FUJ00234944
FUJ00234944
CONFIDENTIAL
SCHEDULE J
Description of Data Processing
Version History
14.0 Added as per CCN1674a
15.0 12/04/23 Updating as per CCN1725a, CCN1724a,
CCN1739, CCN1741
Schedule J Version 15.0
Page 1 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
All HNG-X Business Capabilities
Schedule B3.2
The functionality available at each Counter
Position for serving Customers shall comprise
one or more Business Capabilities in paragraph
2 of Schedule B3.2.
The provision of each Business Capability is
dependent on one or more of the Support
Facilities described in paragraph 3 of Schedule
B3.2.
Subject Matter
Fujitsu may process Personal Data under the
Existing Agreement for the purposes set out in
the Existing Agreement (if any), and otherwise
in the furtherance of the arrangements
between the parties, in each case in connection
with the provision of IT related services.
Duration of the processing
Commercial data is transitory in HNG-X, except
that it is held in Audit (for at least seven years)
and for support purposes in other systems (for
up to 365 days).
See details under The return and destruction of
the data below.
For as long as is necessary for Fujitsu to comply
with its obligations under the Existing
Agreement (if any) and for the furtherance of
the arrangements between the parties, and as
otherwise permitted by this Agreement and the
Existing Agreement.
The retention of specific types of personal data
and Special Category personal data will be
determined by the Post Office Data Retention
Policy. Data Retention rules applicable to
specific data may be reflected in Interface
Specifications.
Nature and purposes of the processing
[Detail specific to the Business Capability —
derived from and always superseded by the
latest version of Schedule B3.2]
Schedule J Version 15.0
Page 2 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Nature
Fujitsu will process data in the following ways:
1. Data processed by Fujitsu without
transformation, logging or archiving, or
without transformation but with logging
and/or archiving.
The majority of the transaction types that run
in HNG-X/HNG-A utilise “AP-ADC scripts”,
implemented and maintained by Post Office or
its agents outside the change control processes
operated by Fujitsu.
Fujitsu relies on the PO to provide knowledge of
the data captured by any AP-ADC script and
may not understand the nature or purposes of
processing such transactions on behalf of Post
Office and third-party consumers of the data
with whom Post Office Limited has a
commercial arrangement.
AP-ADC scripts may use Fujitsu Horizon
frameworks and components to collect,
validate and exchange data with third parties
without Fujitsu being aware of the nature of
the data collected, transmitted or stored within
archives.
2. Data is processed and optionally archived
in Data Centre Services via various Business
Capabilities.
Processing activities such as storage, retrieval,
analysis, data collection, transformation and
data transfer may all be undertaken by Fujitsu
as follows:
(Near) Real-Time Data processing
Passed in Real-time or Near Real Time
(periodically) TO a third party consumer of the
data (e.g. to Royal Mail via Track and Trace
data file)
Received in Real-time or Near Real Time
(periodically) FROM a third party provider of
the data (e.g. from National Express / DVLA)
Batch Processing:
Schedule J Version 15.0
Page 3 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
* Passed overnight to POL Credence, Core
Finance System and Post Office Ltd cash
planning and management systems.
* Passed monthly to Success Factors
EPOSS Settlement Data
At the time of basket settlement at the Post
Office Counter, transaction data is:
Recorded in Counter and/or BAL logs.
* Stored in the Branch Database.
e Passed overnight to POL Credence and
Core Finance Services.
e Passed in Real-time or Near Real Time
(periodically) to a third party consumer
of the data (e.g. to Royal Mail via Track
and Trace data file)
Stored in Audit.
Common Interface Specifications:
REQ/APP/AIS/2070-Branch Full to Credence
Als
REQ/APP/AIS/3362-Horizon to CFS Financial
System AIS.
REQ/APP/AIS/3383-Horizon to CFS
Reconciliation AIS
EA/IFS/006- Horizon to Credence AIS
Purpose
The purpose of the processing aligns to
functionality presented by the Horizon (HNG-X
/ HNG-A) system at each Post Office Counter
Position for serving Post Office customers.
Horizon comprises one or more Business
Capabilities as outlined in paragraph 2 of
Schedule B3.2 of the HNG-X contract. Provision
of each Business Capability is dependent on
one or more of the Support Facilities described
in paragraph 3 of Schedule B3.2.
Type of Personal Data
The Post Office Limited has not informed
Fujitsu of all of the data captured, transmitted
and recorded in the Fujitsu systems that Post
Schedule J Version 15.0
Page 4 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Office Limited believes to Personal Data under
GDPR.
The type of personal data processed varies
across the supported Business Capabilities and
transaction types within those Capabilities.
As Data Processor, Fujitsu is involved in
collecting data, or processing data, according to
Post Office requirements, this includes meeting
specific system interface specifications
determined by third party consumers of that
data (with whom Post Office maintains a
contractual relationship, but Fujitsu do not).
Fujitsu therefore relies on Post Office to
establish and maintain Fujitsu’s understanding
and awareness of ALL Personal Data and
Special Category Personal Data which Post
Office requires to be collected, processed or
audited. Fujitsu relies on Post Office Limited to
maintain an awareness/knowledge of the data
captured by any AP-ADC script, as this is
defined by the script author (Post Office Limited
or their agent) and typically to meet an
interface of a third-party consumer of the data
with whom Post Office Limited has a
commercial arrangement.
In the absence of such a definition, Data items
can only be definitively specified by Fujitsu as
being captured for Non-APADC transactions
where the capture of data is defined within Post
Office Use Cases (such as PS-12 Postal Services),
or in well-defined data mapping specifications
(Generic and Interstage Web Services). Where
that is true references will be made to the
HNG-X project repository version of the
relevant interface specifications which HNG-X
implements
These transactions include:
e ETOPUP
e Generic and Interstage Web Services
(e.g. DVLA)
e Bureau de Change
e Debit Card Payments
Schedule J Version 15.0
Page 5 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
¢ Postal Services Use Cases
eBanking
Based on Schedule B3.2 Para 3.9.5: All data
captured at the Data Centre either as part of a
Transaction performed at a Counter Position or
as an administration function shall form part of
a unique Transaction which shall have a unique
reference number. The format of this
Transaction shall vary according to the
Transaction type but will typically contain:
* Branch Code
e Counter Position ID;
e unique Transaction ID;
date;
time;
User ID
Cost
Quantity
Basket Session Id
Product Id
Transaction Mode
Transaction details specific to the
transaction
eoeceee
Categories of Data Subject
Personal data and Special Category Personal
Data related to the following categories of data
subject will be processed as part of the
supported business capabilities:
* Post Office Customers
e Post Office Employees and Agents
Other Individuals
On the counter, the clerk enters data. The
clerk requests the data from the customer in-
branch.
