Project or Business Process: Version: Dated: Author:
Personal Data Analysis Diagram Customer name, address and email address Transfer method Description
Customer contact details
Special category
No
Obtained from data subject
Yes
Consent required?
No
Privacy notice Owner
Storage in database
Volume
About 50 a day
Frequency
Adhoc
Internal or external
Internal
Controls applied
Privacy Notice 1
Special category
No
Obtained from data subject
Yes
Consent required?
No
Owner
Privacy Notice 1
Number, expiry and CVC of customer's credit card No
Obtained from data subject
Yes
Consent required?
No
Privacy notice Owner
Volume Transfer method
Electronic via Internet
Frequency
Adhoc
Internal or external Controls applied
External
Electronic via Internet About 50 a day
Frequency
About 50 a day
Controls applied
Purpose of processing
Contractual
Method of consent
Consent not required
Automated decisionmaking? Process owner
No Sales and Marketing Manager
Privacy Notice 1
SSL/TLS encryption
Customer IP address The IP address of the customer at the time of purchase
Special category
No
Obtained from data subject
Yes
Consent required?
No
Owner
Encryption level
None
7 years
Privacy Notice 1
Process Narrative: The Website Sale process starts with a customer visiting our website, choosing a product and going through checkout. The customer provides contact details and credit card information and their IP address is recorded automatically by the website. Credit card details are checked and stored at the Payment Processor, order details are stored on the Web Server and interfaces send the customer name and email address to a Review Website and a Mailing website for later use.
Payment processor Location type
Electronic
Country stored in
Germany
Encryption level
Encryption at rest
Retention period
None 7 years
Two factor Access controls authentication for admin accounts
Transfer method Volume
Email via Internet About 50 a day
Frequency
External
Controls applied
None
Transfer method
API via Internet
Volume
About 50 a day
Frequency
Review Website
Adhoc
Internal or external
Copy of sale confirmation email
Privacy notice
Germany
Level of data subject access
Credit card details
Website sale; receive funds in exchange for product
Lawful basis
External
Sales and Marketing Manager
Description
Country stored in
Adhoc
Internal or external
Website sale processing
SSL/TLS encryption
Sale via website
Credit card details
Special category
Transfer method
Volume
Sales and Marketing Manager
Description
Electronic
Two factor Access controls authentication for admin accounts
Telelphone number of the customer
Privacy notice
Location type
Retention period
Customer telephone number Description
Web server
Level of data subject Can be updated via access portal
Storage on web server
Sales and Marketing Manager
Website Sale Version 1 [dd/mm/yyyy] A.N. Other
Adhoc
Internal or external
External
Controls applied
None
Sales and Marketing Manager API – Name and email address
Location type
Electronic
Country stored in
Germany
Encryption level
None
Level of data subject access
None
Retention period
7 years
Access controls
User account and password
Mailing Website Location type
Electronic
Country stored in
France
Encryption level
None
Level of data subject access
None
Retention period
7 years
Access controls
Two factor for admin access