Project or Business Process: Version: Dated: Author:
Personal Data Mapping Diagram Customer name, address and email address Transfer method Description
Customer contact details
Special category
No
Obtained from data subject
Yes
Consent required? Privacy notice Owner
Storage in database
Volume
About 50 a day
Frequency
Web server
Adhoc
Internal or external
Internal
Controls applied
No
Location type Country stored in Encryption level
Privacy Notice 1
Retention period Customer telephone number Telelphone number of the customer
Special category
No
Obtained from data subject
Yes
Consent required?
No
Privacy notice
Privacy Notice 1
Volume Transfer method
Electronic via Internet
Frequency
Adhoc
Internal or external Controls applied
External
Number, expiry and CVC of customer's credit card
Special category
No
Obtained from data subject
Yes
Consent required?
No
Privacy notice
Electronic via Internet About 50 a day
Frequency
About 50 a day Website sale processing
Controls applied
SSL/TLS encryption
Lawful basis
Contractual
Method of consent
Consent not required
Automated decisionmaking?
No Sales and Marketing Manager
Country stored in
Retention period
Transfer method Volume
About 50 a day
Special category
No
Obtained from data subject
Yes
Consent required?
No Privacy Notice 1
None 7 years
Frequency
Review Website
Adhoc External None
Location type Country stored in
API via Internet
Volume
About 50 a day
Frequency Internal or external
UK None
Level of data subject access
None
Access controls
Transfer method
Electronic
Encryption level
Retention period
The IP address of the customer at the time of purchase
UK Encryption at rest
Email via Internet
Controls applied
Process Narrative: The Website Sale process starts with a customer visiting our website, choosing a product and going through checkout. The customer provides contact details and credit card information and their IP address is recorded automatically by the website. Credit card details are checked and stored at the Payment Processor, order details are stored on the Web Server and interfaces send the customer name and email address to a Review Website and a Mailing website for later use.
Electronic
Two factor Access controls authentication for admin accounts
Internal or external
Privacy Notice 1
Customer IP address
Owner
Location type
Level of data subject access
Credit card details
Website sale; receive funds in exchange for product
Copy of sale confirmation email
Description
Payment processor
Encryption level
Purpose of processing
Process owner
External
Sales and Marketing Manager
Privacy notice
7 years
Adhoc
Internal or external
SSL/TLS encryption
Sale via website
Credit card details
Owner
Transfer method
Volume
Sales and Marketing Manager
Description
UK None
Two factor Access controls authentication for admin accounts
Description
Owner
Electronic
Level of data subject Can be updated via access portal
Storage on web server
Sales and Marketing Manager
Website Sale Version 1 [dd/mm/yyyy] A.N. Other
7 years User account and password
Mailing Website
Adhoc External
Controls applied
Sales and Marketing Manager API – Name and email address
None
Location type Country stored in
Electronic UK
Encryption level
None
Level of data subject access
None
Retention period Access controls
7 years Two factor for admin access