This is an example of a record of processing activities "Website", taken from the PrivacyDocs demo. A similar report may be generated from PrivacyDocs using the 'Reports' function.
| Field | Value | Notes |
|---|---|---|
| Processing name | Website | Short but descriptive internal name |
| Status | Review | Record status |
| Responsible person | Ms. Marketeer Sr. | Business responsible, typically leading the responsible department (for internal administration) |
| Last review | 2024-11-01 | The date when the record was reviewed last time |
| Responsible department | Marketing | Department that owns the process (for internal administration) |
| Contact person | Mr. Marketeer Jr. | |
| Last update | 2024-12-04 | Automatically calculated date of the latest record modification |
| Next review | 2025-11-03 | |
| Controller | My Company, LLC | Controller name |
| Recipients | Selected employees | Recipients of personal data processed in the activity |
| Retention | 6 months (Website logs) | Data retention periods and rules used to determine these retention periods |
| TIA(s) | Transfer Impact Assessment (TIA), recommended when personal data is exported outside the EU during the processing | |
| Security measures | Security measures applicable, or specific, to the processing | |
| JCA | The essence of the Joint Controllership Agreement to be made available to data subjects (GDPR Article 26 (2)) | |
| Joint controllers | Analytics Inc. | Joint controllers for the activity, if any |
| Purposes | Promotion | Purposes of processing to be achieved by the activity |
| Personal data | Contact details, Web browsing history | Personal data (categories) processed by the activity |
| Legal basis | Legitimate interest website | Your company-specific legal basis used to legitimate the processing |
| Description | Operating the website, including product and service search, up to making a purchase. | Description of the activity, understandable and made accessible to the data subjects |
| Data subjects | Anonymous web visitors | Data subjects, whose data is processed in the activity |
| Filing systems | Web logs, Website database | Spreadsheets, paper files, databases, other systems where personal data is stored, shared, and made accessible by personal characteristics such as name, email, employee number, etc |
| DPIA(s) | References to the DPIA conducted regarding this processing activity | |
| Review schedule | Annually | Review schedule in days past last review |
| Risks | Risk criteria for the processing; with two or more criteria you need to conduct a DPIA | |
| Rights | Be informed | Rights de-facto provided to individuals on this activity |
| Source of data | Individuals | The origin from which personal data is obtained |
| Processors | Website Hosting LLC | Processors involved in the activity |
| Contractual | Is that a statutory or contractual requirement to the data subject? | |
| Notes | Notes by the privacy team | |
| Transfers | Transfers of personal data outside the EU in the course of the activity |
This record is made to demonstrate how it may look like on PrivacyDocs and to inspire you. It should not be copied into your regiater of personal data processing activities, and not perceived as any kind of recommendation or advise.