Chorilo Logo

GDPR disclosure & deletion for a contact

Art. 15 GDPR disclosure as a JSON download and final Art. 17 deletion with GoBD-compliant document snapshot logic. Requires "contacts.gdpr".

Web
ChöreChor öffnenVerwaltungKontakteKontakt öffnenDSGVO-Auskunft

Diese Funktion ist nur im Web verfügbar.

Permission required: Contacts › Gdpr

When do you need this?

If someone formally requests information under Art. 15 GDPR or deletion under Art. 17 GDPR, you must respond within one month. Chorilo offers both as separate workflows.

Disclosure (Art. 15 GDPR)

  1. Open the contact's detail view.
  2. Click GDPR disclosure.
  3. The JSON file is downloaded — contains master data, tags, all links to invoices, transactions and events plus metadata.

The action is logged in the security audit log with user ID, IP and timestamp.

Deletion (Art. 17 GDPR, "Right to be forgotten")

  1. Open the contact's detail view.
  2. Click GDPR deletion (red button on the right).
  3. Confirm by typing DELETE into the confirmation field.
  4. Click Delete permanently.

What Chorilo does automatically:

  • Cashbook transactions: name, IBAN and address are transferred into the transaction if empty there. Manually set values stay untouched.
  • Invoices and manual invoices: recipient data are filled in where empty.
  • Event links: removed without replacement.
  • Then the contact record (including tags and links) is hard-deleted — irreversibly.

The action is logged in the security audit log with statistics (number of documents, unlinked references) — useful for your own documentation.

Soft archiving vs. GDPR deletion

Archive only hides the contact and can be undone any time. GDPR deletion removes it permanently. Every formal Art. 17 request requires the real deletion.

Frequently asked questions

What happens to invoices and transactions on deletion?
Accounting-relevant documents (cashbook transactions, invoices, manual invoices) receive a snapshot of the contact data — name, address, IBAN, VAT ID are transferred into the document where empty. Manually set values are not overwritten. GoBD obligations stay fulfilled.
What happens to event links?
Links between contact and event are removed without replacement. Since events have no accounting retention obligation, no snapshot is needed.
Can I undo the deletion?
No. Unlike archiving, GDPR deletion is final. The contact record, all tags and all links are irrevocably removed.

Verwandte Funktionen

Contacts overview

Your choir's external address book. Manage concert promoters, sponsors, banks, insurances, honorary guests and guest musicians in one place with multi-tag filters and search.

Kontakte (Adressbuch)

Archive or restore a contact

Hide contacts you no longer need without losing data. Linked invoices and transactions stay valid. Restore is available any time. Requires "contacts.delete".

Kontakte (Adressbuch)

Still have a question? Ask the AI help bot.

Click the help button in the bottom right and ask your question.