2.1 In this policy:
(a) “appointed person” means the individual primarily responsible for dealing with personal data breaches affecting the company, being the data protection officer of the company;
(b) “data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
(c) “data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
(d) “data subject” means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(e) “personal data” means any information relating to a data subject;
(f) “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the company (including any temporary or permanent loss of control of, or inability to access, personal data); and
(g) “supervisory authority” means the Information Commissioner’s Office of the United Kingdom.