Sign in

General privacy and data protection terms

Data controller

The company in question that “owns” the customer personal data i.e. determines the purposes and means of processing of customer personal data and is usually a party having contractual relationship with the customer. The controller is responsible for complying with the applicable laws.

Data processor

A separate legal entity with respect to the controller that processes personal data on behalf of the controller e.g. a supplier or outsourcing partner of the company that processes customer personal data on behalf of another company.

Data sub-processor

A sub-contractor or provider engaged by the data processor, or by another sub-processor, for further processing of personal data on behalf of the data controller.

Data recipient

Means a person or entity to which the personal data are disclosed, whether a third party or not.

Data subject

The natural person (customer or user) to whom personal data relates to or is about.

Data Groups

Data groups represent overarching business objects that contain one or more data objects. Data groups defines a group of data objects that are accessed by your service, contains personal data and is subject for one or several processing purposes.

Data transfer

Transferring personal data to a processor to be processed on behalf of a company. Transfer can occur even though personal data is not physically transferred to processor (e.g. to processors database), but when a processor has been granted an access to personal data (e.g. to a system or database located in the company’s premises).

Personal data

Information about a living individual who can be identified from that information or from other information that is in, or is likely to come into, the possession of the Data Controller


Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Sensitive personal data

Any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, committed or allegedly committed offences, criminal proceedings and the processing of data concerning health or sex life.

Other terms and definitions used in this documentation

IDP or IdP

An identity provider (abbreviated IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network. An identity provider offers user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity. An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”


Ü, pronounced you (/juː/), is the name and brand of our identity and privacy platform. Ü is the “face” of Trust as a Service, the user focused part, where all contextual dialogues and interactions with the end-user happens.

TaaS or Trust as a Service

Trust as a Service (TaaS) is mainly our internal name for the identity and privacy services platform.


DivisionX Privacy Services, abbreviated as DPS, is the service described in this documentation. It is also what Ü privacy functionality is built around.


OpenID Connect standard (


OAuth 2.0 standard (


General data protection regulation. New privacy regulation coming into effect on may 2018. ( Also referred to as Great Destroyer of Product Roadmaps…


An application that uses or intends to use/integrate/access Ü identity and privacy services. A client has credentials that are required for accessing DPS APIs.