Terms and definitions

<< Click to Display Table of Contents >>

Navigation:  Automation Service Overview > Security and compliance > Regulatory compliance > GDPR Compliance > GDPR compliance with in the Work Portal >

Terms and definitions

Data Controller: The entity that determines the purposes, conditions and means of the processing of personal and sensitive data. In the scope of this document, it is you as a customer, who uses Bizagi to produce processes for your organization.  

Data Processor: The entity that processes data on behalf of the Data Controller. Customers using Bizagi on-premises, are both the Data Processor and the Data Controller. On the other hand, for customers using Bizagi in the cloud (i.e, Automation Service), Bizagi Ltd becomes the Data Processor.

Data Subject: A natural person whose personal data is processed by a Data Controller or a Data Processor. In the scope of this document, Data Subjects are both: the end users working on the processes of your organization (i.e., usually employees), and other individuals whose personal data are involved in those processes (e.g., a contractor's or vendor's contacts, users/customers or health care patients, etc).  

End users: Refers solely to those users who work on the process applications, as available in Bizagi Work portal.

Personal data: Means any information relating to a Data Subject as an identifiable natural person. Sensitive data can be seen as a special category for personal data, which still needs to be accessed, processed, stored, protected and managed adequately.

Identifiable natural person: One who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.