Advise ehf. – Data Retention and Deletion Policy
Effective Date: April 1st 2026
Owner: CTO
Approved By: Executive Management
Applies To: All Advise employees, contractors, and third parties handling personal or confidential data on behalf of Advise ehf.
1. Purpose
The purpose of this policy is to define how Advise ehf. ("Advise") retains, archives, and deletes personal and business data in compliance with:
- The General Data Protection Regulation (GDPR 2016/679)
- The Icelandic Act on Data Protection and the Processing of Personal Data (No. 90/2018)
- Customer contractual obligations and data protection best practices
This ensures that personal data is not kept longer than necessary, is securely destroyed when no longer needed, and that data subjects' rights under GDPR Articles 5(1)(e) and 17 are upheld.
2. Scope
This policy applies to:
- All personal data processed by Advise through the Advise Platform, internal systems, or sub-processors (e.g., Heroku, Google BigQuery, Google Cloud Identity).
- All business, operational, and support data stored in electronic or physical form.
- All employees, contractors, and third-party service providers with access to Advise-managed data.
3. Principles
Advise follows these principles for data retention and deletion:
- Necessity: Data is retained only for legitimate business, legal, or contractual reasons.
- Proportionality: Retention periods are based on the type and purpose of the data.
- Security: Stored data remains protected using encryption and access controls throughout its lifecycle.
- Timely Deletion: Data is deleted or anonymized once the retention period expires.
- Accountability: Advise maintains records of deletion activities and can demonstrate compliance.
4. Data Retention Schedule
Customer Relationship
| Category of Data | Purpose | Retention Period | Disposal Method | Rationale |
| Customer Account Data (e.g., company name, billing contact, email) | Account management, billing, and service communication | Duration of subscription + 5 years (for financial/legal recordkeeping) | Secure deletion from CRM and accounting systems | General limitation period for claims is 4 years but retaining data about Customer Account Data for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Platform User Data (e.g., name, email, login credentials) | Authentication and service delivery | Active subscription + 30 days after termination | Automatic deletion from platform databases and backups | To support account management and ensure secure deactivation. |
| Customer Uploaded Data (business/transactional data stored in BigQuery) | Service functionality (analytics, visualization) | Active subscription + 30 days after termination | Secure deletion and overwriting of storage tables | To support account management and ensure secure deactivation. |
| Logs & Audit Trails (system, security, access logs) | Security monitoring and compliance | 90 days (operational logs), 180 days (audit/security logs) | Automated log rotation and deletion | To support effective security monitoring, incident investigation, and compliance. These periods reflect common industry practice and are limited to what is necessary and proportionate. |
| Support Tickets and Communications | Customer service and incident tracking | 5 years from termination of the contractual relationship 30 days for call recordings (electronic monitoring) |
Secure deletion from ticketing system | General limitation period for claims is 4 years but retaining data about customers' requests for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. Call recordings (electronic monitoring if persistent or repeated regularly and involves some form of surveillance of individuals): Max 30 days, unless necessary to establish/exercise/defend legal claims – then keep longer (e.g. up to limitation). |
| Backups and Snapshots | Disaster recovery and continuity | 7 days rolling backups | Automatic encrypted overwriting | To support efficient disaster recovery while minimising the volume of stored personal data. |
Marketing
| Category of Data | Purpose | Retention Period | Disposal Method | Rationale |
| Marketing and Newsletter Data | Direct marketing (current customers) | 5 years from individual's objection of using its information for marketing purposes | Removal from marketing systems | Customer info may be used for direct marketing unless the customer opts-out |
| Marketing and Newsletter Data | Direct marketing (prospects) | 5 years from withdrawal of consent or 5 years from ceasing using the customer contact information for marketing purposes | Removal from marketing systems | Using potential customer's data for direct marketing is only permitted if the individual consents. If the prospect withdraws its consent, the information can no longer be used for these purposes. |
Company and Employees
| Category of Data | Purpose | Retention Period | Disposal Method | Rationale |
| Accounting records | To meet legal obligations | 7 years Annual financial statements shall be kept for 25 years. |
Secure deletion or anonymization | Required according to Art 20(1) and (3) of the Accounting Act No. 145/1994 |
| Tax records | To meet legal obligations | 11 years | Secure deletion or anonymization | 10-year limitation period for major offences of the Income Tax Act (intent or gross negligence) and 1 year buffer advisable. In general, the Tax Authorities may reassess for up to 6 years prior to the reassessment year. In specified cases – such as income in low-tax countries or for bribery offences – they may reassess for up to 10 years prior to the reassessment year. |
| Email accounts and inboxes (e.g. emails of terminated employees) | To support business operations, communication continuity and record keeping | E-mails for personal purposes: Once the employment relationship ends Business related e-mails: until purpose for processing no longer exists |
Secure deletion or anonymization | At termination of employment, the employer should generally allow the employee to delete or copy personal emails and files (unless there is suspicion of misconduct). The company can retain e-mails relating to the business until the purpose for processing no longer exists. |
