Privacy Key Terms
Below is a list of recurring terms in Unilever’s privacy notices and procedures.
Glossary
Key Term |
Definition |
Anonymisation |
The process of permanently removing any personal identifiers from personal data, so that the individuals whom the data describe remain anonymous. This is done for the purpose of protecting individuals’ private activities while maintaining the integrity of the data gathered and shared. |
Behavioural Advertising |
The act of tracking users’ online activities and then delivering ads or recommendations based upon the tracked activities. |
Binding Corporate Rules (BCRs) |
Personal data protection policies which are adhered to by a controller or processor for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity. |
Biometric Data |
Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, including facial images or dactyloscopy data or iris related data. |
Data Privacy Officer |
The individual appointed by Hindustan Unilever Limited to carry out certain responsibilities and functions in respect of privacy and data protection. |
Consent |
Any freely given, specific, informed and unambiguous indication by way of a written declaration or an affirmative action signifying a data subject’s agreement to the processing of personal data relating to him. |
Cookies |
A small text file stored on a user machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. |
Data Fiduciary /Data Controller |
Any natural or legal person, public authority, non-governmental organization, agency or any other body or entity which alone or jointly with others determines the purposes and means of the processing of personal data. |
Data Processing |
Any operation performed on personal data, including but not limited to collection, storage, preservation, alteration, retrieval, disclosure, transmission, making available, erasure, destruction of, consultation, alignment, combination, or the carrying out of logical or arithmetical operations on personal data. |
Data Protection Authority |
The designated regulatory body established under the Digital Personal Data Protection Act, 2023 (DPDPA) |
Data Retention |
The policies and processes used within Unilever for determining the time period for archiving and storing of personal data. |
Data Principal/Data Subject |
An identified or identifiable natural person, alive or deceased, to whom the personal data relates. |
Direct Marketing |
A form of advertising in which companies provide physical marketing materials to consumers to communicate information about a product or service. |
Encryption |
The method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key |
Financial data |
any alpha-numeric identifier or other personal data which can identify an account opened by a data subject, or card or payment instrument issued by a financial institution to a data subject or any personal data regarding the relationship between a financial institution and a data subject, financial status and credit history relating to such data subjects, including data relating to remuneration. |
Genetic Data |
Personal data relating to the genetic characteristics of a natural person which gives unique information about the physiology or the health of that natural person and which results, from an analysis of a biological sample or bodily fluid of that natural person. |
Health Data |
Personal data related to the physical or psychological health of a natural person, which includes any information that indicates his health situation or status. |
Identifiable natural person |
a natural person who can be identified, directly or indirectly, by reference to any personal data |
International Organisation |
An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries. |
IP Address |
A unique address that identifies a device on the Internet or a local network and which allows a system to be recognized by other systems connected via the Internet protocol. |
Online Behavioural Advertising |
Websites or online advertising services that engage in the tracking or analysis of, e.g., search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, and offer advertising based on that tracking. |
Personal Data |
Any information that can identify a data subject directly or indirectly by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological , economic, cultural or social identity of that individual or natural person. |
Personal Data Breach |
Any act or omission that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. |
Privacy and Data Protection |
The collection of laws and regulation that applies to the collection, usage, storage, protection and other processing of personal data. This includes data protection, privacy, banking secrecy, electronic communications and confidentiality laws and regulations, and any other applicable laws or regulations to the extent they relate to privacy of personal data. |
Personal Data Protection Act |
The Digital Personal Data Protection Act, 2023 of India. |
Processor |
A natural or legal person, public authority, agency or other entity established by or under written law which processes personal data on behalf of the controller. |
Profiling |
processing of personal data to evaluate, analyse or predict aspects concerning that data subject’s performance at work, economic situation, health, personal preferences, interests, credibility, behaviour, habits, location or movements. |
Pseudonymization |
The processing of personal data in such a manner that the personal data cannot be used to identify a data subject without the use of additional information, and such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to a data subject. |
Recipient |
A natural or legal person, to whom the personal data is disclosed, or a public authority or any incorporated or unincorporated body to which the personal data is disclosed. |
Restriction of Processing |
The marking of stored personal data with the aim of limiting their processing in the future. |
Special Categories of Personal Data |
personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, financial data the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person data concerning health, or data concerning a natural person's sex life or sexual orientation personal data relating to offences, criminal proceedings and convictions, or personal data relating to a child. |
Supervisory Authority |
Independent Authority or division associated with an Authority in India, whose primary purpose and function is to regulate matters related to personal data. |
Third-Party |
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are under the direct authority of the controller or processor, are authorized to process personal data. |