For the purpose of implementing this Law, the following terms shall have the meanings assigned thereto, unless the context requires otherwise:

1. Law: The Personal Data Protection Law.
   
   
2. Regulations: The Implementing Regulations of the Law.
   
   
3. Competent Authority: The authority to be determined by a resolution of the Council of Ministers.
   
   
4. Personal Data: Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.
   
   
5. Processing: Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.
   
   
6. Collection: The collection of Personal Data by Controller in accordance with the provisions of this Law, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject or any other party.
   
   
7. Destruction: Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.
   
   
8. Disclosure: Enabling any person – other than the Controller or the Processor, as the case may be – to access, collect or use personal data by any means and for any purpose.
   
   
9. Transfer: The transfer of Personal Data from one place to another for Processing.
   
   
10. Publishing: Transmitting or making available any Personal Data using any written, audio or visual means.
    
    
11. Sensitive Data: Personal Data revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.
    
    
12. Genetic Data: Any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data.
    
    
13. Health Data: Any Personal Data related to an individual’s health condition, whether their physical, mental or psychological conditions, or related to Health Services received by that
    individual.
    
    
14. Health Services: Services related to the health of an individual, including preventive, curative, rehabilitative and hospitalizing services, as well as the provision of medications.
    
    
15. Credit Data: Any Personal Data related to an individual’s request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.
    
    
16. Data Subject: The individual to whom the Personal Data relate.
    
    
17. Public Entity: Any ministry, department, public institution or public authority, any independent public entity in the Kingdom, or any affiliated entity therewith.
    
    
18. Controller: Any Public Entity, natural person or private legal person that specifies the purpose and manner of Processing Personal Data, whether the data is processed by that Controller or by the Processor.
    
    
19. Processor: Any Public Entity, natural person or private legal person that processes Personal Data for the benefit and on behalf of the Controller.