Glossary of Privacy Terms

The following definitions have been drafted specifically for Inspired Villages.  In some cases, they differ from the definitions in the Data Protection Act and GDPR to make them clearer and more specific to our business and the way we process Personal Information.

Privacy or Data Protection

These two terms originated in US law and EU law respectively and have the same meaning. 

They describe:

(a) The legal and regulatory framework that governs the processing of Personal Information, and

(b) The governance (management and monitoring) of Personal Information processing by organisations, and 

(c) The enforcement of legal rights and obligations by Data Protection Authorities, e.g. the Information Commissioner’s Office.

Personal Information or Personal Data

These terms have the same meaning. “Personal Data” is the legal term used in the Data Protection Act and GDPR but Inspired Villages prefers “Personal Information” because it is less legalistic and easier for people to relate to.

Personal Information is any information or data that relates to, or can be traced or linked to, an identified living person or a person who can be identified or uniquely singled out, for example, by reference to:

(a) a unique identifier, such as a National Insurance or passport number, vehicle registration number, User ID or an employee or customer number, or

(b) a unique identifier on a personal computer, tablet or mobile phone or other device, such as an IP address or an IMEI or SIM number, or

(c) biometrics, such as fingerprints, iris or voice scans, or facial recognition data, or

(d) any combination of pieces of information which, when taken together, can be used to identify or single out an individual (sometimes known as ‘jigsaw identification’).

Sensitive Personal Information

Inspired Villages treats as Sensitive Personal Information:

  1. Any information, of any type (e.g. writing, images, recordings) and any format (e.g. electronic, paper, physical), relating to:

    (a) Racial or ethnic origin
    (b) Physical or mental health or condition
    (c) Sexual life, sexual orientation or gender definition
    (d) Religious beliefs or other beliefs of a similar nature
    (e) Membership of a trade union 
    (f) Political opinions
    (g) Criminal convictions or offences
     

  2. Genetic information or material
  3. Biometrics used for identification
  4. Payment card details
  5. Location and tracking data

And any other Personal Information that, in the specific circumstances, may – if disclosed and/or used inappropriately – expose an individual to the risk of significant physical, psychological, social, economic or professional harm.

Processing

Any activity relating to Personal Information or data in any format, including but not limited to: collecting, creating, recording, storing, archiving, retrieving, accessing, consulting, using, aggregating, modifying, printing, collating, copying, viewing, disclosing, sharing, distributing, publishing, broadcasting, posting, transmitting, transferring, moving, losing, damaging, shredding, overwriting, deleting and destroying.

In short, every activity that involves Personal Information constitutes “processing”.

Privacy Incident, Privacy Breach

(Also sometimes referred to as “data incidents/breaches”, “privacy incidents/breaches” or “security incidents/breaches”)

An “Incident” occurs where Personal Information may have been:

a. Lost, stolen or mislaid

b. Disclosed to, or accessed by, an unauthorised person or organisation

c. Used for a purpose or in a manner that has not been authorised

d. Modified, damaged or destroyed without authorisation, or

e. Left unattended, unprotected and therefore exposed to a risk of the above.

An Incident is reclassified as a “Breach” where the loss, disclosure etc. has been confirmed.

Privacy Impact Assessment

A review of a proposed or existing process, IT system, project or activity involving Personal Information in order to identify privacy risks and recommend controls.

Privacy Rights

Individuals have a number of rights in relation to their Personal Information held by Inspired Villages, including (but not limited to):

a. Access – receiving copies of all the information held and details of how it is processed

b. Rectification – having inaccurate information corrected

c. Objection to certain types of processing, including profiling and processing for marketing

d. Withdrawal of consent, e.g. to marketing or processing of Sensitive Personal Information

e. Erasure – having information deleted in certain circumstances

All requests relating to an individual’s Personal Information (Data Subject Requests) should be handled in accordance with the Data Subject Requests (DSR) procedures.

Data Subject Request (DSR)

A request by or on behalf of an individual to exercise one or more of their Privacy Rights.

Requests may be made by any means, e.g. by phone, SMS, email, letter, social media etc.

Requests must be responded to without delay and, in any event, within a month (subject to limited legal exceptions).