This document sets out our policy for responding to requests for deletion of data under the GDPR (General Data Protection Regulation). This document explains the rights of the data subject in relation to data deletion and the responsibilities of GridRival in responding to a data-deletion request.
2. Individual Rights
An individual has the right to erasure, also known as ‘the right to be forgotten’. The principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
3. When does the right to erasure apply?
As stipulated in the GDPR, individuals have a right to have personal data erased and to prevent processing in specific circumstances:
• Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
• When the individual withdraws consent
• When the individual objects to the processing and there is no other legal ground for the relevant processing activity
• When the personal data was unlawfully processed
• Where the personal data has to be erased in order to comply with a legal obligation
4. What information does GridRival retain?
5. How can data be deleted?
A GridRival system administrator can delete data from the GridRival system on request. This data is deleted from the system immediately and cannot be recovered. Data that has been deleted or otherwise destroyed can not be recovered at any time.
Data collected and processed by our 3rd party data partners will remain for a period in accordance to each of their individual retention policies.
Data may still remain in the system's back-up files, which will be deleted periodically. Information may request to be deleted from our 3rd party providers with an email to [email protected]. We undertake to perform the deletion within one month (30 calendar days) and will send you a confirmation once the information has been deleted. As time permits, we will perform the request as soon as possible.