flable.ai

Data Deletion Guideline

Applying Scope & Purpose of the Guideline

This Data Deletion guideline aims to establish the criteria and procedures for the deletion of data held by FLABLE AI. This policy ensures compliance with data protection laws and regulations, minimizes risk associated with data breaches, and promotes efficient data management.

Deletion Criteria

Non-Personal Data

  • End of Business Purpose: Non-personal data should be deleted when it is no longer useful for the business purposes for which it was collected.
  • Project Completion: Data collected for specific projects or analysis should be deleted upon the completion of the project or when the data is no longer needed for analysis.
  • Storage Limitation: If the data was retained under a storage limitation policy (e.g., data is only kept for a certain number of years for historical analysis), it should be deleted accordingly.
  • Legal and Regulatory Requirements: Like personal data, if there are specific legal or regulatory requirements that dictate the deletion of non-personal data, these must be adhered to.
  • Policy Updates: If updates to data governance policies dictate that certain types of non-personal data are no longer retained, such data should be deleted in accordance with the updated policies.
  • End of Retention Period: Data must be deleted after it reaches the end of its defined retention period as per the Data Retention Policy.
  • No Longer Necessary: Data that is no longer necessary for the purpose for which it was collected.

Personal Data

  • End of Necessity: Personal data should be deleted when it is no longer necessary for the purposes for which it was collected or processed.
  • Consent Withdrawal: If the processing of personal data is based on consent, the data must be deleted immediately upon the data subject withdrawing that consent.
  • Expiration of Consent: If the consent has an expiration date and no other legal ground applies, the data must be deleted when the consent expires.
  • Legal Compliance: Personal data must be deleted if required by law, for instance, upon reaching the end of a legally mandated retention period.
  • Request by Data Subject: If a data subject exercises its right to be forgotten under applicable data protection laws, the data must be deleted, provided that no legal grounds for retaining it exist.

Data Deletion Schedule

  • Quarterly Deletion: Data flagged for deletion on a quarterly basis includes non-sensitive internal communications and temporary files.
  • Annual Deletion: Sensitive data such as customer personal information, employee records, and project data are deleted annually after the retention period expires.
  • Immediate Deletion: Personal data must be immediately deleted upon determination that it is no longer necessary for the purpose for which it was collected, or if the data subject has withdrawn consent and no legal obligation requires its retention.

Data Deletion Procedure

  • Identification: FLABLE AI identifies the data eligible for deletion based on the Deletion Schedule.
  • Verification: Data Landing zone lead verify and approve the list of data for deletion.
  • Execution: IT department uses certified software tools to securely delete electronic data. The deletion process involves overwriting the data multiple times to prevent any possibility of recovery.
  • Confirmation: A final check is performed to ensure data has been irretrievably deleted.
  • Documentation: Each deletion action is documented, including the description of the deleted data, the date of deletion, the method used, and the personnel involved.

Unable to Define Periods

If unable to determine the duration of data storage, we use the following to define the correct time:

  • The location where the data will be stored
  • The type of data
  • If the data is from a project, the contact details of the FLABLE AI lead

Data Subjects Deletion Requests

Data Subjects are requested to send the request for deletion to admin@flable.ai. All data deletion requests will be processed through this contact.

Any deletion request will be fully processed within 10 working days. Once completed, a final confirmation will be sent to the data subject via the above-mentioned contact.

Implementation Methods

For personal data, we specify the server and country/region in which the data lake is located. If multiple storage locations exist, every storage location is specified. The Project management team ensures the deletion of the datasets once the datasets have achieved the purpose or are no longer in the scope of the business purpose immediately or within 90 days as per the use case.

Once the relevant results have been found, please record the storage period of the relevant data (within 90 days as per the use case). The relevant record sheet should be stored in the folder associated with the project/team.

Special Domain Considerations

If data is related to the following domains, respective retention schedules are always referred to as per legal requirements:

  • Privacy, Accounting and Legal: Records relating to accounting, litigations, contracts, intellectual property, corporate household, and treasury.
  • Tax: Everything necessary for your dealings with tax and customs authorities, including income tax, VAT, and employee wage tax.
  • Human Resources: Documents relating to recruitment, HR management, payroll, compensation and benefits, sickness and leave, and pensions.
  • Health and Safety: Governmental inspection records, safety data sheets, audits, company doctor records, hazardous exposure records, accident and injury reports, and insurance records.
  • Environmental Protection: Records relating to waste and emission management and related permits and licenses.
  • Finance: Profit and loss accounts, bid activity, cost engineering, accounts payable and accounts receivable.
  • Transport: Transport records relating to shipping and receiving by air, water, rail, and road.
  • Sales and Marketing: Sales and marketing records and know-your-customer obligations.

Automated Deletion

Given the context of the use case, it has an automated pipeline deleting data on a daily basis. Please keep the log files/history of automatic deletion. In addition, please check the status of the pipeline regularly to ensure that all data related to this use case are deleted automatically.

Data Anonymization

Using data anonymization is recommended. If the personal data is anonymized, the data sets can be stored for a longer period.

flable.ai

Munich, Germany.
Bangalore, India.

+4915145521776

info@flable.ai

Company

TermsPrivacy PolicyCancellation & Refund PolicyData Deletion Guidelines

© 2025 Flable.ai - Your AI Digital Marketing Team