Data Deletion Policy

Introduction

This data deletion policy outlines the procedures and guidelines for the safe and timely deletion of customer data in accordance with the General Data Protection Regulation (GDPR). The policy ensures that data is retained only for the necessary period and promptly deleted when no longer needed for the purposes for which it was collected.

Scope

This policy applies to all employees, contractors, and external suppliers who have access to customer data within Identum AS.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Data subject: An identifiable individual whom the personal data is about.

Data Classification

Customer data is classified based on their sensitivity, with specific attention to personal data under the GDPR.

Data Retention Periods

Customer data will be retained for a period of three months after the formal conclusion of the contract between the customer and Identum AS.

Data Deletion Procedures

Customer data will be securely and permanently deleted from all systems (including production, test, and staging environments) and databases within three months after the formal conclusion of the contract. Data deletion will be performed using industry-standard methods to ensure irreversibility.

Rights of the Data Subject

Upon successful deletion, you will receive a confirmation email from Organic Reach Rewards.Data subjects have the right to request the deletion of their personal data. Furthermore:

  • Upon request, Identum AS is obliged to provide data subjects with an export of their data in a commonly used and machine-readable format, to facilitate compliance with other legislation.
  • If providing a data export is not feasible, Identum AS may offer a lookup license for a certain time to allow the data subject access to their data. In such cases, a customer contract and a data processing agreement must be signed to formalize the ongoing processing of data during the specified period.

Review and Audit

Regular reviews and audits will be conducted to ensure compliance with this data deletion policy. The data protection officer is responsible for overseeing these activities.

Employee Training

Employees will receive training on data deletion procedures and the importance of GDPR compliance.

Legal and Regulatory Compliance

This policy is designed to meet the GDPR and other relevant data protection laws.

Communication

This policy will be communicated to all relevant stakeholders, and any updates will be quickly shared.

Updates and Revisions

This policy will be periodically reviewed and updated as necessary to ensure continued compliance with applicable laws and regulations.