable legislation: set of regulations related to the protection of personal data and applicable to the processing of personal data, namely the European Regulation No. 2016/679 on the protection of personal data (GDPR), the amended Data Protection Act, and any other related regulations.

Data subject: a natural person to whom the personal data relates and who can be identified or is identifiable, directly or indirectly, through this personal data. This includes customers, prospects, and former and current employees.

Data controller: a natural or legal person who, individually or jointly, decides which personal data is collected, why, and how it is collected and processed.

GDPR: abbreviation for the European Regulation No. 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Processor: any natural or legal person or another body that processes personal data on behalf of the data controller and according to their instructions (e.g., service providers or suppliers).

Third party: any natural or legal person, public authority, agency, or any other body other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the data controller or the processor, are authorized to process the data.

Processing: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, access, recording, copying, transfer, retention, storage, cross-referencing, modification, structuring, making available, communication, recording, destruction, whether automatic, semi-automatic, or otherwise. This list is not exhaustive.

Data transfer: any communication, copying, or moving of data via a network, or any communication, copying, or moving of this data from one medium to another, regardless of the medium, of personal data to a third country outside the European Union or to an international organization that is or is intended to be processed after this transfer.