Data retention policy
Personal data is only kept for as long as it is necessary. Then the data is securely destroyed or anonymized. Personal data of the User is retained as long as he/she exploits the provided services by the Data Controller, maintaining a User Account. If the User Account is deleted by the User, the personal data is retained by the Data Controller up to three months from the date of the termination of the services. After the expiration of the personal data retention duration, the data will be deleted by the Data Controller, except for the personal data that is provided to the Data Controller for advertising actions. Such data will be deleted after the User withdraws the consent, in respect to the processing of such data.
Data archiving and removal policy
A User is allowed to delete his/her User Account whenever desired. That option is available inside the Data Controller application with the press of a button. After the User deletes his/her User Account, his/her personal data is automatically deleted as long as from the “connected platforms” unless he/she was a paying user in which case we keep just the necessary information for taxing purposes as the law obliges.
Data storage policy
Data Controller encrypts User’s personal data both at rest and in transit via Google Cloud, Amazon AWS, and Microsoft Azure. All these top cloud service providers are designed, built, and are operating with security top of mind both at rest and in transit by default. VPC Service Controls keeps sensitive data private while using GCP’s fully managed storage and data processing capabilities. It constructs an invisible border around everything in the application that prevents its data from escaping and having the power to set up, reconfigure and tear down these virtual perimeters at will. Well-defined VPC service controls can give admins a greater level of control to prevent data exfiltration from cloud services as a result of breaches or insider threats. With this managed service, Data Controller configures private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored in GCP services, Data Controller feels confident running sensitive data workloads in the cloud. VPC service gives Data controller precise control over which a User can access GCP resources with Access Context Manager. These policies help ensure the appropriate level of protection is in place when allowing access to data in cloud resources from the Internet. Google Cloud is the first cloud provider to offer virtual security perimeters for API-based services with simplicity, speed, and flexibility that far exceeds what organizations can achieve in a physical, on-premises environment.
Data controller encrypts data at rest and transit between the communication among the database and the application. Access to the database is achieved only by using a VPN service from a specific IP address. All post forms with personal data of a User are available via an Https service. Profile images or any other image is Https enabled. The entire application of the Data Controller is available under an Https service.
We would like to highlight that no local/in-house servers have been used or utilised for any purpose related to customer support or platform usage.
Data hosting company
Mentionlytics Ltd
App/service has sub-processors
yes
Guidelines for sub-processors