T-050-001 Record of Processing activities (ROPA)
Purpose
In accordance with article 30.2 of Regulation (EU) 2016/679, of April 27, 2016 (GDPR), we must create and keep updated a registry of the treatment activities carried out under our responsibility. To that effect, we conduct a formal, documented, comprehensive and accurate record of processing activities based on a data mapping exercise that is reviewed regularly.
Procesing activities
In the following table, you can find a full list of our processing activities:
| Code | Name | Description | We are | System | Category |
|---|---|---|---|---|---|
Identification of involved parties
We are
| Our identifying information | |
|---|---|
| Company name | |
| Trademark | |
| NIF | |
| Activity | |
| Address | |
| Telephone | |
| Web | |
| Legal representative |
Our DPO is
| Identifying data of our DPO | |
|---|---|
| Company name | |
| Address | |
| ID | |
| Phone | |
| Website |
Code of each activity
| Code | |
|---|---|
| Name | |
| We are | |
| Description | |
| Source of the data | |
| Purposes | |
| Interested parties | |
| Identifying data | |
| Special or criminal data categories | |
| Other type of data | |
| Transfer to 3rd parties | |
| International transfers | |
| Deadlines planned for data suppression | |
| General description of technical and organizational security measures | |
| Risk of processing | |
| Lawfulness (legitimization of processing) |
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003, JD-004
- Approver: JD-001