Data Retention Policy for Personal Data

Due to BASIS ID legal obligations stated in Data Protection Laws to store and process data only as long as it is necessary, BASIS ID has developed Data Retention Policy. This document is intended to describe what are the retention periods for Personal Data stored within BASIS ID on behalf of Data Controllers, how it is deleted in connection with Data Controller’s cancellation, termination or modifying the Subscription within BASIS ID Services. BASIS ID obtains personal information on behalf of and  processes such information only on written instructions from Data Controllers in accordance with BASIS ID’s agreement with such Data Controllers. This Policy does not apply to Personal Information other than of the end-users of Data Controller who Data Controller has authorised BASIS ID to store.

This Retention Policy shall be an integral part of Software-as-a-Service agreement commenced with Subscribing to BASIS ID Services.

 

Account Cancellation or Termination

Upon thirty (30) days after termination or cancellation of the Subscription for the Services, an automated process will begin, as a consequence of which, the Personal Data will be permanently deleted. Except for BASIS ID trial subscription periods, in case of subscribing to more that one Service offered by BASIS ID, an automated deletion process will begin after cancellation or termination of each of the Service Subscription separately. Once commenced, this process cannot be reversed and Personal Data will be permanently deleted.

BASIS ID acknowledges all of the risks connected to commencement of such automated process, including events when cancellation or termination was fraudulent, incidental or non-intentional. Taking into consideration the specificity of the Services, the purpose of storing data and all of the legal interest towards Personal Data processed and stored within BASIS ID Services, BASIS ID considers the period of thirty (30) days as a reasonable time for recovery or transferring to Data Controller’s possession.

Data Migration

In the circumstances when the Personal Data is deemed to be transferred (migrated) to another database or data centre, either on the concern of the Data Controller, due to security matters or other relevant reason, the copy of Personal Data will be created to avoid data loss and ensure Personal Data has been fully transmitted to another location. The assurance process conducted by BASIS ID may take up to thirty (30) days from the date of the commencement of such migration. Upon completing the migration process, the Personal Data stored within the formal database or data centre will be deleted pursuant to the timelines indicated in the tables below.

The following table contains the details of BASIS ID Services, types of Personal Data and describes the associated deletion details once the deletion process has commenced:

Know Your Customer Solution

Personal Data Description Timeline for Deletion in case of Cancellation, Termination or Migration
First Name, Last Name 40 days
Personal e-mail 40 days
Social Media 40 days
Photo of Identification Document 40 days
Video Recording (Biometrical Facial recognition results) 40 days
Credit/debit card verification data & results 40 days
Sanctions Screening data & results 40 days
Residential Address Verification data & results 40 days
Source of Crypto Funds data & results 40 days

Data Deal (Compliance Solution)

Personal Data Description Timeline for Deletion in case of Cancellation, Termination or Migration
Contact form data 60 days
Marketing form data 60 days
Processing consent form data 60 days
HR form data 60 days
Terms&Conditions consent box data 60 days
Cookie consent box data 60 days
GDPR form data 60 days

Limitations to this Policy

This Data Deletion Policy is applicable only to the specific Service Data described above. As described in greater detail in our Privacy Policy and Subscription Terms, BASIS ID collects certain information from Subscribers to the Services, such as: the names and email addresses of Agents; billing address; and other information which may be used for billing, business analytics, marketing, and notification purposes (collectively, “Customer Information”).

The deletion procedures in this Data Deletion Policy do not apply to Customer Information, which is maintained by BASIS ID in accordance with its Privacy Policy and SaaS Agreement. Similarly, BASIS ID collects and retains Usage Data, other metadata and statistical information concerning the use of the BASIS ID Services which are not subject to the deletion procedures in this Data Deletion Policy.

BASIS ID reserves the right not to adhere to this Policy when deleting Personal Data in cases where BASIS ID terminates an Account for violation of our Privacy Policy or SaaS Agreement.