| Unsuccessful applicants' CV and other info | For compliance and potential future recruitment needs, including responding to any claims or disputes | 1 year from the date the unsuccessful applicant was notified of non-selection | Secure deletion or anonymization | The usual working rule is that the Personal Data of unsuccessful applicants are retained for 6 months to a year in order to deal with any claims that may arise. This is because the time limit to bring a complaint before the Equal Rights Appeals Committee (e.g. in case of alleged discrimination in the application process) is 6 months. |
| Employment information | HR and payroll administration | 5 years from end of employment | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining employment information for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Employment activities and records (e.g. performances, reviews, disciplinaries, employment history) | Manage employment relationship | 5 years from end of employment | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining employment activities and records for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Financial records (e.g. employee promotions, benefits) | Manage employment relationship | 5 years from end of employment | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining financial records for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Medical records | Manage employment relationship, payroll administration | Until purpose for processing no longer exists | Secure deletion or anonymization | Until the purpose no longer exists (e.g. once sick-day recording is finalized and payroll/verification is completed, or when the medical leave has ended and related HR actions are closed). Subject to any legal holds (such as in case of reasonably anticipated lawsuits etc.). |
Legal and Privacy
| Category of Data | Purpose | Retention Period | Disposal Method | Rationale |
| Vendor and Sub-processor Agreements | Manage commercial relationships, ensure contractual compliance, maintain records necessary for legal obligations | 5 years from termination of contract relationship | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining contracts for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Contracts | Document and manage contractual relationships, meet legal and regulatory obligations | 5 years from termination of contract relationship | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining contracts for 5 years would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
| Privacy related requests | To document and respond to privacy-related requests and demonstrate compliance | 5 years from closure of the request/complaint | Secure deletion or anonymization | General limitation period for claims is 4 years but retaining this information would be advisable as it provides additional safeguard e.g. in case of late-arising disputes, delayed claims or regulatory inquiries. |
5. Data Deletion Procedures
5.1 Customer Data
- Upon termination or expiration of a customer's subscription, data is made available for export for 30 days.
- After this window, data (including backups) is permanently deleted within 30 days.
- Deletion includes:
- Production databases (Heroku Postgres, BigQuery datasets)
- Associated metadata, logs, and authentication records
- Linked resources in Heroku and Google Cloud environments
- Customers may request a Certificate of Deletion upon completion.
5.2 Backup Deletion
- Backups are encrypted (AES-256) and stored for 7 days.
- Overwritten automatically by new backups after the retention period.
- No manual access or restoration is permitted beyond the defined retention window except for disaster recovery purposes.
5.3 Manual and Automated Processes
- Deletion processes are automated wherever feasible.
- Manual deletion (e.g., user requests) follows documented procedures.
- Records of deletion are maintained for audit and accountability.
6. Legal and Regulatory Retention
Certain categories of data may be retained longer where required by:
- Financial or tax laws (e.g., accounting records kept for 7 years, tax records kept for 11 years)
- Contractual obligations with customers or partners
- Legal claims or dispute resolution processes
Where extended retention is necessary, data is isolated, access-restricted, and archived until deletion is permitted.
7. Data Anonymization and Aggregation
Where complete deletion is not feasible (e.g., analytical datasets), data is:
- Anonymized so individuals can no longer be identified, or
- Aggregated for statistical or performance metrics.
Such anonymized data is outside the scope of GDPR.
8. Data Subject Requests for Deletion (Right to Erasure)
- Data subjects may request deletion of their personal data under Article 17 GDPR.
- Requests are verified and logged, then processed within 30 days.
- Where deletion conflicts with legal retention obligations, the data will be restricted instead of deleted, and the data subject will be informed.
9. Responsibilities
| Role | Responsibilities |
| Data Protection Officer / ISM | Ensure implementation and oversight of this policy; approve deletion schedules; maintain deletion records. |
| System Owners / Engineers | Execute automated and manual deletion processes; ensure retention settings in systems (Heroku, BigQuery, Cloud Identity) align with this policy. |
| All Employees | Follow data handling and disposal rules; report exceptions or suspected policy violations. |
10. Verification and Audit
- Retention and deletion controls are reviewed annually as part of Advise's internal audit program.
- Automated reports from systems (e.g., Heroku, BigQuery) validate that deletions occur within the expected timeframe.
- Audit findings and corrective actions are tracked by the Information Security Manager.
11. Enforcement
Failure to comply with this policy may result in disciplinary action, revocation of access privileges, or termination of employment or contract. Serious breaches may lead to regulatory reporting obligations under GDPR Articles 33–34.
12. Review and Maintenance
This policy is reviewed annually or upon significant changes in:
- Applicable laws or contractual requirements
- System architecture or data flows
- Business processes or risk assessments
All revisions are approved by executive management and communicated to all personnel.
13. Related Documents
- Data Protection Policy
- Information Security Policy
- Data Processing Agreement (DPA)
- Incident Response Plan
- Access Control Policy
- Business Continuity & Disaster Recovery Plan