CBAMOS
Privacy PolicyKVKKGDPRTerms of ServiceCookie PolicySLADPA

Data Retention Policy

Last updated: December 1, 2024


CBAMOS DATA RETENTION POLICY

This Data Retention Policy defines how long CBAMOS retains different categories of data and the processes for data deletion and archival. It ensures compliance with legal and regulatory requirements (including GDPR and CBAM Regulation) and protects user privacy.

1. Introduction

We retain collected data only as long as necessary for the purpose and legal obligations. When retention periods expire, data is deleted or anonymized.

2. Retention Principles

Core principles: necessity, legality, transparency, security, and secure deletion when retention expires. Retention periods comply with GDPR, CBAM Regulation (10-year document retention), and applicable financial/tax rules.

3. Data Categories and Periods

User account data: Profile and preferences for duration of account + 30 days; password history 12 months; deleted accounts 30 days post-deletion.

Business data (CBAM): Emissions reports, CBAM declarations, verification records, certificates, evidence — 10 years per CBAM Regulation.

Audit and compliance: Audit trail and access logs 7 years; change history and approval records 10 years.

Support data: Support tickets and communications 3 years post-resolution. Application logs 90 days; security logs 7 years.

4. Deletion Procedures

Data is automatically deleted when the retention period expires, when an account is deleted (after grace period), or when a user requests deletion (subject to legal holds). User-initiated deletion requests can be submitted via Settings > Privacy > Delete Data; we execute within 30 days where legally permitted.

5. Contact

For questions about data retention or deletion: [email protected]

Contact us for questions about this document: [email protected]

CBAMOS - Carbon Border Adjustment Mechanism Compliance Platform