The General Data Protection Regulation (GDPR) uses legal, technical and privacy terminology that might not be clear at first. Below we have outlined some of the key terminology to help you cut through the jargon and understand the GDPR. You can find a nicely formatted and full version of the regulation articles here.
- OnceHub: The company that owns and develops the online scheduling products ScheduleOnce and InviteOnce. OnceHub is the legal entity that upholds the principles of the GDPR.
- Controller: People or organizations that determine the purpose and means of processing personal data. In our case, OnceHub Users are controllers.
- Processor: People or organizations that collect, store, or process data on behalf of controllers. In our case, OnceHub is the processor.
- Sub-processor: Third-party businesses that perform data processing on behalf of processors. OnceHub uses a number of sub-processors, which are listed in our Data processing addendum.
- Data subject: An individual to whom personal data relates. Data subjects must be living, identifiable individuals. In our case, data subjects refer to prospects and Customers who schedule appointments via OnceHub's products.
- Personal data: Any information that can be used to identify an individual. This includes data directly linked to a person, such as their name, identification number, location, or any online identifier. Personal data can also be indirectly linked to an individual, including physical, physiological, genetic, mental, economic, cultural, or societal information.
- Processing: Any operation performed on personal data. This includes automated and manual operations such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, making available, combining, restricting, erasing or destroying.
- Data processing addendum (DPA): A contractual agreement between two organizations outlining terms and responsibilities for data protection.
- Data protection officer (DPO): A position within an organization responsible for ensuring the security and protection of data. A DPO can be an employee of an organization, or be retained as a contracted service.
- EU representative: A person or organization designated by a controller or processor located outside of the EU to represent the controller in EU member states. The EU representative is responsible for GDPR compliance and can act on behalf of the controller. Supervisory authorities may address the EU representative in place of the controller or processor.
- Supervisory authority: An independent public authority established by an EU member state to enforce the GDPR. Each member state has its own supervisory authority.
To learn more about OnceHub's compliance with the GDPR, read our ebook: A practical guide to using OnceHub in a GDPR compliant manner