Data Deletion Policy
Effective Date: May 26, 2025
1. Purpose
This Data Deletion Policy outlines the procedures and responsibilities related to the secure and compliant deletion of personal data and other sensitive information managed by Zenattica. The policy ensures that data is deleted in a manner that complies with applicable data protection laws and internal retention policies.
2. Scope
This policy applies to:
- All employees, contractors, and third-party service providers
- All systems, devices, and platforms used to store or process data
- All categories of data, including personal, confidential, and sensitive data
3. Data Types Covered
- Personal Identifiable Information (PII)
- Customer Data
- Employee Data
- Financial Data
- Logs and Backups
- Archived Records
4. Data Retention & Deletion Timeline
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Customer Data | 5 years after last activity | Secure wipe or deletion from database |
| Employee Records | 7 years post-employment | Secure deletion and shredding |
| Transaction Logs | 2 years | Overwrite and delete |
| Backup Files | 30 days | Automatic purge mechanism |
Note: Retention periods may vary based on jurisdictional and regulatory requirements.
5. Deletion Methods
Data must be deleted using secure methods:
- Digital Data: Overwriting, degaussing, or cryptographic erasure
- Physical Media: Shredding, pulverizing, or incineration
- Cloud Services: API-based deletion following vendor-specific security standards
6. User Data Deletion Requests
Under data privacy laws (e.g., GDPR, CCPA), users may request deletion of their data.
Request Process:
- Requests must be submitted via [support email / web form].
- Identity verification is required.
- Response provided within [30 days] (or as per applicable regulation).
- Confirmation of deletion will be sent upon completion.
7. Roles & Responsibilities
- Data Protection Officer (DPO): Ensures compliance and oversight.
- IT Department: Executes deletion procedures for systems and backups.
- HR/Legal Teams: Manages employee and legal data deletions.
- All Staff: Must report any data retention/deletion issues promptly.
8. Audit & Compliance
- Deletion activities may be audited annually.
- Logs of deletion activities must be maintained for [12 months].
- Non-compliance may result in disciplinary action or penalties.
9. Policy Review
This policy will be reviewed at least annually or when significant changes occur in business operations or legal requirements.