Assign topic to the user
2. And how long are we required to keep information before have to destroy it?
Answers:
1. In order to be able to provide an answer you I would need more information on whether you are a controller or processor, what services you are providing, where are your customers located in the EU.
2. The EU GDPR states that data should not be kept “longer than is necessary for the purposes for which the personal data are processed” so there is not fixed period to do that unless there is a specific EU member state legal requirement to keep the date longer. This needs to be assessed o a case by case basis considering the purpose of processing as well as the type of data. For example, usually, invoices should be kept for 5 years
To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://advisera.com/training/eu-gdpr-foundations-course//
Hi there, We are writing our privacy policy notice as a Controller in this case. We are a live chat software company. In this scenario we are writing the policy towards people who would visit our website and include their name/identifiable information in our information field so they can chat with us about our software. That means anyone in any country in the EU using our live chat could hypothetically be a data subject, even though we are an American company.
Hypothetically yes, especially if you sell your chat software to EU companies this means you may be targeting data subjects in the Union.
Okay, so knowing this, when writing the privacy notice, should we say under EU law, under US law, or both?
Comment as guest or Sign in
May 17, 2018