-
Complaint means the complaint lodged by a Data subject with a Supervisory Authority if the Data subject considers his or her rights under Applicable Data Protection Laws are infringed.
Controller means the entity that determines the purposes and means of the Personal data processing.
EU/EEA means the European Union/European Economic Area.
European data protection law or General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data.
Local Special Data Protection Point of Contact means the person appointed by a Sodexo entity, in charge of handling local data privacy issues. This point of contact is part of the Global Data Protection Network.
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing or Processing of Personal data means any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Privacy by design means that where a new digital project or a new business opportunity is initiated, involving Processing of Personal data, data protection shall be taken into account, both at the time of the definition of the means and the related appropriate technical and organizational security measures for the Processing and at the time of the implementation of Processing itself. The same principle applies where Sodexo intends to merge with or acquire a company, it shall make sure that data protection principles are respected.
Privacy by default means that personnel should be trained to handle Personal data and implement procedures to ensure that each time Personal data is processed, appropriate technical and organizational measures are taken for ensuring that, by default, only Personal data which is necessary for each specific purpose is processed (in terms of amount of data processed, extent of the processing and data retention) and is made accessible only to a limited number of persons who need to know.
Request means one of the mechanisms provided by the GDPR to individuals to allow them to exercise their rights (such as the right of access, to rectification, to erasure etc.). An individual may make a Request against any entity which processes its Personal Data, the Controller or the Processor, if relevant.
Sensitive Personal data designated as “Special Categories of Data” under the GDPR means any Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. This definition includes also Personal data relating to criminal convictions and offences.
Sodexo Group means the network of entities comprising (i) four Global Hubs including Sodexo Global Services LLC in the USA, Sodexo Global Services Limited in the UK, Sodexo Services Asia in Singapore and Sodexo SA in France (collectively “the Hubs” or “the Global Hubs”) hosting Global management functions of the Sodexo Group, Global functions of the OSS activity and some Global functions of the PHS and BRS activities; (ii) the Region Leading Entities (“RLEs”) managing one of the various Regions of the OSS activity; (iii) the Management Company, Sodexo Pass International (“SPI”) incorporated in France and hosting some global management support functions of the PHS and BRS activities, (iv) the Operational companies which are in charge of conducting the Group’s daily business in the OSS, BRS or PHS activity and, any entities which are directly or indirectly controlled by or under the common control with any of those entities. “Control” in the context of this definition means the power, either directly or indirectly to direct or cause the direction of the management and policies of an entity.
Sodexo entity or Sodexo entities means any corporation, partnership or other entity or organization which is admitted from time to time as member of the Sodexo Group.
Supervisory Authority means an independent public authority which is established by a Member State as specified in the GDPR.