Record of Processing Activities

Purpose

Respond to business inquiries submitted via the website contact form

Data subjects

Prospective clients and website visitors

Categories of data

Name, email address, company name, message content

Legal basis

Article 6(1)(f) — Legitimate interest (responding to inquiries)

Recipients

Internal team (JR Management), email processor (Resend Inc.)

Transfers outside EEA

Resend Inc. (USA) — adequate safeguards via Standard Contractual Clauses

Retention period

12 months from submission, then deleted

Security measures

Encrypted transmission (TLS), access controls, secure hosting

Purpose

Record user cookie preferences to comply with ePrivacy regulations

Data subjects

All website visitors

Categories of data

Cookie consent preference (accepted/rejected), stored client-side only

Legal basis

Article 6(1)(c) — Legal obligation (ePrivacy Directive)

Recipients

None — data stored only in the user’s browser

Transfers outside EEA

None

Retention period

365 days (browser cookie)

Security measures

Client-side storage only, no server transmission

Purpose

Manage client relationships, contracts, deliverables, and invoicing

Data subjects

Clients and client contacts

Categories of data

Contact details, project documentation, contractual information, invoicing data

Legal basis

Article 6(1)(b) — Performance of a contract

Recipients

Internal team, accounting software, cloud infrastructure providers

Transfers outside EEA

Cloud providers (AWS/Azure) — adequate safeguards via SCCs and adequacy decisions

Retention period

Duration of contract + 10 years (Belgian commercial law)

Security measures

Access controls, encrypted storage, regular backups