On external systems such as Self Service
Kiosk/Paystation, the customer in-branch
enters the data as requested by the system,
and related data will enter the HNG-X system.
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
Gathered transaction data is:
Logs are held on the Counter for 180
days.
Schedule J Version 15.0
Page 6 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Logs are held on the HBS server for 30
days and the logs are held in the
support repository for 3 months.
Logs are held on the BAL servers for 8
days and in the support repository for 3
months.
e Retained in Branch (Transaction)
Database (BRDB) for a typical period of
4 days:
[DES/APP/HLD/0020 Section 21.2]
*Note —not a CCD
For Example:
BRDB_RX_APS_TRANSACTIONS
(APADC) (4 days)
BRDB_RX_NRT_TRANSACTIONS (4 days
plus APADC Txn defined addition)
BRDB_RX_EPOSS_TRANSACTIONS (4
days)
e Retained in Branch Support System
Database (BRSS) for 62 days
A subset of information (e.g. Cost,
Quantity, Product Id etc) is held in BRSS
for 365 days*
BRDB_RX_REP_SESSON_DATA.
© —* CP2173/(PVCS 6730) - CT2620 - Rel Ind
- APPROVED - Data retention increase in
BRSS from 6 months to 12 months
R18.73 applied to LST 23 October 2018
and to Production 8 Nov 2018
¢ Data within the commercial Audit trail
is retained for at least seven years*.
*Note As of May 2014 (CP1261) POL
suspended the purging of data from Audit,
to support litigation services
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
POL — Data Controller or Processor
POL — Data Controller and Processor (within
the AP-ADC transaction)
Fujitsu — Data Processor or Sub-processor
Schedule J Version 15.0
Page 7 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Fujitsu are responsible for the technology that
captures or facilitates the capture of
transaction data and passes it through to POL
Credence and designated third-parties (e.g.
Royal Mail) to meet a defined version of an
Application Interface or Interface Specification.
Fujitsu are responsible for the security and
storage of data in transit and at rest whilst
within the HNG-X system.
Fujitsu do not currently sub-contract any of the
data processing.
For all transactions Post Office Limited are
responsible for defining what personal data
and special category personal data must be
captured by the HNG-X system and what data is
exchanged with POL or third party clients to
meet a defined version of an Application
Interface or Interface Specification.
Additionally, for any AP-ADC transaction, POL
are responsible for any data transmitted via
any online interactions performed by the AP-
ADC script.
Post Office will ensure that change requests
related to Horizon (HNG-X / HNG-A) hosting or
functionality include an indication of whether
and how processing of personal data and
Special Category personal data is affected by
the proposed change.
Name of 3" party with access to data /
knowledge about data
There may well be interface specifications
between POL and the recipient client that
defines the content of this XML, but Fujitsu do
not maintain such documents
Personal Data Hosting and Processing locations
Personal Data is hosted only in the UK. The
HNG-X data stores reside in Fujitsu Data
centres in Belfast, Northern Ireland (IRE11 /
IRE19).
Personal Data is only accessed from within the
EEA.
Schedule J Version 15.0
Page 8 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
In/Out Automated Payment and Additional Data
Capture transactions
Schedule B3.2
Section 2.3 - In/Out Payment Business Capability
The In/Out Payment Business Capability enables Post
Office to provide a range of payment services to
Customers comprising in-payment (e.g. bill payment)
and out-payment (e.g. postal order redemption).
Section 2.1.3 - Additional Data Capture ‘AP-ADC’
transactions
The HNG-X/HNG-A ‘AP-ADC’ framework supports a
range of data selection, capture and validation
facilities which are controlled and constrained by
Post Office Reference Data
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Nature of the processing:
Schedule B3.2 - Section 2.3
2.3.1 The In/Out Payment Business Capability
enables Post Office to provide a range of payment
services to Customers comprising in-payment (e.g.
bill payment) and out-payment (e.g. postal order
redemption).
2.3.2 The In/Out Payment Business Capability may be
invoked through the use of Tokens or other
mechanisms and may involve the use of a range of
data capture, data validation and Transaction
validation facilities.
2.3.3 The In/Out Payment Business Capability supportsI
the following range of Tokens:
® magnetic stripe cards
¢ barcoded documents
2.3.4 The Clients and Tokens supported by the In/Out
Payment Business Capability are set out in the CCD
entitled “Automated Payments System Client List”
(BP/DOC/008).
Specific payment services and the Transactions which
support them conform to the relevant Application
Schedule J Version 15.0
Page 9 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Interface Specification, the CCD entitled “POCL
Automated Payments Generic Rules” (BP/DOC/014)
and appropriate Token Technology Specification(s).
2.3.5 The In/Out Payment Business Capability
supports the use of HNG-X User Interface
components which may be specified via Post Office
Reference Data as being equivalent to a manually
entered barcode token
2.3.6 The In/Out Payment Business Capability may
utilise data, typically comprising tariff data, received
from Clients.
2.3.7 The In/Out Payment Business Capability may
access the PAF Support Facility, APOP Business
Capability and such other specific external applicationsI
as the Parties may agree under the Change Control
Procedure.
2.3.8 Transactions undertaken using the In/Out
Payment Business Capability shall be recorded as part
of a Customer Session and shall be committed as part
of the settlement process using the Payment
Management Business Capability.
2.3.9 Transactions undertaken using the In/Out
Payment Business Capability and taking place within
the same POL Core Day as the original Transaction and
committed using the Payment Management Business
Capability may subsequently be Reversed in a new
Customer Session, subject to such action being
allowed within Reference Data. This shall have the
effect of Reversing the accounting effect of the
Transaction. Where a Transaction has been Reversed
then no data relating to the original Transaction or the
Reversing Transaction shall be sent to the relevant
Client subject to the relevant Application Interface
Specification. It will not be possible to start a Reversal
Transaction during the period of three minutes before
the end of the POL Core Day.
2.3.10 Data captured as a result of an In/Out
Payment Transaction shall be transferred to Client
systems and Post Office systems in accordance with
the relevant Application Interface Specification and
shall be carried out using the File Management
Support Facility.
Schedule J Version 15.0
Page 10 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
For all APADC scripted Transactions the following
statements and specifications apply:
There may well by interface specifications between
POL and the sending or receiving 3rd party that
defines the content of expected data messages
and/or files but Fujitsu do not maintain such
documents.
APS Type G Interface Specification-AP/IFS/056
APS Type T Interface Specification-AP/IFS/059
APS Type BT Interface Specification-AP/IFS/060
APS Type X Interface Specification- AP/IFS/061
APS Type XO Interface Specification-AP/IFS/062
APS Type XU Interface Specification -
DES/APP/AIS/1428
The Type X, XO & XU contain a package of XML that is
defined by AP-ADC Reference data supplied by Atos.
