Project or Business Process: Version: Dated: Author:
Personal Data Analysis Diagram Customer name, address and email address Transfer method Description
Customer contact details
Special category
No
Obtained from data subject
Yes
Consent required?
No
Privacy notice Owner
Storage in database
Volume
About 50 a day
Frequency
Internal
Controls applied
Obtained from data subject
Yes
Consent required?
No
Sales and Marketing Manager
Number, expiry and CVC of customer's credit card No
Obtained from data subject
Yes
Consent required?
No
Owner
Volume Transfer method
Electronic via Internet
Frequency
Adhoc
Internal or external Controls applied
External
Electronic via Internet About 50 a day
Frequency
About 50 a day
Website sale processing
Controls applied
SSL/TLS encryption
Lawful basis
Contractual
Method of consent
Consent not required
Automated decisionmaking?
No Sales and Marketing Manager
Germany
Transfer method Volume
Email via Internet About 50 a day
Frequency
The IP address of the customer at the time of purchase No
Obtained from data subject
Yes
Consent required?
No Privacy Notice 1
None 7 years
Review Website
Adhoc External
Controls applied
Process Narrative: The Website Sale process starts with a customer visiting our website, choosing a product and going through checkout. The customer provides contact details and credit card information and their IP address is recorded automatically by the website. Credit card details are checked and stored at the Payment Processor, order details are stored on the Web Server and interfaces send the customer name and email address to a Review Website and a Mailing website for later use.
Encryption at rest
Two factor Access controls authentication for admin accounts
None
Location type
Electronic
Country stored in
Germany
Encryption level
None
Level of data subject access
None
Retention period
Special category
Owner
Electronic
Country stored in
Retention period
Internal or external
Privacy Notice 1
Customer IP address
Location type
Level of data subject access
Credit card details
Website sale; receive funds in exchange for product
Copy of sale confirmation email
Privacy notice
7 years
Payment processor
Encryption level
Purpose of processing
Process owner
External
Sales and Marketing Manager
Description
None
Adhoc
Internal or external
SSL/TLS encryption
Sale via website
Credit card details
Privacy notice
Transfer method
Volume Privacy Notice 1
Special category
Germany
Two factor Access controls authentication for admin accounts
No
Description
Country stored in
Retention period
Special category
Owner
Electronic
Level of data subject Can be updated via access portal
Storage on web server
Telelphone number of the customer
Privacy notice
Location type
Encryption level
Privacy Notice 1
Customer telephone number Description
Web server
Adhoc
Internal or external
Sales and Marketing Manager
Website Sale Version 1 [dd/mm/yyyy] A.N. Other
Access controls
Transfer method
API via Internet
Volume
About 50 a day
Frequency Internal or external
Adhoc External
Controls applied
Sales and Marketing Manager API – Name and email address
None
7 years User account and password
Mailing Website Location type
Electronic
Country stored in
France
Encryption level
None
Level of data subject access
None
Retention period Access controls
7 years Two factor for admin access
Personal Data Analysis Diagram
Project or Business Process: Version: Dated: Author:
Transfer method
Extract from database
Volume
200 a week
Frequency
Daily
Internal or external
Review Website Location type Country stored in
UK
Level of data subject access
None
Access controls
Not known
7 years User account and password
Post-sale review request
Information retrieval
Electronic
None
Retention period
External
Controls applied
Encryption level
Post-sale review request Version 1 [dd/mm/yyyy] A.N. Other
Purpose of processing
Lawful basis Method of consent
Customer name and email address Description
Automated decisionmaking?
Customer contact details
Special category
No
Obtained from data subject
Yes
Consent required? Privacy notice Owner
Process owner
Email the customer to ask them to submit a review of the product Consent Tickbox at checkout No
Sales and Marketing Manager
Yes Privacy Notice 1
Sales and Marketing Manager
Process Narrative: Customer name and email address are stored on the Review Website and used to send an automated request to the customer to submit a review of the product they have purchased. If submitted, the review is stored on the Review Website and will be accessible publicly.
Personal Data Analysis Templates [Personal data item name(s)] Description
0
Owner
0
Privacy notice
0
Transfer method
0
Volume
0
Internal or external
0
Controls applied
0
Frequency
0
Special category? Obtained from data subject?
0
Consent required?
0
[Transfer name]
[Processing] Purpose of processing
0
Lawful basis Automated decisionmaking?
0
Process owner
0
Method of consent
0
Transfer method
0
Volume
0
Internal or external
0
Controls applied
0
Frequency
0
[Transfer name]
Instructions:
[Storage location] Location type
0
Level of data subject access
0
Country stored in
0
Retention period
0
Encryption level
0
Access controls
0
Copy and paste the appropriate objects on this page onto a new tab (one per business process) in order to create representations of the flow of personal data. To enter shape data, first ensure that the Shape Data task pane is shown by visiting the View ribbon, clicking on Task Panes and selecting Shape Data. Data can be entered by clicking on the shape and typing data directly into the Shape Data box that will be displayed.