Record of Processing Activities

According to Art. 30 GDPR

This record of processing activities provides an overview of all data processing activities carried out by aixcept - Technical Advisory & Consultancy in accordance with Article 30 of the General Data Protection Regulation (GDPR).

1. Contact and Communication Data

Purpose of Processing: Customer communication, inquiry processing, contract initiation and execution
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract execution), Art. 6 para. 1 lit. f GDPR (legitimate interest)
Categories of Personal Data:

• Name, address, email address, phone number
• Communication content (emails, messages, inquiries)
• Contract data

Categories of Data Subjects: (Potential) customers, business partners, interested parties
Recipients: No data transfer to third parties, except for technical service providers (hosting)
Transfer to Third Countries: No
Storage Duration:

• Customer data: Until end of contract relationship plus applicable legal retention periods
• Inquiry data: Until completion of inquiry processing or revocation of consent
• Contract data: According to commercial and tax law retention requirements (typically 6-10 years)

Technical and Organizational Measures:

• Encrypted data transmission (SSL/TLS)
• Access controls and authorization concepts
• Regular security updates and patches
• Data backup procedures

---

2. Website Analytics and Technical Data

Purpose of Processing: Website operation, error analysis, security, performance optimization
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in technically error-free and optimized website operation)
Categories of Personal Data:

• IP addresses (anonymized where possible)
• Browser information and technical parameters
• Access times and requested pages
• Referrer information

Categories of Data Subjects: Website visitors
Recipients: Hosting provider, technical service providers
Transfer to Third Countries: No
Storage Duration: Server logs are typically deleted after 30 days

Technical and Organizational Measures:

• IP anonymization where possible
• Secure server infrastructure
• Regular monitoring and logging review
• Access restrictions to log data

---

3. Email Marketing and Newsletter (if applicable)

Purpose of Processing: Sending newsletters and marketing information
Legal Basis: Art. 6 para. 1 lit. a GDPR (consent)
Categories of Personal Data:

• Email address
• Name (if provided)
• Registration time and confirmation
• Email interaction data (opens, clicks)

Categories of Data Subjects: Newsletter subscribers
Recipients: Email service provider
Transfer to Third Countries: Potentially, depending on service provider (with appropriate safeguards)
Storage Duration: Until consent is withdrawn or subscription is cancelled

Technical and Organizational Measures:

• Double opt-in procedure for subscription
• Easy unsubscribe mechanism
• Encrypted data storage and transmission
• Regular review of subscriber lists

---

4. Application and Recruitment Data (if applicable)

Purpose of Processing: Recruitment processes, application management
Legal Basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures), Art. 6 para. 1 lit. f GDPR (legitimate interest)
Categories of Personal Data:

• CV/Resume data
• Contact information
• Qualifications and work experience
• References and certificates

Categories of Data Subjects: Job applicants
Recipients: Internal stakeholders involved in recruitment
Transfer to Third Countries: No
Storage Duration:

• Successful candidates: As employee data according to employment law
• Unsuccessful candidates: 6 months after completion of application process (unless longer retention is agreed for talent pool)

Technical and Organizational Measures:

• Secure application portal or email encryption
• Limited access to application data
• Systematic deletion after retention period
• Confidentiality agreements for reviewers

---

5. Customer and Contract Management

Purpose of Processing: Customer relationship management, contract execution, invoicing, support
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract execution), Art. 6 para. 1 lit. c GDPR (legal obligations)
Categories of Personal Data:

• Customer contact and company data
• Contract details and project information
• Financial data and payment information
• Communication records and project documentation

Categories of Data Subjects: Business customers, contact persons
Recipients: Accounting service providers, payment processors, project collaborators (if applicable)
Transfer to Third Countries: Only with appropriate safeguards (adequacy decisions, standard contractual clauses)
Storage Duration: According to commercial and tax law retention requirements (6-10 years)

Technical and Organizational Measures:

• Secure customer management systems
• Regular data backups with encryption
• Access controls and user authorization management
• Audit trails for data modifications

---

Contact Information for Data Protection Inquiries

Data Controller:
Rainer Hermanns
aixcept - Technical Advisory & Consultancy
[Your Business Address]
[City, Postal Code]
Germany

Contact:
Email: [your-email@example.com]
Phone: [your-phone-number]

Your Rights

As a data subject, you have the following rights under the GDPR:

• Right to information (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

For exercising your rights or data protection inquiries, please contact us using the contact information provided above.

---

Last Updated: [Current Date]
Next Scheduled Review: [Review Date]