unilever Logo

Privacy Key Terms

Below is a list of recurring terms in Unilever’s privacy notices and procedures.

Glossary

Key Term

Definition

 

 

 

Anonymisation

The process of permanently removing any personal identifiers from personal data, so that the individuals whom the data describe remain anonymous. This is done for the purpose of protecting individuals’ private activities while maintaining the integrity of the data gathered and shared.

 

Behavioural Advertising

The act of tracking users’ online activities and then delivering ads or recommendations based upon the tracked  activities.

 

 

 

 

Binding Corporate Rules (BCRs)

Personal data protection policies which are adhered to by a controller or processor for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.

 

 

 

Biometric Data

Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, including facial images or dactyloscopy data or iris related data.

 

Chief Privacy Officer

 

The individual appointed by Unilever globally to carry out certain responsibilities and functions in respect of privacy and data protection.

 

 

Consent

Any freely given, specific, informed and unambiguous indication by way of a written declaration or an affirmative action signifying a data subject’s agreement to the processing of personal data relating to him.

 

 

Cookies

A small text file stored on a user machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session.

 

 

Data Controller

Any natural or legal person, public authority, non-governmental organization, agency or any other body or entity which alone or jointly with others  determines the purposes and means of the processing of personal data.

Data Processing

Any operation performed on personal data, including but not limited to collection, storage, preservation, alteration, retrieval, disclosure, transmission, making available, erasure, destruction of, consultation, alignment, combination, or the carrying out of logical or arithmetical operations on personal data.  

Data Protection Authority

The designated regulatory body established under the Personal Data Protection Act.

 

Data Protection Officer

The individual appointed by Unilever locally to carry out certain responsibilities and functions in respect of privacy and data protection.

Data Retention


The policies and processes used within Unilever for determining the time period for archiving and storing of personal data.

Data Subject

An identified or identifiable natural person, alive or deceased, to whom the personal data relates.

Direct Marketing

A form of advertising in which companies provide physical marketing materials to consumers to communicate information about a product or service.

 

 

Encryption

The method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key

Financial data

any alpha-numeric identifier or other personal data which can identify an account opened by a data subject, or card or payment instrument issued by a financial institution to a data subject or any personal data regarding the relationship between a financial institution and a data subject, financial status and credit history relating to such data subjects, including data relating to remuneration.

 

 

 

 

Genetic Data

Personal data relating to the genetic characteristics of a natural  person which gives unique information about    the physiology or the health of that natural person and which results, from an analysis of a biological sample or bodily fluid of that natural person.

 

 

Health Data

Personal data related to the physical or psychological health of a natural person, which includes  any information that indicates his health situation or status.

Identifiable natural person

a natural person who can be identified, directly or indirectly, by reference to any personal data

 

 

International Organisation

An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

 

 

IP Address

A unique address that identifies a device on the Internet or a local network and which allows a system to be recognized by other systems connected via the Internet protocol.

 

 

 

Online Behavioural Advertising

Websites or online advertising services that engage in the tracking or analysis of, e.g., search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, and offer advertising based on that tracking.

Personal Data

Any information that can identify a data subject directly or indirectly by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological , economic, cultural or   social identity of that individual or natural person.

 

 

 

Personal Data Breach

Any act or omission that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed..

 

 

 

 

Privacy and Data Protection

The collection of laws and regulation that applies to the collection, usage, storage, protection and other processing of personal data. This includes data protection, privacy, banking secrecy, electronic communications and confidentiality laws and regulations, and any other applicable laws or regulations to the extent they relate to privacy of personal data.

Personal Data Protection Act

The Personal Data Protection Act of Sri Lanka.

 

 

Processor

A natural or legal person, public authority, agency or other entity established by or under written law which processes personal data on behalf of the controller.

 

 

 

 

 

Profiling

processing of personal data to evaluate, analyse or predict aspects concerning that data subject’s performance at work, economic situation, health, personal preferences, interests, credibility, behaviour, habits, location or movements.

Pseudonymization  

 

The processing of personal data in such a manner that the personal data cannot be used to identify a data subject without the use of additional information, and such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to a data subject.

 

Recipient

A natural or legal person, to whom the personal data is disclosed, or a public authority or any incorporated or unincorporated body to which the personal data is disclosed.

 

Restriction of Processing

The marking of stored personal data with the aim of limiting their processing in the future.

 

 

 

Special Categories of Personal Data

personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, financial data the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person data concerning health, or data concerning a natural person's sex life or sexual orientation personal data relating to offences, criminal proceedings and convictions, or personal data relating to a child;.

 

 

Supervisory Authority

Independent Authority or division associated with an Authority in any relevant        jurisdiction, whose primary purpose and function is to regulate matters related to personal data.

Third-Party   

A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are under the direct authority of the controller or processor, are authorized to process personal data