Data Exclusion Policy
Data Exclusion Policy
This data deletion policy outlines the procedures and guidelines for the secure and timely deletion of customer data, in compliance with the General Data Protection Regulation (GDPR). The policy ensures that data is retained only for the necessary period and promptly deleted when it is no longer needed for the purposes for which it was collected.
This data deletion policy outlines the procedures and guidelines for the secure and timely deletion of customer data, in compliance with the General Data Protection Regulation (GDPR). The policy ensures that data is retained only for the necessary period and promptly deleted when it is no longer needed for the purposes for which it was collected.
Scope
Scope
This policy applies to all employees, contractors, and external suppliers who have access to customer data within Identum AS.
This policy applies to all employees, contractors, and external suppliers who have access to customer data within Identum AS.
Definitions
Definitions
Personal data: Any information related to an identified or identifiable natural person.
Data subject: An identifiable individual to whom the personal data refers.
Personal data: Any information related to an identified or identifiable natural person.
Data subject: An identifiable individual to whom the personal data refers.
Data Classification
Data Classification
Customer data is classified based on its sensitivity, with special attention to personal data as defined by the GDPR.
Customer data is classified based on its sensitivity, with special attention to personal data as defined by the GDPR.
Data Retention Periods
Data Retention Periods
Customer data will be retained for a period of three months after the formal completion of the contract between the customer and Identum AS.
Customer data will be retained for a period of three months after the formal completion of the contract between the customer and Identum AS.
Data Deletion Procedures
Data Deletion Procedures
Customer data will be securely and permanently deleted from all systems (including production, testing, and staging environments) and databases within three months after the formal conclusion of the contract. The deletion will be carried out using industry-recognized methods to ensure irreversibility.
Customer data will be securely and permanently deleted from all systems (including production, testing, and staging environments) and databases within three months after the formal conclusion of the contract. The deletion will be carried out using industry-recognized methods to ensure irreversibility.
Data Subject Rights
Data Subject Rights
After successful deletion, you will receive a confirmation email from Organic Reach Rewards. Data subjects have the right to request the deletion of their personal data. Additionally:
Upon request, Identum AS is obliged to provide the data subject with an export of their data in a commonly used and machine-readable format, to facilitate compliance with other legislation.
If data export is not feasible, Identum AS may offer a temporary consultation license to allow the data subject access to the data. In such cases, it is necessary to sign a customer contract and a data processing agreement to formalize the ongoing processing during the specified period.
After successful deletion, you will receive a confirmation email from Organic Reach Rewards. Data subjects have the right to request the deletion of their personal data. Additionally:
Upon request, Identum AS is obliged to provide the data subject with an export of their data in a commonly used and machine-readable format, to facilitate compliance with other legislation.
If data export is not feasible, Identum AS may offer a temporary consultation license to allow the data subject access to the data. In such cases, it is necessary to sign a customer contract and a data processing agreement to formalize the ongoing processing during the specified period.
Review and Audit
Review and Audit
Regular reviews and audits will be conducted to ensure compliance with this data deletion policy. The data protection officer is responsible for overseeing these activities.
Regular reviews and audits will be conducted to ensure compliance with this data deletion policy. The data protection officer is responsible for overseeing these activities.
Employee Training
Employee Training
Employees will receive training on data deletion procedures and the importance of compliance with GDPR.
Employees will receive training on data deletion procedures and the importance of compliance with GDPR.
Legal and Regulatory Compliance
Legal and Regulatory Compliance
This policy has been developed to comply with the GDPR and other relevant data protection laws.
This policy has been developed to comply with the GDPR and other relevant data protection laws.
Communication
Communication
This policy will be communicated to all relevant stakeholders, and any updates will be promptly disclosed.
This policy will be communicated to all relevant stakeholders, and any updates will be promptly disclosed.
Updates and Revisions
Updates and Revisions
This policy will be reviewed periodically and updated as necessary to ensure ongoing compliance with applicable laws and regulations.
This policy will be reviewed periodically and updated as necessary to ensure ongoing compliance with applicable laws and regulations.
WORK WITH US
TRANSPARENCY
WORK WITH US
TRANSPARENCY
WORK WITH US
TRANSPARENCY