POL expressed purpose of the processing:
To capture APS transactions at a Post Office counter
for delivery of transaction data to Post Office Limited
Clients
To capture APS transactions at a Post Office counter
for delivery of Client Transmission Summary to Post
Office Limited (CTS Report)
Generic Look-up - To send data and request data
to/from Post Office Limited clients in ‘real’ time
during a customer session
Type of Personal Data
See : Fujitsu Common Statement
POL expression of ‘Personal Data’ sample only, not
an exclusive list
e PAN
Customer Sort Code
Customer Account Number
Access Ind.
Sequence No.
© Accounting Data (transaction amount,
transaction dates etc.)
© Order number
« Agent Code
© User/Staff ID
Schedule J Version 15.0
Page 11 of 54
CONFIDENTIAL
FUJ00234944
FUJ00234944
¢ — Invoice-number
* Transaction Reference
e Receipt Reference
¢ Post Office Code or FAD
Additional Data — means the data that may be
captured at the point of transaction and stored in
non-defined fields of which Fujitsu relies on Post
Office to advise of the content of such data, whether
or not such data is required or requested to be
captured at counter, and which is subject to the
provision of below.
Fujitsu will process Personal Data in accordance with
the Schedule A4, ARC/SEC/ARC/003 and
ARC/SEC/ARC/001. The Parties agree that Fujitsu is
processing Personal Data solely on the instructions of
POL
® Coach cards (A pre-paid card allowing
customers to benefit from discounts when
booking a National Express coach. Each coach
card has a unique 8 or 9 alphanumeric code)
CTS (Clients Transaction Summaries) Detail
Record
— Client’s Name (The AP Client Account name)
e Settlement Client Name (The name of the
client with which settlement is made)
WEB SERVICE CLIENT CONNECTION
SERVICE — not an exclusive list
¢ Alternate Contact Number
¢ Mobile Number
e Primary Email
© Secondary Email
e Delivery Address
e Appointment Special Arrangement Notes
e Contact/Passengers Name
e® Contact Telephone Number
Bank Account
¢ Account Holder Name
¢ Account Number
¢ Sort Code
¢ Marketing Preference
Categories of Data Subject
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 12 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Plan for return and destruction of the
data once the processing is complete
UNLESS requirement under union or
member state law to preserve that data
type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding
monitoring and processing of Personal
Data.
See : Fujitsu Common Statement
POL expression of Roles and Responsibilities:
Atos manage the list of clients and their associated
delivery agreements. Content defined in APADC
Scripts.
Name of 3" party with access to data /
knowledge about data
See : Fujitsu Common Statement
Note: * - POL AP Clients (approximately 850 clients
across 150 destinations)
POL Expression of 3" Party Access:
Ingenico
Atos
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 13 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
AP Out-Payments (APOP) Business Capability
Schedule B3.2
Section 2.4 - The AP Out-Payments (APOP)
Business Capability is a set of components that
support the creation of APOP Services. Each
business application that makes use of the
APOP Business Capability will be segmented
into its own APOP Service.
Example APOP Services include:
« Drop and Go
e Camelot Cheques / Postal Orders
° Over 50s Life Cover
Bureau Pre-Order
NS&I
© Stock Ordering
.
.
POL Expression of the Subject Matter:
Automated Payments Out Pay (APOP) is a
voucher Database that allows customers to
purchase Postal Orders over a post office
counter in branch.
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
APOP Transactions are AP-ADC scripted
transactions which pertain to ‘vouchers’.
The components of the APOP Business
Capability are fully enumerated in Schedule
B3.2
Section 2.4.2
2.4.7 Transactions undertaken using the APOP
Business Capability shall be recorded as part of a
Customer Session and shall be committed as
part of the settlement process using the
Payment Management Business Capability.
The following are generic interface
specifications that describe how data must be
formatted.
They do not describe the content of the data.
POL Client to Voucher Host System AIS-
AP/IFS/063
Schedule J Version 15.0
Page 14 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
APOP Host System Reporting to Client AIS-
AP/IFS/065
See : Fujitsu Common Statement
POL expressed purpose of the processing:
Generic Look-up - To send data and request
data to/from the Belfast data centre APOP
Database in real time during a customer
session
Reporting - APOP reporting service to send
transaction data to Post Office Limited APOP
Clients
Batch - To receive transaction data from Post
Office Limited APOP Clients
Administration - To administer the APOP
Database
Type of Personal Data
See : Fujitsu Common Statement
POL expression of ‘Personal Data’
e Contact title
Contact forename
Contact initials
Contact surname.
Address Line Field(s)
Post Code
Telephone Number
Email Address
\Additional Data — means the data that may be
captured at the point of transaction and stored in
inon-defined fields of which Fujitsu relies on Post
Office to advise of the content of such data,
hether or not such data is required or requested
{to be captured at counter, and which is subject to
ithe provision of below.
Fujitsu will process Personal Data in accordance
ith the Schedule A4, ARC/SEC/ARC/003 and
IARC/SEC/ARC/001. The Parties agree that Fujitsu
lis processing Personal Data solely on the
instructions of POL
Client Identifier
File Sequence Number
Client Identifier
Staff ID
Schedule J Version 15.0
Page 15 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
¢ Transaction ID
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement.
POL expressed Plan for return and destruction
of the data
Note:Check with Atos/POL Configuration of
retention varies
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement.
POL expression of Roles and Responsibilities:
Atos — APADC
Fujitsu — Data Processor
Atos —- PODG
Name of 3” party with access to data /
knowledge about data
See : Fujitsu Common Statement for APADC
Transactions
POL Expression of 3" Party Access:
Financial Institution (Link, Santander or CAPO)
POL APOP Clients (approximately 12 clients)
and Post Office Limited
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Alan Holmes
Schedule J Version 15.0
Page 16 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Banking Business Capability (delivered
through the Payment and Banking Service)
Schedule B3.2
Section 2.5 - The Banking Business Capabi
enables Post Office to support the transaction
of banking business in Branches.
Duration of the processing
See : Fujitsu Common Statement.
Fujitsu GDPR/DPA Data Analyst
Paul Baisher
Nature and purposes of the processing
2.5.2 The Banking Business Capability is invoked
by either:
-acard swipe (or input of card details) where
EMV functionality is not supported in respect of
that card; or
-a Customer inserting their card into the chip
card reader in a PIN Pad where such card
supports EMV functionality.
2.5.3 The following Transaction types are
supported:
cash deposit;
¢ cash withdrawal;
e balance enquiry; and
¢ change of PIN at PIN Pad.
