{# Pre-built Tailwind bundle + project custom styles. Replaces the old cdn.tailwindcss.com script so we can drop 'unsafe-inline' from the CSP. Rebuild with `.venv/bin/tailwindcss -i tailwind_src/input.css -o static/css/app.css --minify`. #}
C
Fill in the sidebar to personalise, or scroll down to read the raw template (placeholders shown as {{ ORG_NAME }}). 
# Record of Processing Activities β€” {{ ORG_NAME }}

**Effective date:** {{ EFFECTIVE_DATE }}
**Owner:** Data protection contact, **{{ CONTACT_EMAIL }}**

A ROPA is the central register that tells regulators, auditors, and our
own team **what personal data we process, why, and how it is protected**.
Every controller-side processing activity must appear here. Update the
register whenever a new activity is added, changed, or retired.

## How to use this register

1. Each row describes **one processing activity** (e.g. "Customer
   onboarding", "Newsletter delivery", "Recruitment").
2. Reviews happen at least once per year and after any major service
   change.
3. The register itself is internal β€” share extracts with regulators or
   auditors on request.

## Register

| # | Activity | Purpose | Lawful basis | Categories of data | Categories of subjects | Recipients / processors | Retention | International transfers | Security measures |
|---|---|---|---|---|---|---|---|---|---|
| 1 | _Customer onboarding_ | Verify identity, create account | Contract | Name, email, phone, ID document | Customers | KYC processor (DPA in place) | While account active + {{ RETENTION_DEFAULT }} days | None | TLS, encrypted at rest, RBAC, audit log |
| 2 | _Support enquiries_ | Answer questions, resolve issues | Legitimate interest | Email, message body, account ID | Customers, prospects | Helpdesk SaaS (DPA in place) | 12 months | If processor is outside {{ JURISDICTION }}, SCCs in place | TLS, restricted-access mailbox |
| 3 | _Marketing newsletter_ | Send product updates | Consent | Email, name, click history | Subscribers | Email-delivery SaaS (DPA in place) | Until consent withdrawn | If processor is outside {{ JURISDICTION }}, SCCs in place | One-click unsubscribe, consent log |
| 4 | _Application logs_ | Debugging, security | Legitimate interest | IP, user-agent, request URL, user ID | Anyone using our service | Hosting provider (DPA in place) | 30 days rolling | None | TLS, encrypted at rest |
| 5 | _Payments_ | Process transactions | Contract / legal obligation | Last 4 of card, billing address | Customers | Payment provider (PCI-DSS) | 6 years (tax) | Per provider contract | Tokenisation, no PAN stored locally |
| 6 | _Recruitment_ | Assess candidates | Legitimate interest / consent | CV, contact, interview notes | Job applicants | ATS provider (DPA in place) | 6 months unsuccessful, joins HR file if hired | If processor is outside {{ JURISDICTION }}, SCCs in place | TLS, RBAC, signed NDA |

> **Add a new row when**: a new system goes live, a new processor is
> contracted, the data changes, the lawful basis changes, retention
> shortens or extends, or the service launches in a new country.

## Special-category and high-risk activities

If any row above involves special-category data (health, biometrics,
politics, religion, sexual orientation, genetics, trade-union),
mark it with **β˜…** and link to its DPIA. The DPIA wizard at
{{ ORG_NAME }}'s toolkit can be used as a starting point.

## Cross-border transfer detail

For each row marked "Yes" under International transfers, attach a
transfer-impact assessment covering: destination country, legal basis
for transfer (adequacy decision / SCCs / BCRs), supplementary
technical measures, government-access risk in the destination.

## Sign-off

This register is authoritative once approved by the data-protection
contact. Changes are version-controlled; the previous version is
archived for **24 months**.

Signed: ____________________________ ({{ CONTACT_EMAIL }})
Date:   ______________________