en

1. Introduction

This Data Deletion Policy outlines the framework for securely and promptly deleting customer data in compliance with the General Data Protection Regulation (GDPR) and relevant local laws. It ensures that data is retained only for the necessary period and is deleted when it is no longer required for its original purpose.

2. Scope

This policy applies to all employees, contractors, and third-party service providers with access to customer data within Get Driven.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Data Subject: An individual to whom the personal data pertains.

4. Data Classification

Customer data, particularly personal data, will be categorized based on its sensitivity to determine appropriate retention and deletion practices.

5. Data Retention Periods

Customer data will be retained for the following durations:

  • Post-Contract Data: Retained for three months following the formal end of the service agreement to resolve any potential disputes, process refunds, or manage post-contract obligations.
  • Legal Requirements: Any data required for tax, compliance, or legal obligations will be retained as mandated by local laws.

For specific retention periods by data category, refer to Attachment A.

6. Data Deletion Procedures

  • Deletion Timeline: Customer data will be securely and permanently deleted within three months of the end of the service contract, unless legal requirements dictate otherwise.
  • Secure Methods: Industry-standard methods, including secure wiping and data destruction tools, will be used to ensure irreversibility.
  • Third-Party Vendors: Contracts with third-party processors will include provisions requiring timely deletion of customer data upon termination of services.

7. Data Subject Rights

Under the GDPR, data subjects have the right to request deletion of their personal data.

  • Data Export: Upon request, Get Driven will provide customers with an export of their data in a commonly used and machine-readable format.
  • Temporary Access: If an export is not feasible, Get Driven may offer a time-limited look-up license, subject to the signing of a temporary customer agreement and data processing addendum.

8. Review and Audit

  • Regular audits will be conducted to verify adherence to the data deletion policy.
  • The Data Protection Officer (DPO) is responsible for overseeing compliance and handling any breaches of this policy.

9. Employee Training

All employees handling customer data will undergo mandatory training on GDPR principles, data deletion procedures, and their role in ensuring compliance.

10. Legal and Regulatory Compliance

This policy is designed to ensure compliance with:

  • GDPR (EU Regulation 2016/679)
  • Relevant national and local data protection laws

11. Communication

This policy will be made accessible to all employees and contractors. Updates to the policy will be promptly communicated.

12. Updates and Revisions

The policy will be reviewed annually or whenever changes in data protection laws occur to ensure ongoing compliance.

13. External Resources

For further details on our data protection practices, refer to our Privacy Policy or contact our Data Protection Officer at privacy@getdriven.be.