2.5.4 Each Transaction type comprises:
e aseries of screen dialogues;
the input or selection of data by the User;
e the input of PIN numbers by Customers
where applicable;
e the interactive exchange of information
via the Payment and Banking Service with
the Bank systems; and
e the printing of receipts.
2.5.5 Transactions undertaken using the
Banking Business Capability shall be centrally
recorded as part of a Customer Session and shall
be committed as part of the settlement process
using the Payment Management Business
Capability.
See : Fujitsu Common Statement for
Settlement
Schedule J Version 15.0
Page 17 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Relevant Interface specifications:
SVM/SDM/SD/0020- End to End Reconciliation
Reporting
NB/IFS/036- TES Reports Specification
3" Party interface specifications:
DES/APP/MAN/3760 — Axis Managed Payment
Service Solution - Solution Design
REQ/GEN/STD/3366- LINK Reconciliation
Specification (LISS) AIS
POL expressed purpose of the processing:
The services are to enable business capabilities,
some of those are till transactions in the
branches and others are support capabilities
that support the business capabilities.
Authorisation - To request a banking service
such as PIN Change, Balance Enquiry, Deposit
or Withdrawal
Response - Response to a banking service such
as PIN Change, Balance Enquiry, Deposit or
Withdrawal
Reversal - Reversal of a banking transactions
Reconciliation - Daily Transaction detail
transfer from Belfast to Financial Institution
Reporting - DRS Reconciliation reports
DRS Workstation - Transaction Query in
support of reconciliation
Type of Personal Data
e PAN (truncated)
¢ CRM Token
© Account Details (as per AIS)
See : Fujitsu Common Statement
POL expression of ‘Personal Data’
e@ Primary Account Number (PAN) truncated,
¢ CRM Token
* Transaction amount
® Transaction ID — unique to the customer
and transaction and to the Post Office
© Post Office branch ID and terminal ID
© User/clerk ID
Schedule J Version 15.0
Page 18 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
eCard Expiry Date
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3" party with access to data /
knowledge about data
3" Party access:
Ingenico
POL Expression of 3"! Party Access:
SSC
Ingenico
Location of Datacentre
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 19 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Electronic Top-Up Business Capability
Schedule B3.2
Section 2.7 - The Electronic Top-Up Business
Capability enables Post Office to support the
Customer purchase or refund of mobile phone
related credits and associated content products
(e.g. ring tones)
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2
2.7.2 Electronic Top-Up ('ETU’) credit products
(known as 'Top-Up' products or 'PIN' products)
are invoked by swiping a Customer’s card (or by
the manual input by the Counter Clerk of the
Customer's card details). ETU content products
(known as PIN/e-voucher products) are invoked
by Counter Clerk selection. The following
Transaction types are supported:
the purchase of a card based Top-Up
product;
the purchase of card based PIN product;
e the purchase of a PIN/e-voucher product;
the refund of a card based Transaction;
and
* the refund of a PIN/e-voucher
Transaction.
2.7.3 Each Transaction type comprises:
e the selection of ETU products from
menus;
e aseries of screen dialogues;
© the input or selection of data by the User;
e the interactive exchange of information
with e-pay; and
e the printing of receipts.
2.7.4 Transactions undertaken using the
Electronic Top-Up Business Capability shall be
centrally recorded as part of a Customer Session
and shall be committed as part of the settlement!
process using the Payment Management
Business Capability.
See : Fujitsu Common Statement.
Schedule J Version 15.0
Page 20 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
2.7.5 The Electronic Top-Up Business Capability
shall automatically generate a Reversal
Transaction and transmit this to e-pay when
the authorisation response to certain
Transaction types is not received within a pre-
configured timeout period.
POL expressed purpose of the processing:
Response - To request an electronic top-up
Reversal - Response to a top-up request
Reconciliation - Daily Transaction detail
transfer from E-pay to Belfast
Reporting - DRS Reconciliation reports
DRS Workstation - Transaction Query
Type of Personal Data
Relevant Interface Specifications:
SVM/SDM/SD/0020-End to End Reconciliation
Reporting
3" Party interface specifications:
ET/IFS/001-E-Pay Application Interface
Specification
See : Fujitsu Common Statement
¢ Cashier ID
® Original Transaction ID
* Mobile Number
¢ Unique Transaction ID (or PIN Serial
Number)
e PIN (Product Identification Number/E-
pay unique activation code)
¢ Card Details
Transaction Amount
Client Reference
Account Reference Id
Sort Code
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 21 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Name of 3" party with access to data /
knowledge about data
3" Party access:
E-Pay
POL Expression of 3"! Party Access:
Financial Institution (E-PAY)
Location of Datacentre
See : Fujitsu Common Statement.
Fujitsu GDPR/DPA Data Analyst
Paul Braisher
Schedule J Version 15.0
Page 22 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Bureau Service Business Capability
Schedule B3.2 - Section 2.8 —
2.8.1 The Bureau Service Business Capability enables
Post Office to trade foreign currencies and travellers’
cheques on-demand at Counter Positions (the on-
demand Bureau Service facility).
2.8.2 The Bureau Service Business Capability enables
Post Office to pre-order foreign currencies and
travellers’ cheques at Counter Positions (the pre-
order Bureau Service facility).
2.8.3 The Bureau Service Business Capability enables
Post Office to sell and top-up travel money cards at
Counter Positions (the travel money card Bureau
Service facility).
2.8.4 The Bureau Service Business Capability enables
Post Office to capture, validate and report on the
barcode or serial number on travellers’ cheques
traded.
2.8.5 The Bureau Service Business Capability enables
Post Office to control the Bureau Service facilities
available at a Counter Position by Post Office
Reference Data
2.8.6 The Bureau Service Business Capability enables
Post Office to control the currency types that can be
traded by each Bureau Service facility at a Counter
Position by Post Office Reference Data
POL expression of the Subject Matter:
First Rate Exchange Services - The Bureau
Service Business Capability enables Post Office
to trade foreign currencies and travellers’
cheques at Counter Positions in Post Office
Branch
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 —
2.8.7 The counter dialogue for the Bureau
Service facilities is controlled by Post Office
Reference Data in accordance with and subject
to the provisions of the CCD entitled “AP-ADC
Reference Manual” (DES/GEN/MAN/0002).
