Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-026 Product requirements for US market
    • GP-027 Product requirements for UK market
    • GP-028 Product requirements for the Brazilian market
    • GP-050 Data Protection
      • Templates
        • Standard clauses
        • T-050-001 Record of Processing activities (ROPA)
        • T-050-003 Data access key
      • Specific procedures
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • GP-050 Data Protection
  • Templates
  • T-050-001 Record of Processing activities (ROPA)

T-050-001 Record of Processing activities (ROPA)

Purpose​

In accordance with article 30.2 of Regulation (EU) 2016/679, of April 27, 2016 (GDPR), we must create and keep updated a registry of the treatment activities carried out under our responsibility. To that effect, we conduct a formal, documented, comprehensive and accurate record of processing activities based on a data mapping exercise that is reviewed regularly.

Procesing activities​

In the following table, you can find a full list of our processing activities:

CodeNameDescriptionWe areSystemCategory

Identification of involved parties​

We are​

Our identifying information
Company name
Trademark
NIF
Activity
Address
Telephone
Email
Web
Legal representative

Our DPO is​

Identifying data of our DPO
Company name
Address
ID
Phone
Email
Website

Code of each activity​

Code
Name
We are
Description
Source of the data
Purposes
Interested parties
Identifying data
Special or criminal data categories
Other type of data
Transfer to 3rd parties
International transfers
Deadlines planned for data suppression
General description of technical and organizational security measures
Risk of processing
Lawfulness (legitimization of processing)

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
Release of image rights
Next
T-050-003 Data access key
  • Purpose
  • Procesing activities
  • Identification of involved parties
    • We are
    • Our DPO is
  • Code of each activity
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)