For the purposes of this Decision, the following definitions shall apply:

1. (1)

   ‘controller’ means the ECB, and in particular the organisational unit of the ECB, which, alone or jointly with others, determines the purposes and means of the processing of personal data;

2. (2)

   ‘data protection coordinator’ means an ECB member of staff who assists the controller and the DPO in fulfilling their tasks and responsibilities pursuant to Regulation (EU) 2018/1725 and this Decision;

3. (3)

   ‘data subject’ means an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

4. (4)

   ‘processing’ means processing as defined in point (3) of Article 3 of Regulation (EU) 2018/1725;

5. (5)

   ‘Union institutions and bodies’ means Union institutions and bodies as defined in point (10) of Article 3 of Regulation (EU) 2018/1725;

6. (6)

   ‘processor’ means processor as defined in point (12) of Article 3 of Regulation (EU) 2018/1725;

7. (7)

   ‘personal data’ means personal data as defined in point (1) of Article 3 of Regulation (EU) 2018/1725;

8. (8)

   ‘consent’ means consent as defined in point (15) of Article 3 of Regulation (EU) 2018/1725.