I – Legal & GDPR Terms

Personal data

Any information relating to an identified or identifiable natural person, such as a name, identification number, location data, an online identifier (e.g. cookie ID) or factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

Processing

Any operation or series of operations performed on personal data—whether or not by automated means—including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure or destruction.

Controller (Responsible)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data under the GDPR.

Consent

A freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data (Art. 4 (11) GDPR).

Data subject rights

Rights under the GDPR including:

Access (Art. 15): confirm whether data is being processed and obtain a copy.

Rectification (Art. 16): correct inaccurate or incomplete data.

Erasure (Art. 17): request deletion (“right to be forgotten”).

Restriction (Art. 18): limit processing in certain cases.

Data portability (Art. 20): receive personal data in a structured, machine‑readable format.

Objection (Art. 21): object to processing based on legitimate interests or direct marketing.

Withdrawal: revoke consent at any time (without affecting lawfulness of prior processing).

Legitimate interests

A lawful basis for processing (Art. 6 (1)(f) GDPR) when processing is necessary for the controller’s or a third party’s interests, provided those interests do not override the rights and freedoms of the data subject.

Legal obligation

Processing necessary to comply with a legal requirement to which the controller is subject (Art. 6 (1)(c) GDPR).

Contract performance

Processing necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject’s request before entering into a contract (Art. 6 (1)(b) GDPR).

II – Marketing Terms

Tracking

The collection of user behavior data across one or more online properties (websites, apps) using cookies, web beacons or similar technologies to build a profile of interests, visits and interactions.

Profiling

Automated analysis or prediction of personal aspects—such as preferences, interests or behavior—based on personal data, in order to tailor content, offers or advertisements.

Conversion measurement

Also called Conversion Tracking or Visit Campaign Evaluation: placing an identifier (cookie or pixel) when an ad is viewed or clicked, then detecting and attributing a target action (e.g. purchase, sign‑up) on the website to measure campaign effectiveness.

Reach measurement (Web analytics)

Evaluating visitor flows, page views, session durations and other usage statistics on an online offer, often using pseudonymous cookies or tracking pixels to recognize returning users and optimize content.

Remarketing (Retargeting)

Serving advertisements to users based on their past interactions—such as viewed products or pages—by storing interest data in cookies or identifiers and displaying ads on other sites to re‑engage potential customers.

Cross‑device tracking

Linking a single user’s behavior across multiple devices (smartphone, tablet, desktop) via a persistent online identifier, enabling unified marketing profiles regardless of device or browser used.

Interest‑based and behavioral marketing

Targeting content or ads to users based on inferred interests and behaviors—derived from past online interactions (e.g. pages viewed, time spent, clicks)—stored in user profiles to deliver more relevant messaging.

Target group formation (Custom Audiences)

Creating audience segments for advertising based on shared characteristics or behaviors (e.g. demographics, past purchases) by matching hashed identifiers or cookies with advertising platforms.

III – Technical Terms

Cookie

A small text file stored on a user’s device by a website, containing data such as language preference, session ID or tracking identifiers. Cookies can be first‑party (set by the visited site) or third‑party (set by external services).

Web beacon (Pixel tag)

A tiny, invisible image or snippet of code embedded in emails or web pages that, when loaded, notifies a server of user actions (e.g. email opens, page visits) for analytics or marketing measurement.

IP masking (Pseudonymization)

A privacy technique that removes or truncates parts of an IP address (e.g. the last octet) before storage or processing, preventing unique identification while retaining approximate geolocation data.

Pseudonymization

Processing personal data so that it can no longer be attributed to a specific data subject without additional information, which is kept separately and securely.

Encryption

Transforming data into a secure format that can only be read with the correct decryption key, ensuring confidentiality during storage or transmission.

Server log

A file maintained by a web server that records requests made to the server, including timestamps, requested URLs, IP addresses, user agents (browser info) and referrer URLs, used for security, troubleshooting and analytics.

Data minimization

The principle of collecting only the personal data strictly necessary to achieve a specific processing purpose, and retaining it only as long as needed.

Data protection by design and by default

Integrating data protection principles into system design and ensuring that, by default, only necessary personal data is processed and stored.