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 23 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Relevant Interface specifications:
DES/APP/MAN/0001- Type A/B Reference Data
Counter Objects definition
DES/GEN/MAN/1653- PODG Route Definition
User Guide
DES/GEN/MAN/0002- AP-ADC Reference
Manual
DES/APP/AIS/1887- Post Office MDM XML
Format Reference Data Specification
SVM/SDM/SD/0018- Message Broadcast ServiceI
Description
3" Party interface specifications:
REQ/APP/AIS/2509- FMCC Service Specification
REQ/APP/AIS/2507- FMCC Data Mapping
NB/IFS/012 - TPS to FRTS AIS
REQ/APP/AIS/0704 -Branch & Price Profiles AIS
RD/IFS/033-Spot Rates and Margins AIS
POL expressed purpose of the processing:
Bureau Sales -
To capture Bureau sales transactions at a Post
Office counter for later accounting and
reporting
To capture general retail sales transactions at a
Post Office counter for delivery of summarised
product data to First Rate Travel Services
To capture additional data relating to bureau
sales using the technology provided by In/Out
Payment Business Capability
Receive Spot Rates, Margins, Branch Profile and
Pricing Profile reference data
Type of Personal Data
See : Fujitsu Common Statement
POL expression of ‘Personal Data’
Bureau Service
* Transaction Ref No
e Last 4 Digits of the Payment Cards
e Name
e Address
e ID
Travel Money Card
Schedule J Version 15.0
Page 24 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
e Address
e ID
* encrypted PAN
e = Carrier Id
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3rd party with access to data /
knowledge about data
First Rate
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Sarah Selwyn
Schedule J Version 15.0
Page 25 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Postal Services Business Capability
Schedule B3.2 Section 2.9
2.9.1 The Postal Services Business Capability
supports a range of Mails Acceptance and Mails
Administration business processes taking place
within designated Branches together with
support for the establishment and management
of Postal Services Reference Data. These will
comprise: -
-services provided to Customers that support
the pricing and sale of mails products;
-the management of mail items received into
and despatched from a Branch;
-the provision of data to Post Office and Postal
Services Clients concerning these operations;
-tools to enable Post Office to establish and
manage the Postal Services Reference Data.
2.9.2 Mails Acceptance supports the over the
counter processes for accepting mail items
from customers
2.9.3 Mails Administration supports the in-
Branch processes for receiving and dispatching
mails items
2.9.4 The Postal Services Business Capability
supports the transfer to the BIG of track and
trace and related data captured by the Mails
Acceptance and Mails Administration facilities
for selected Mails Carriers and the transfer of
completed Postal Services transaction data to
various Post Office systems
2.9.5 The Postal Services Business Capability
enables Post Office to specify and manage the
Carrier Services Reference Data which controls
the options, choices and pricing for all Carrier
Services.
Relevant Interface specifications:
DES/APP/MAN/0001- Type A/B Reference Data
Counter Objects definition
Schedule J Version 15.0
Page 26 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
DES/APP/MAN/0002- Postal Services Reference
Data Definitions
DES/GEN/MAN/1653- PODG Route Definition
User Guide
DES/GEN/MAN/0002- AP-ADC Reference
Manual
DES/APP/AIS/1887- Post Office MDM XML
Format Reference Data Specification
REQ/APP/AIS/1526- Royal Mail PAF
Programmers Guide
REQ/APP/AIS/1591- PAF POL Additional Data
Application Interface
SVM/SDM/SD/0018- Message Broadcast
Service Description
DES/APP/HLD/4410-Track and Trace AIS
REQ/APP/AIS/2046-Paystation Track and Trace
Als
REQ/APP/AIS/2753-BarCodes for all - Data
Matrix and Pre-Advice
REQ/APP/AIS/2754- Barcoding All Parcels AIS
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2
2.9.6 Transactions undertaken using the Postal
Services Business Capability shall be recorded as
part of a Customer Session and shall be
committed as part of the settlement process
using the Payment Management Business
Capability.
The Postal Services service captures
information on the counter, or on the Horizon
Business Server (HBS) supporting Self Service
Kiosks, from the customer to determine details
of a mail item, the mail service to be used, and
the destination.
On the counter, the Postal Services service may
use an AP-ADC transaction to capture
additional information (expected to be
concerning “dangerous goods" restrictions, but
could be anything).
Schedule J Version 15.0
Page 27 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
The counter may also capture mails
information via AP-ADC directly (see
Automated Payments service).
See : Fujitsu Common Statement for
Settlement
POL expressed purpose of the processing:
Postal Services Reference Data - Receive and
interpret Postal Service reference data
In/Out Automated Payment and Additional
Data Capture transactions - To capture APS
transactions at a Post Office counter for
delivery of postal data to Royal Mail
Mails Postal Sales (Track & Trace) - To capture
mails transactions at a Post Office counter for
delivery of postal data to Royal Mail
Mails Postal Sales (Barcoding all Parcels) - To
capture mails transactions at a Post Office
counter for delivery of postal data to Royal
Mail
Pay station Local Collect - To allow local collect
transactions to be performed on Pay station
Devices and delivered via Belfast Data Centre
to Royal Mail
Type of Personal Data
See : Fujitsu Common Statement
The following data items are typically captured
by the Postal Services service for Non-APADC
transactions (e.g. Use Case : PS-12):
e Weight
Mail item format (e.g. Large Letter)
© Service (e.g. 1°* Class Signed For)
¢ Destination Country
® Destination Address (e.g. Postcode/Zip,
House Name/No/PO Box, Street,
Town/BFPO Number)
e Value of Goods
Schedule J Version 15.0
Page 28 of 51
CONFIDENTIAL
Consequential Loss Cover
Saturday Delivery option
Certificate Of Posting option
Postage method (Label, Stamps, Pre-
payment)
@ Unique Label Identifier
¢ 2D barcode and PRN Reference
Number
@ 1D barcode and Track and Trace
Reference Number
POL expression of ‘Personal Data’
Delivery address
Destination Address
Delivery postcode
Recipient Name (Optional)
Unique Item ID?
1D Tracking Number
Sender’s Signature for Declaration
Order number
Invoice number
Certificate Number
Licence Number
* Sender’s Customs Reference
© Sender’s Fax number?
© Sender’s Tel. number
* Sender’s VAT number?
coeee
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3” party with access to data /
knowledge about data
3" Party Access:
Schedule J Version 15.0
Page 29 of 51
FUJ00234944
FUJ00234944
CONFIDENTIAL
FUJ00234944
FUJ00234944
Royal Mail and any other 3" parties utilised by
POL during the processing of data.
For AP-ADC script, some information is sent to
Accenture for Drop & Go. This is the
responsibility of Post Office Limited and ATOS.
POL Expression of 3"! Party Access:
Royal Mail & CSC
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Jon Hulme/Alan Holmes
Schedule J Version 15.0
Page 30 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Point of Sale Business Capability
Schedule B3.2 - Section 2.2
2.2.1 The Point of Sale Business Capability
provides a general "till" function which enables
Post Office to carry out sales operations within
Branches for the range of Post Office products
defined within Post Office Reference Data.
