Project or Business Process: Version: Dated: Author:
Personal Data Analysis Diagram Customer name, address and email address Transfer method Description
Customer contact details
Special category
No
Obtained from data subject
Yes
Consent required?
No
Privacy notice Owner
Storage in database
Volume
About 50 a day
Frequency
Internal
Controls applied
Obtained from data subject
Yes
Consent required?
No
Sales and Marketing Manager
Number, expiry and CVC of customer's credit card No
Obtained from data subject
Yes
Consent required?
No
Owner
Volume Transfer method
Electronic via Internet
Frequency
Adhoc
Internal or external Controls applied
External
Electronic via Internet About 50 a day
Frequency
About 50 a day
Website sale processing
Controls applied
SSL/TLS encryption
Lawful basis
Contractual
Method of consent
Consent not required
Automated decisionmaking?
No Sales and Marketing Manager
Germany
Transfer method Volume
Email via Internet About 50 a day
Frequency
The IP address of the customer at the time of purchase No
Obtained from data subject
Yes
Consent required?
No Privacy Notice 1
None 7 years
Review Website
Adhoc External
Controls applied
Process Narrative: The Website Sale process starts with a customer visiting our website, choosing a product and going through checkout. The customer provides contact details and credit card information and their IP address is recorded automatically by the website. Credit card details are checked and stored at the Payment Processor, order details are stored on the Web Server and interfaces send the customer name and email address to a Review Website and a Mailing website for later use.
Encryption at rest
Two factor Access controls authentication for admin accounts
None
Location type
Electronic
Country stored in
Germany
Encryption level
None
Level of data subject access
None
Retention period
Special category
Owner
Electronic
Country stored in
Retention period
Internal or external
Privacy Notice 1
Customer IP address
Location type
Level of data subject access
Credit card details
Website sale; receive funds in exchange for product
Copy of sale confirmation email
Privacy notice
7 years
Payment processor
Encryption level
Purpose of processing
Process owner
External
Sales and Marketing Manager
Description
None
Adhoc
Internal or external
SSL/TLS encryption
Sale via website
Credit card details
Privacy notice
Transfer method
Volume Privacy Notice 1
Special category
Germany
Two factor Access controls authentication for admin accounts
No
Description
Country stored in
Retention period
Special category
Owner
Electronic
Level of data subject Can be updated via access portal
Storage on web server
Telelphone number of the customer
Privacy notice
Location type
Encryption level
Privacy Notice 1
Customer telephone number Description
Web server
Adhoc
Internal or external
Sales and Marketing Manager
Website Sale Version 1 [dd/mm/yyyy] A.N. Other
Access controls
Transfer method
API via Internet
Volume
About 50 a day
Frequency Internal or external
Adhoc External
Controls applied
Sales and Marketing Manager API – Name and email address
None
7 years User account and password
Mailing Website Location type
Electronic
Country stored in
France
Encryption level
None
Level of data subject access
None
Retention period Access controls
7 years Two factor for admin access