Aqualectra Multi Utility

Data Privacy

Internal privacy, security, and GDPR guidance for billing operations.

Privacy Scope

This application processes business and personal data required to manage invoicing, customer records, production-related source data, user access, and operational support activities for the internal billing process.

Categories of Data

  • Customer identification and contact details.
  • Consumption, production, billing, invoice, and payment-related records.
  • User account details, role assignments, and sign-in metadata.
  • Operational logs, audit entries, and configuration change history.

Purpose of Processing

Data is processed to perform billing operations, review and correct invoice inputs, manage customer support workflows, maintain application security, demonstrate traceability, and meet accounting, tax, contractual, and regulatory obligations.

Access Control

Access to data should be limited to personnel with a legitimate business need. Permissions should be assigned according to role, reviewed regularly, and removed promptly when no longer required.

Security Measures

Recommended controls include role-based authorization, strong authentication, transport security, audit logging, secure backup handling, least-privilege administration, and controlled export of data outside the application. Sensitive credentials must never be stored or shared in plaintext outside approved secret-management processes.

Retention and Minimization

Only data needed for invoicing, compliance, support, and auditability should be retained. Retention periods should follow applicable legal, tax, accounting, and internal governance requirements. When data is no longer required, it should be deleted, anonymized, or archived under approved procedures.

Data Sharing and Processors

Data may be shared only with authorized internal teams or approved service providers that support hosting, email delivery, security, or operational processing, and only to the extent necessary for the documented business purpose.

GDPR and Data Subject Rights

Where GDPR or similar privacy laws apply, data subjects may have rights such as access, rectification, erasure, restriction, objection, and data portability, subject to legal limitations and retention duties. Requests should be handled through the company privacy or compliance process.

Incident Handling

Potential privacy or security incidents, including unauthorized disclosure, incorrect recipient delivery, or suspicious export activity, should be escalated immediately through the internal incident-management process so assessment, containment, and notification duties can be completed on time.

Document Status

This page contains a temporary best-practice baseline for internal use. Management will provide the final approved privacy and GDPR wording for publication in a later revision.