Data Protection and Deletion Policy
1. Introduction
This Data Deletion Policy outlines the procedures and guidelines for the secure and timely deletion of customer data in compliance with the General Data Protection Regulation (GDPR). The policy ensures that data is retained only for the necessary period and is deleted promptly when it is no longer required for the purposes for which it was collected.
2. Scope
This policy applies to all employees, contractors, and third-party vendors who have access to customer data within Smart eGroup companies.
3. Definitions
Personal Data: Any information related to an identified or identifiable natural person.
Data Subject: An identifiable individual to whom the personal data relates.
4. Data Classification
Customer data shall be classified based on its sensitivity, with specific attention to personal data under the GDPR.
5. Data Retention Periods
Customer data will be retained for a period of three days to three months after the formal end of the contract between the customer and Smart eGroup.
6. Data Deletion Procedures
Customer data will be securely and permanently deleted from all systems and databases within three months of the formal termination of the contract. Data deletion will be carried out using industry-standard methods to ensure irreversibility.
7. Data Subject Rights
Data subjects have the right to request the deletion of their personal data.
Additionally:
Upon request, Smart eGroup is obligated to provide data subjects with an export of their data in a commonly used and machine-readable format, facilitating compliance with other legislation. If providing a data export is not feasible, Smart eGroup may offer a look-up license for a defined time to allow the data subject to access their data. In such cases, a customer contract and a data processing agreement must be signed to formalize the continued processing of the data during the specified period.
8. Review and Audit
Regular reviews and audits will be conducted to ensure compliance with this data deletion policy. The data protection officer is responsible for overseeing these activities.
9. Employee Training
Employees will receive training on data deletion procedures and the importance of compliance with the GDPR.
10. Legal and Regulatory Compliance
This policy is designed to comply with the GDPR and other relevant data protection laws.
11. Communication
This policy will be communicated to all relevant stakeholders, and any updates will be promptly shared.
12. Updates and Revisions
This policy will be reviewed periodically and updated as necessary to ensure ongoing compliance with applicable laws and regulations.
Data Deletion Requests
Smart eGroup (including Smart eDesigners, Smart eBookings, Smart eCampaign, Smart eAds) is committed to protecting the privacy of our users. This Privacy Policy outlines the procedures and guidelines for users to request the deletion of their personal data. Please read this policy carefully to understand our practices regarding your personal information and how to exercise your right to have data deleted.
Submit an email to ticket@smartesupport.com including the following information in your request:
– Full name.
– Email address associated with your account.
– Phone number associated with your account.
– Account profile associated with your social network (e.g.: Facebook profile link).
– Specific details of the data you want to be deleted.
To ensure the security and privacy of your data, we may need to verify your identity before processing the deletion request. We may request additional information or documentation to confirm your identity. Once your identity is verified, we will promptly process your data deletion request in accordance with applicable data protection laws. Please note that certain legal obligations or legitimate interests may require us to retain some information even after a deletion request is processed.
Star Florence Tours (Italy)
