Data Retention Policy
This Data Retention Policy is effective on March 22, 2021
CAKE GDPR Data Retention Policy
Definitions
The following definitions apply throughout this Data Retention Policy.
Personal Data
Personal data means any information relating to an identified or identifiable natural person that is not also considered to be Sensitive Personal Data, Operational Personal Data, Marketing Personal Data, or Metric Personal Data.
Natural Person
Natural person means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
HR Personal Data
HR Personal Data means any Personal Data necessary for Human Resources employment purposes according to applicable law.
Sensitive Personal Data
Sensitive Personal Data means any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or data concerning a natural person’s sex life or sexual orientation.
Operational Personal Data
Operational Personal Data means any personal data that is used by CAKE for the purpose of operating its systems and the Services and includes, but is not limited to, internal identifiers that CAKE’s systems and/or the Services use as references for or to leads, events, clicks, or actions performed by Users.
Metric Personal Data
Metric Personal Data means any personal data that is used by CAKE for the purpose of measuring the performance of its systems and the Services or the systems and services of
CAKE’s customers.
Marketing Personal Data
Marketing Personal Data means any personal data that is used by CAKE or CAKE’s customers solely for marketing purposes.
Contract Duration
The Contract Duration is the length of time measured in months from the date a contract or agreement is executed between CAKE and any customer or relevant third party and the date such contract or agreement is terminated.
Retention Period
The Retention Period is the length of time measured in months after which the data to which the Retention Period applies is purged. If the Retention Period is described as Permanent,” the data type is held indefinitely.
Default Retention Periods
As Processor
The following retention period profiles are in effect when CAKE acts as a Data Processor on behalf of any third party who qualifies as a Data Controller. These are default values that may only be changed through a special request and payment for all necessary engineering steps.
Data Category | Default Retention Period |
---|---|
Personal Data | Contract Duration + 1 month (after last usage) |
Sensitive Personal Data | 12 months |
Operational Personal Data | Contract Duration + 1 month (after last usage) |
Metric Personal Data | Contract Duration + 1 month (after last usage) |
Marketing Personal Data | Contract Duration + 1 month (after last usage) |
As Controller
The following retention period profiles are in effect when CAKE collects data as the Data Controller.
Data Category | Default Retention Period |
---|---|
Personal Data | Contract Duration + 1 month (after last usage) |
Sensitive Personal Data | 12 months |
HR Personal Data | Permanent (while in use); As Required by Law |
Operational Personal Data | Contract Duration + 1 month (after last usage) |
Metric Personal Data | Contract Duration + 1 month (after last usage) |
Marketing Personal Data | Contract Duration + 1 month (after last usage) |
Additional Terms Related to Retention
CAKE will delete or anonymize data in accordance with the above retention periods, unless:
1. CAKE must keep it to comply with applicable laws or evidence compliance with such applicable laws;
2. there is an outstanding issue, claim or, dispute requiring CAKE to keep such data until the issue, claim, or dispute is resolved; or
3. the data must be kept for CAKE’s legitimate business interests, such as fraud prevention and enhancing users’ safety and security.