How long is the Data retention period?

Identify the retention period of personal data

Legally speaking, personal data cannot, under any circumstances, be retained for an unlimited period of time. Regarding this point, the CNIL has set a time limit for the data retention personal data in each field, via recommendations and simplified standards.

In order to define the data retention period for the personal data you process, you need to carry out a compliance analysis of your processing operations. Don't forget that regulations have already set out certain data retention periods, notably in articles such as L3243-4 of the French Labor Code. 

However, many doubts may arise daily regarding the retention period of processed personal data. 

Duration of data retention in the event of prolonged user inactivity

The user's account (excluding administrators) is deleted after 36 months of total inactivity. The user is informed 30 days, 15 days and then 5 days before the deletion of his/her account, so that he/she can object to the deletion.

Each time you connect to the application or platform, the period starts anew for 36 months.

In the event of a dispute with the user, the account must be kept for the duration of the dispute.

The deletion of the account implies the deletion of the user account except :

• administrative data that may be requested by the tax authorities (e.g invoices)
• administrative data that may be requested by the CNIL (e.g access request),
• technical data (e.g connection logs and IP address) that may be requested by the police for a maximum period of 12 months
• data relating to client's misconduct (e.g non-payment, etc.).

Duration of data retention of personal data in the event of termination of the business relationship as a processor

The user may request deletion of his or her account at any time.

The deletion of the account implies an archiving of the account for a period of 3 months during which the user may request the recovery of his account.

At the end of this 3-month period, the account is automatically deleted except :

• administrative data that may be requested by the tax authorities (e.g invoices)
• administrative data that may be requested by the CNIL (e.g access request),
• technical data (e.g Connection logs and IP address) that may be requested by the police for a maximum period of 12 months
• data relating to client misconduct (e.g non-payment, etc).

Data retention period for CNIL (National Commission for Information Technology and Civil Liberties) logs : Connection logs and tokens

The user may request deletion of his or her account at any time.

The deletion of the account implies an archiving of the account for a period of 3 months during which the user may request the recovery of his account.

At the end of this 3-month period, the account is automatically deleted except :

• administrative data that may be requested by the tax authorities (e.g invoices)
• administrative data that may be requested by the CNIL (e.g access request),
• technical data (e.g connection logs and IP address) that may be requested by the police for a maximum period of 12 months
• data relating to client misconduct (e.g non-payment, etc).

How to create a GDPR charter with Dipeeo?

Tell us about your project

With a questionnaire answered in -5min ⏱️

One of our experts will contact you

In -24h ⏱️

You receive your document

In -24h ⏱️