Skip to main content
Skip table of contents

Data Deletion Policy

  1. Introduction This data deletion policy outlines the procedures and guidelines for the safe and timely deletion of customer data in accordance with the General Data Protection Regulation (GDPR). The policy ensures that data is retained only for the necessary period and promptly deleted when no longer needed for the purposes for which it was collected.

  2. Scope This policy applies to all employees, contractors, and external suppliers who have access to customer data within Identum AS.

  3. Definitions

    1. Personal data: Any information relating to an identified or identifiable natural person.

    2. Data subject: An identifiable individual whom the personal data is about.

  4. Data Classification Customer data is classified based on their sensitivity, with specific attention to personal data under the GDPR.

  5. Data Retention Periods Customer data will be retained for a period of three months after the formal conclusion of the contract between the customer and Identum AS.

  6. Data Deletion Procedures Customer data will be securely and permanently deleted from all systems (including production, test and staging environments) and databases within three months after the formal conclusion of the contract. Data deletion will be performed using industry-standard methods to ensure irreversibility.

  7. Rights of the Data Subject Data subjects have the right to request the deletion of their personal data. Furthermore: Upon request, Identum AS is obliged to provide data subjects with an export of their data in a commonly used and machine-readable format, to facilitate compliance with other legislation. If providing a data export is not feasible, Identum AS may offer a lookup license for a certain time to allow the data subject access to their data. In such cases, a customer contract and a data processing agreement must be signed to formalize the ongoing processing of data during the specified period.

  8. Review and Audit Regular reviews and audits will be conducted to ensure compliance with this data deletion policy. The data protection officer is responsible for overseeing these activities.

  9. Employee Training Employees will receive training on data deletion procedures and the importance of GDPR compliance.

  10. Legal and Regulatory Compliance This policy is designed to meet the GDPR and other relevant data protection laws.

  11. Communication This policy will be communicated to all relevant stakeholders, and any updates will be quickly shared.

  12. Updates and Revisions This policy will be periodically reviewed and updated as necessary to ensure continued compliance with applicable laws and regulations.

  13. External Resources For additional insights into our data protection program, you may visit the Privacy section of the Visma Trust Centre: https://www.visma.com/trust-centre/privacy

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.