2.2.2 These Post Office Products may be general
retail products or be traded via one of the
following Business Capabilities (described
elsewhere):
* In/Out Payment Business Capability;
e APOP Business Capability;
eBanking Business Capability;
e DVLA Licensing Business Capabili
«Electronic Top-Up Business Capability; orI
© Bureau Service Business Capability.
POL expression of the subject matter:
To capture general retail sales transactions at a
Post Office counter for later accounting and
reporting
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 — Section 2.2
2.2.3 The Point of Sale Business Capability
implements the business and pricing rules for
each product (including the production of the
Transaction receipt(s)) and manages the
aggregation and recording of all Transaction
data into a Customer Session.
2.2.4 Transactions undertaken using the Point of
Sale Business Capability shall be recorded as partI
of a Customer Session and shall be committed as,
part of the settlement process using the
Payment Management Business Capability.
See : Fujitsu Common Statement for Settlement
2.2.5 The Point of Sale Business Capability shall
enable a Transaction to be cancelled from a
Customer Session subject to Post Office
Schedule J Version 15.0
Page 31 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Reference Data, prior to settlement by the
Payment Management Business Capability.
POL expressed purpose of the processing:
The services are to enable business capabilities,
some of those are till transactions in the
branches and others are support capabilities
that support the business capabilities.
Type of Personal Data
See : Fujitsu Common Statement for SettlementI
POL expression of ‘Personal Data’
EPOS (08)
e Product Id such as stamps
e Amount
e Clerk id
e Address for postal service
© Bank card details where customer is
paying by card
Point of Sale (11)
¢ Bank Transaction ID
* Client Ref ID
e Card Impounded
e PAN
«Agent SLA information
e Customer Cheques?
© Credit Card?
© Debit Card?
e Transaction Sequence Number
¢ Additional Data
Account Reference ID
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 32 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Name of 3" party with access to data /
knowledge about data
Various
Location of Datacentre
See : Fujitsu Common Statement.
POL - Core Finance System (Hof Germany)
Fujitsu GDPR/DPA Data Analyst
Jon Hulme
Schedule J Version 15.0
Page 33 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Payment Management Business Capability
(delivered through the Payment and Banking
Sel
Schedule B3.2 Section 2.10
2.10.1 The Payment Management Business
Capability enables the settlement of a Customer
Session using cash, cheque, vouchers, Debit
Cards or Credit Cards as methods of payment.
2.10.2 The Payment Management Business
Capability manages the aggregation of the
required tender value for a Customer Session
and provides change calculation facilities.
2.10.3 The Payment Management Business
Capability manages the production of any AP
Customer receipt and any required or requested
Customer Session receipt as part of the
settlement of a Customer Session. The required
layout of a AP Customer receipt and a Customer
Session receipt shall be defined in the CRD
entitled “HNG-X AP and ADC Receipts”
({DES/GEN/SPE/0011).
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 — Section 2.10
2.10.6 The Payment Management Business
Capability implements the business rules
associated with the use of the Debit Card or
Credit Card Method of Payment which shall
include the use of inclusion lists and exclusion
lists which will specify which products can be
settled with which card types. Business rules will
include a transaction limit, set at a fixed amount
which may be changed from time to time via
reference data by prior agreement with Post
Office.
2.10.7 The Payment Management Business
Capability implements the use of separate
authorisation dialogues using separate merchantI
identity/terminal identity values for Bureau and
non-Bureau products and the validation of the
allowable products and allowable settlement
values according to the type of Debit Card or
Credit Card.
Schedule J Version 15.0
Page 34 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
2.10.8 The Payment Management Business
Capability supports the Debit Card and Credit
Card Method of Payment via Payment and
Banking Service.
Relevant Interface specifications:
REQ/APP/AIS/1495- Merchant Acquirer EMIS
Als
REQ/APP/AIS/2486- Merchant Acquirer EPA AIS
DES/APP/IFS/1595-EMIS Load File AIS
SVM/SDM/SD/0020-End to End Reconciliation
Reporting
3" Party interface specifications:
REQ/APP/AIS/2433- (AMEX) File Format for EPA
Delimited
REQ/APP/AIS/1425- Global Payments Online
Application Interface Specification
POL expressed purpose of the processing:
The services are to enable business capabilities,
some of those are till transactions in the
branches and others are support capabilities
that support the business capabilities.
Authorisation - To request a payment
authorisation
Response - Response to a payment
authorisation request
Reversal - Reversal of a payment authorisation
request
Reconciliation - Receipt of payment
confirmation EMIS File
Reconciliation - Receipt of payment
confirmation EPA File
Reporting - DRS Reconciliation reports
DRS Work station - Transaction Query
Type of Personal Data
See : Fujitsu Common Statement for Settlement
POL expression of ‘Personal Data’:
e Transaction Code
© PAN (Truncated)
CRM Token
Credit Card?
Debit Card?
Post Office Code
Schedule J Version 15.0
Page 35 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
«Post Office Counter Data
Payment Method Code (Cash/Debit
Card/Stamps)
e User/Clerk ID
e = Transaction Amount
© Other Card Data
e Receipt number
e Transaction source?
© 6 -—digit Charge Authorization code
© Settlement Currency Code
Categories of Data Subject
See: Fujitsu Common Statement.
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
POL expression of Roles and Responsibil
Fujitsu — Data Processor
Name of 3” party with access to data /
knowledge about data
POL expression of 3 Party Access:
Ingenico
Location of Datacentre
Belfast
Fujitsu GDPR/DPA Data Analyst
Pete Jobson
Schedule J Version 15.0
Page 36 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Cash and Stock Management Business
Capability
Schedule B3.2 Section 2.11
2.11.1 The Cash and Stock Management
Business Capability provides facilities to enable
all Branches to capture data (including cash
declarations, inward / outward remittances,
pouch collection and receipt) for onward
submission to Post Office Ltd cash planning and
management systems.
2.11.2 The Cash and Stock Management
Business Capability supports the receipt from
Post Office Ltd cash planning and management
systems of planned orders and replenishment
delivery details.
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 Section 2.11
2.11.3 The Cash and Stock Management
Business Capability provides the following
facilities within Branches:
e the display of screen dialogues that
support cash and stock transfers, cash
and stock declarations, adjustments to
cash holdings;
scanning bar coded labels to monitor the
movement of cash and stock bags and
pouches into the Branch;
the automatic inward remittance of the
value of cash pouches and bureau de
change pouches using the associated
replenishment delivery details;
support for recording that selected cash
and stock pouches and bags are part of a
REM Collection, or have been removed
from a REM Collection;
scanning bar coded labels to monitor the
movement of cash and stock bags and
pouches that form a REM Collection out
of the Branch; and
Schedule J Version 15.0
Page 37 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
e a facility for viewing planned order details
originated by Post Office Ltd cash
planning and management systems and
transmitted to the Branch.
