Privacy Key Terms
Below is a list of recurring terms in Unilever’s privacy notices and procedures.
Key Term |
Definition |
anonymisation |
The process of permanently removing any personal identifiers from personal data, so that the individuals whom the data describe remain anonymous. This is done for the purpose of protecting individuals’ private activities while maintaining the integrity of the data gathered and shared. |
automated processing |
Data processing that does not involve any manual processing. |
behavioural Advertising |
The act of tracking users’ online activities and then delivering ads or recommendations based upon the tracked activities. |
biometric data |
Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, including facial images or dactyloscopy data or iris related data. |
child |
A natural person below the age of eighteen (18) years. |
consent |
Any freely given, specific, informed and unambiguous indication by way of a written declaration or an affirmative action signifying a data subject’s agreement to the processing of personal data relating to him. |
cookies |
A small text file stored on a user machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. |
controller |
Any natural or legal person, public authority, non-governmental organization, agency or any other body or entity which alone or jointly with others determines the purposes and means of the processing of personal data. |
processing |
Any operation performed on personal data, including but not limited to collection, storage, preservation, alteration, retrieval, disclosure, transmission, making available, erasure, destruction of, consultation, alignment, combination, or the carrying out of logical or arithmetical operations on personal data. |
Data Protection Authority |
The designated regulatory body established under the Personal Data Protection Act, No. 9 of 2022.
|
Data Protection Officer |
The individual appointed by Unilever locally to carry out certain responsibilities and functions in respect of privacy and data protection. |
data subject |
An identified or identifiable natural person, alive or deceased, to whom the personal data relates. |
direct marketing |
A form of advertising in which companies provide marketing materials to consumers which are intended to promote a product or service or an organization. |
encryption |
The method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key |
financial data |
Any alpha-numeric identifier or other personal data which can identify an account opened by a data subject, or card or payment instrument issued by a financial institution to a data subject or any personal data regarding the relationship between a financial institution and a data subject, financial status and credit history relating to such data subjects, including data relating to remuneration.
|
genetic data |
Personal data relating to the genetic characteristics of a natural person which gives unique information about the physiology or the health of that natural person and which results, from an analysis of a biological sample or bodily fluid of that natural person. |
health data |
Personal data related to the physical or psychological health of a natural person, which includes any information that indicates his health situation or status. |
identifiable natural person |
a natural person who can be identified, directly or indirectly, by reference to any personal data |
IP address |
A unique address that identifies a device on the Internet or a local network and which allows a system to be recognized by other systems connected via the internet protocol. |
personal data |
Any information that can identify a data subject directly or indirectly by reference to (a) an identifier such as a name, an identification number, location data or an online identifier, or (b) one or more factors specific to the physical, physiological, genetic, psychological , economic, cultural or social identity of that individual or natural person.
|
personal data breach |
Any act or omission that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. |
Personal Data Protection Act/PDPA |
The Personal Data Protection Act, No. 9 of 2022 of Sri Lanka. |
processor |
A natural or legal person, public authority, agency or other entity established by or under written law which processes personal data on behalf of the controller. |
profiling |
processing of personal data to evaluate, analyse or predict aspects concerning that data subject’s performance at work, economic situation, health, personal preferences, interests, credibility, behaviour, habits, location or movements. |
pseudonymization
|
The processing of personal data in such a manner that the personal data cannot be used to identify a data subject without the use of additional information, and such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to a data subject. |
recipient |
A natural or legal person, to whom the personal data is disclosed, or a public authority or any incorporated or unincorporated body to which the personal data is disclosed. |
special categories of personal data |
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation, personal data relating to offences, criminal proceedings and convictions, or personal data relating to a child;. |
Supervisory Authority |
Independent authority or division associated with such independent authority, whose primary purpose and function is to regulate matters related to personal data. |
third-party |
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are under the direct authority of the controller or processor, are authorized to process personal data
|
tracking technologies |
Technologies used to collect information about individuals and their use of the internet online services, and emails, such as what website a user visits, how long is spent on a site, what the user's location is, what the IP address of the device is or if an email has been opened and what contents was clicked on and so on. Examples of tracking technologies include but are not limited to cookies, tags, web beacons, and embedded scripts.
|