Name |
Target |
Containment |
Cardinality |
Opposite |
Description |
information |
Information
|
Yes |
* |
|
Reference(s) to the information the purpose pertains to. |
purposeForUseDirectProcessing |
InformationUse
|
Yes |
* |
|
Reference(s) to the "direct" information use purpose(s), i.e. the purposes the privacy-relevant information is originally collected and used for. "Direct" also means that - in situations where explicit consent by data subjects is required - the data subject explicitly (i.e. directly) consented to those information use purposes. |
purposeForUseFurtherProcessing |
InformationUse
|
Yes |
* |
|
Reference(s) to the "further" information use purpose(s), i.e. the purposes the privacy-relevant information is not originally collected and used for. In other words, the data subject did not explicitly (i.e. directly) consent to those information use purposes. Examples of lawful further processing would be the transfer of information to 3rd parties for processing, processing for service provisioning (e.g. of a website), analytics etc., as long as the further proessing is in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed. |
purposeUseTermination |
InformationUseTermination
|
Yes |
* |
|
Reference(s) to the termination of information use purpose(s), i.e. when the purpose is over. This can either be pre-determined (e.g. some purpose is limited by a set time window), can be dependent on certain events happening (e.g. related task completes), can be dependent on the event that the data subject explicitly withdraws consent etc. This is related to the concept of "retention policy", which states what information is to be kept or deleted and when. Note that there is often a difference between stopping the processing (i.e. use) of collected privacy-relevant information, and the actual deletion of that information. In many jurisdictions, deletion after the termination of the information use purpose(s) does not appear to be a requirement (cf. e.g. right to be forgotten), as long as the processing stops. For example, Facebook does not appear to delete any information even if users delete their profiles. |