2.11.4 The Cash and Stock Management
Business Capability supports the recording of
cash movements by Branches that are
designated as Operator Cash Branches.
Relevant Interface Specifications:
REQ/APP/AIS/3380 — Horizon Forecasting Data
to CWC Application Interface Specification
REQ/APP/AIS/3552 - Planned Orders to Horizon
Application Interface Specification
REQ/APP/AIS/3553 - CWC Replenishment
Delivery Content (RDC) to Horizon Application
Interface Specification
REQ/APP/AIS/3554 - Pouch Collection
Confirmed (POC) Horizon to CWC Application
Interface Specification
REQ/APP/AIS/3701 — External Interfaces to
Arrow (Power Bl)
POL expression of the purpose of processing:
Remittances - The recording of cash and
currency remittances in and out from a branch
Cash Declarations - Recording cash-on-hand at
a branch
Planned order - Providing forward notice of
proposed cash deliveries
Replenishment Notices - Providing
confirmation of despatched cash deliveries
Operator Cash Statements (POE) - Providing
cash statements to Operator Self-Funded
branches
Type of Personal Data
See : Fujitsu Common Statement
POL Expression of Personal Data:
No personal data records found in the AIS
document
Categories of Data Subject
See : Fujitsu Common Statement
Schedule J Version 15.0
Page 38 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3™ party with access to data / None
knowledge about data
Location of Datacentre Belfast
Fujitsu GDPR/DPA Data Analyst
Pete Jobson
Schedule J Version 15.0
Page 39 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Additional Branch Reporting Business
Capability
Schedule B3.2 Section 2.13
2.13.1 The Additional Branch Reporting Business
Capability supports the ability for Users to access)
Branch reports using mechanisms other than
Counter Positions or Admin Positions, such
mechanisms accessing the reports in accordance
with the AIS ‘BRSS Data Access Server (BDAS) to
Branch Hub Als’ (DES/APP/AIS/3718)
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 Section 2.13.1
e Supports for the ability for Users to
access Branch reports using mechanisms
other than Counter Positions or Admin
Positions
Type of Personal Data
Relevant Interface
Specifications:DES/APP/AIS/3718 - BRSS DATA
ACCESS SERVER (BDAS) TO BRANCH HUB AIS
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
‘once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3 party with access to data /
knowledge about data
See : Fujitsu Common Statement
Postmasters and/or their Agents
Location of Datacentre
See : Fujitsu Common Statement.
Fujitsu GDPR/DPA Data Analyst
Keith Hunt/Gareth Seemungal
Schedule J Version 15.0
Page 40 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Branch Management Business Capability
Schedule B3.2 Section 2.12
2.12.1 The Branch Management Business
Capability provides facilities to enable
authorised Users within any Branch to perform
various administrative functions
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Schedule B3.2 Section 2.12.1
Stock Unit balancing
e@ Branch accounting;
e Printing of Client summaries
e Printing of Branch reports (including
those on-demand reports provided by
POL SAP to Operator Cash Branches);
e Support for Reversals and Refunds;
* Support for the application of Transaction
Correction Records supplied from the
Core Finance System.
POL expression of the purposes of the
processing:
Stock Unit Balancing, Reporting and Branch
Accounting
Transaction Correction - For correction of
postmaster accounting errors
Transaction Acknowledgements - To transfer
cash taken at non-horizon points of sale into
the Horizon branch accounts
Type of Personal Data
Relevant Interface Specifications:
EA/IFS/002-Transaction Corrections AIS
REQ/APP/AIS/1392-Paystation Transaction AIS
REQ/APP/AIS/0004- Transaction
Acknowledgements AIS
DES/APP/AIS/3718 - BRSS DATA ACCESS
SERVER (BDAS) TO BRANCH HUB AIS
POL expression of ‘Personal Data’
e Clerk Id
* Customer Ref. Number
* Client Account Number
Schedule J Version 15.0
Page 41 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
* Customer Ref. Number
Token Identifier
Version Number
Additional Data
Client Id
Bank Transaction Id
PAN
¢ Additional Data
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3 party with access to data /
knowledge about data
See : Fujitsu Common Statement.
POL Expression of 3 Party Access:
None stated
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Pete Jobson/Jon Hulme
Schedule J Version 15.0
Page 42 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
ARC Strategic Smart Card Business Capability
Schedule B3.2 Section 5.3
The ARC Strategic Smartcard capability means
the web service provided by Fujitsu that allows
asylum seekers to access the benefits paid to
them by the Government of the United Kingdom
from a Post Office.
Duration of the processing
See : Fujitsu Common Statement
Nature and purposes of the processing
Peripheral Handling Service - To read various
peripherals (including Smartcards) to extract
customer id and other data.
Sodexho (UKBA asylum seekers) - discontinued
May 2017
Type of Personal Data
N/A
No current AIS documents to review for
Personal Data
Categories of Data Subject
N/A
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3" party with access to data /
knowledge about data
N/A
Used to be used for Sodexho (UKBA asylum
seekers) payments but was discontinued May
2017
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
N/A
Schedule J Version 15.0
Page 43 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
British Gas Smart Metering Business Capability
Schedule B3.2 - Section 5.4
The Smart Metering capability means the web
service provided by Fujitsu that allows
customers of British Gas to access and top up
their Smart Card for usage on British Gas Meters.
POL Expression of the Subject Matter:
The Smart Metering Business Capability is
provided to customers of British Gas allowing
the customers to top up their electricity over a
Post Office counter in branch
Duration of the processing
See : Fujitsu Common Statement.
Nature and purposes of the processing
See : Fujitsu Common Statement
POL expression of the purposes of Processing:
The Post Office provides a payment service on
behalf of British Gas which enables an
individual to top up the electricity meter ina
branch that supports this service.
The individual presents the token to a Post
Office branch counter employee which
launches the transaction, and then informs the
PO employee of the amount to be topped up.
Following the transaction launch, the Post
Office system interacts directly with the British
Gas system in real-time, with the purpose of
authenticating and accepting the transaction.
After successful authentication and an
acceptance of the payment amount, a payment
is collected and a receipt of the transaction is
then printed and provided to the customer.
