A Service is a Controlling Service if it determines the purposes and means of a processing operation.

In practice, the Controlling Service decides what data is to be collected, what will be done with it and why (purpose, legal basis, retention period, transfer etc.).

When different Services define different purposes or means for the same processing operation, each Service will be a Controlling Service for the part of the processing it has defined.

When purposes and means are determined jointly by two or more Service, these Services will be Joint Controlling Services.

A Data Controller is CERN or an External Entity that, alone or jointly with others, determines the purposes and means of the processing of personal data.

In practice, the Data Controller decides why personal data is collected and how it is processed (e.g. purpose, legal basis, retention period, transfers).

CERN is the Data Controller for the processing of personal data falling within the scope of OC 11 where it determines such purposes and means.

When personal data is processed by an External Entity acting as a data controller, that entity is independently responsible for ensuring compliance with the legal framework applicable to it (e.g. the GDPR for an EU-based commercial entity), including that the processing is lawful, fair, transparent, proportionate, accurate, secure and limited to what is necessary for the stated purpose.

N.B.: Within CERN, the concept of a Data Controller should not be confused with that of a Controlling Service. The Controlling Service is an internal CERN function responsible for determining the purposes and means of a specific data processing operation. By contrast, the Data Controller is a broader legal concept that applies to CERN in its external relations.
In short, while the Controlling Service relates to CERN’s internal organisational responsibilities, the Data Controller refers to CERN’s role under applicable data protection frameworks.

A Data Processor is CERN or an External Entity that processes personal data on behalf of a Data Controller.

The Data Processor does not decide why the data is processed. It acts only according to the instructions of the Data Controller and does not make independent decisions about the personal data it processes.

CERN itself can act as a Data Processor, for example when providing platforms such as Zenodo or Indico to external users. In such cases, it is the external user who determines the purpose of the processing; CERN's role is limited to providing and operating the technical means through which that processing takes place.

When an External Entity acts as a Data Processor on CERN's behalf, CERN will only engage entities that provide sufficient guarantees that they will implement appropriate technical and organisational measures to ensure the processing meets requirements comparable to those of OC 11. The relationship must be governed by a written arrangement specifying, among other things, the subject matter, nature, purpose and duration of the processing, the categories of personal data and data subjects involved, and the obligations of both parties.

N.B.: Within CERN, the concept of a Data Processor should not be confused with that of a Processing Service. The Processing Service is an internal CERN function that processes personal data solely on behalf of a Controlling Service. By contrast, the Data Processor is a broader legal concept that applies to CERN in its external relations.
In short, while the Processing Service relates to CERN’s internal organisational responsibilities, the Data Processor refers to CERN’s role under applicable data protection frameworks.

An natural person - living or dead - whose personal data is subject to processing.

External entities are any natural (an individual) or legal persons (organisations or companies) operating outside CERN's structure.

Where two or more Data Controllers jointly determine the purposes and means of a processing operation, they are Joint (Data) Controllers. Joint controllership is determined by whether each party genuinely influences the decisions about why and how personal data is processed, not by how the parties choose to label or structure their relationship.

Joint Controllers must set out, by means of a formal arrangement, their respective responsibilities (e.g. how to respond to data subject rights requests and how data subjects will be informed of those responsibilities).

A Service is a Processing Service if it processes Personal Data solely on behalf of a Controlling Service.

It carries out the processing as instructed by the Controlling Service and does not take any initiative in defining or changing its purposes or means.

A Processing Service may become a Controlling Service if it decides to process the data in ways that go beyond or differ from the instructions given by the Controlling Service.

A Service can act as both Controlling and Processing Service for different processing operations.

For the purposes of CERN's data protection framework, a Service denotes one or more activities involving the processing of personal data for the benefit of the Organization.

A Service does not necessarily correspond to an organic unit or a functional area.

A Service is a

• Controlling Service if it determines the purposes and means of a processing operation, or a

• Processing Service if it processes personal data solely on behalf of the Controlling Service.

A Service Owner is the person accountable for the processing of Personal Data by their Service.