- General Retention Period
We generally retain customer data for as long as it is necessary for business purposes or as required by law. However, we may retain certain data for a longer period due to legal, regulatory, or business reasons.
- Specific Retention Periods
- Personal Data: We retain personal data for the duration of our business relationship with the customer, plus an additional 3 years after the end of the relationship.
- Usage Data: We retain usage data for 12 years for analytical purposes.
- Financial Data: We retain financial data for 50 years to comply with financial regulations and for tax purposes.
- Data Deletion
We may delete customer data under the following circumstances:
- Upon Request: Customers can request the deletion of their personal data at any time. We will process such requests within [number] days.
- Inactivity: If a customer account is inactive for 6 years, we may delete the associated data.
- Business Purposes: We may delete data that is no longer necessary for business purposes.
- Legal and Regulatory Compliance
We comply with all applicable laws and regulations regarding data retention, including but not limited to:
Global & Regional Regulations
- GDPR (General Data Protection Regulation): The primary data privacy law for the European Union.
- PDPL (Personal Data Protection Law): The primary data privacy law for the UAE.
United States Regulations
- HIPAA (Health Insurance Portability and Accountability Act): A federal law governing the security and privacy of protected health information.
- CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act): A state-level data privacy law for residents of California.
Indian Regulations
- DPDPA (Digital Personal Data Protection Act): The primary data privacy law for India.