Record of Processing Activities
GDPR Article 30 — Last updated 27.03.2026
Controller
Henning Larsen (part of Ramboll Group Denmark) · Vesterbrogade 72, 4, 1620 København V, Denmark · CVR 1003635060 · contact@opendetail.org
Processing activities
| Activity | Legal basis | Data | Retention |
|---|---|---|---|
| Account registration | Art. 6(1)(b) + (f) | Name, email, password hash | Until deletion |
| Profile & content | Art. 6(1)(f) | Optional fields, details, comments, files | Until deletion |
| Security monitoring | Art. 6(1)(f) | IP (anonymised), user agent, event type | Auth logs 90d, security logs 30d, rate limits 3h |
| Consent records | Art. 6(1)(c) | Consent type, anonymised IP, policy version | Indefinite (legal obligation) |
| Transactional email | Art. 6(1)(b) | Email address | Until delivery |
| Bot detection | Art. 6(1)(f) | Request metadata (processed by Vercel BotID) | Not stored |
Processors
| Processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, auth, storage | EU (Frankfurt) |
| Vercel Inc. | Hosting, edge functions, bot detection (BotID) | EU (Frankfurt) |
| Resend Inc. | Transactional email | EU (Ireland); metadata US (SCCs apply) |
Rights
Access, rectification, erasure, and data portability are available via self-service in account settings. For restriction or objection requests, contact contact@opendetail.org. Complaints: Datatilsynet.