"Elior Group" means the company Elior Group and all companies that, within the meaning of Article L233-3 of the French Commercial Code,
(i) are under the direct or indirect control of the company Elior Group, or, (ii) are, directly or indirectly, under common control with the company Elior Group;

"Data of a personal nature", "Personal data" or "PD"means any information relating to an identified or identifiable natural person (hereinafter “data subject”); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Controller " means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 

"Processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Business needs manager" means the employee within the Elior Group, who defines the business needs and the processing objectives (project management), for each data processing task identified within the Elior Group;

"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether or not this recipient is outside the Elior Group (third party). However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

"Data protection impact assessment" or "DPIA" means that the controller shall, prior to any processing task that may give rise to a high risk to the rights and freedoms of natural persons, in particular through the use of new technologies, perform an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may relate to a set of similar high risk treatment operations.