Type of Personal Data
See : Fujitsu Common Statement for
Settlement
Relevant Specification Interfaces:
REQ/APP/AIS/2368- Smart Metering Web
Service AIS
Schedule J Version 15.0
Page 44 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
REQ/APP/AIS/2370- Smart Metering Generic
Online AIS
REQ/APP/AIS/2380- Post Office to Vend
Management System AIS
3" Party Interface Specifications:
REQ/APP/AIS/2379- British Gas VMS ISO8583
Message Definition
POL expression of ‘Personal Data’
© Card Id —identifies the customer's
meter. Therefore, since it is possible that
the meter is in a single occupancy
dwelling, Card Id is personal data.
® Vend Code
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3” party with access to data /
knowledge about data
British Gas
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Alan Holmes/Sarah Selwyn
Schedule J Version 15.0
Page 45 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Identity Services
NOT RECOGNISED BY FUJITSU
T2322 - Rel Ind - APPROVED - Identity
Services Platform R1 - Detailed design
Not progressed
Duration of the processing
[Clearly set out the duration of the processing
including dates.]
Nature and purposes of the processing
[Please be as specific as possible, but make
sure that you cover all intended purposes.
The nature of the processing means any
operation such as collection, recording,
organisation, structuring, storage, adaptation
or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or
otherwise making available, alignment or
combination, restriction, erasure or destruction
of data (whether or not by automated means)
etc.
The purpose might include: employment
processing, statutory obligation, recruitment
assessment etc.]
Type of Personal Data
[Examples here include: name, address, date of
birth, NI number, telephone number, pay,
images, biometric data etc.]
Categories of Data Subject
[Examples include: Staff (including volunteers,
agents, and temporary workers), customers/
clients, suppliers, patients, students / pupils,
members of the public, users of a particular
website etc.]
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
[Describe how long the data will be retained
for, how it be returned or destroyed.]
Schedule J Version 15.0
Page 46 of 51
FUJ00234944
FUJ00234944
CONFIDENTIAL
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
Name of 3" party with access to data /
knowledge about data
Location of Datacentre
Schedule J Version 15.0
Page 47 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Subject matter of the processing
Generic Web Services (GWS) Support Facility
Schedule B3.2 — Section 6.1
The Generic Web Services Support Facility
provides a generic set of capabilities to enable a
service based approach to introducing on-line
business transactions. These involve counter
AP-ADC transactions and request / response
interactions with external internet based client
host systems.
Duration of the processing
See : Fujitsu Common Statement.
Nature and purposes of the processing
See : Fujitsu Common Statement.
The GWS Support Facility enables Post Office to
define and introduce into HNG-X new GWS
Clients and amend or update existing GWS.
Clients.
Using the ‘Web Service Client Connection
Process’ (REQ/GEN/PRO/1386) the Generic
Web Services Support Facility enables Post
Office to define for a Generic Web Service
Client (amongst other items) the personal and
other categories of data as follows:
e the transaction mapping between the
In/Out Payment counter message format
and the GWS Client message format; the
field definition, field mapping, field
validation and data transformation
the mapping between the response
received from the GWS Client and the
response returned in the In/Out Payment
Counter Transaction;
the message data which must not be
written to the Generic Web Service log file.
The Generic Web Services Support Facility
enables messages sent to, and responses
received from, the GWS Client to be encrypted
as defined in the ‘Web Service Client
Connection Process’ (REQ/GEN/PRO/1386).
The GWS Clients supported are listed in Annex
2 to the Contract Schedule B3. Each of the GWS
Clients personal and other data types are as
defined in the Post Office Ltd Data mapping
Schedule J Version 15.0
Page 48 of 51
FUJ00234944
FUJ00234944
CONFIDENTIAL
Specifications and the third party Interface
Specifications listed below.
Type of Personal Data See : Fujitsu Common Statement for
Settlement
Relevant Post office supplied Specification
Interfaces:
REQ/APP/AIS/2120 — Home Phone and
Broadband Data Mapping Specification
REQ/APP/AIS/2206 - National Express Data
Mapping Specification
REQ/APP/AIS/2203 — The Health Lottery Data
Mapping Specification
REQ/APP/AIS/2495 - FMCV (Travel Money
Card) Data Mapping Specification
REQ/APP/AIS/2507 - FMCC (Travel Money Click
& Collect) Data Mapping Specification
REQ/APP/AIS/2016 — DVLA Change of Tax Class
Data Mapping Specification
REQ/APP/AIS/2015 — DVLA Vehicle Excise Duty
Data Mapping Specification
REQ/APP/AIS/2562 - Data Mapping
Specification for DVLA Direct Debit Instruction
Capture
Relevant 3" Party supplied Interface
Specifications:
REQAPPAIS2107 — Home Phone and Broadband
Als
REQ/APP/AIS/2104 - National Express AIS
REQ/APP/AIS/2187 - Five From Fifty Service
Contract (The Health Lottery) AIS
REQ/APP/AIS/2485 - FMCV (Travel Money
Card) Service Specification
REQ/APP/AIS/2509- FMCC (Travel Money Click
& Collect) Service Specification
REQ/APP/AIS/2025 — DVLA Change of Tax Class
Als
Schedule J Version 15.0
Page 49 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
REQ/APP/AIS/2018 — DVLA Vehicle Excise Duty
Als
REQ/APP/AIS/2561 - DVLA Extended Licensing
Services AIS Direct Debit Instruction Capture
Deprecated 3" Party supplied Interface
Specifications HERE:
REQ/APP/AIS/2017 — DVLA Duplicate License
REQ/APP/AIS/1805 — Skills Funding Agency
REQ/APP/AIS/2299 - UK BA Sodexo
REQ/APP/AIS/2183 - UK Online Centres
Location AIS
REQ/APP/AIS/1982 - POLO Post Office to Bank
of Ireland Als
‘Personal Data’
¢ Data described in the AlSs and Data
Mapping Specifications may be
considered as Special category or
Personal. However, the only indication
given that that is the case is by the
obfuscation requirements captured in
the Data Mapping Specifications.
Categories of Data Subject
See : Fujitsu Common Statement
Plan for return and destruction of the data
once the processing is complete UNLESS
requirement under union or member state law
to preserve that data type of data
See : Fujitsu Common Statement
Roles and responsibilities of each parties
including sub-processors regarding monitoring
and processing of Personal Data.
See : Fujitsu Common Statement
Name of 3 party with access to data /
knowledge about data
Fujitsu Telecom (for HPBB)
National Express
The Health Lottery
First Rate Exchange Services (FRES)
Driver and Vehicle Licensing Agency (DVLA)
Schedule J Version 15.0
Page 50 of 51
CONFIDENTIAL
FUJ00234944
FUJ00234944
Location of Datacentre
See : Fujitsu Common Statement
Fujitsu GDPR/DPA Data Analyst
Sarah Selwyn
Schedule J Version 15.0
Page 51 of 51