Personal data generally is to be deleted when the intended usage is over. Simultaneously with this obligation to delete, there is the burden of proof in the context of judicial or extrajudicial disputes, e.g. for the evidence of an opt-in or the intended use of the data. This means there is a legitimate interest, with a duration of 36 months after sending the last message (limitation period), to save personal data for the proof of intended usage.

For more information, we link to this document of the Certified Senders Alliance (CSA): Obligation to Delete vs. Burden of Proof. https://certified-senders.org/wp-content/uploads/2018/09/Obligation-to-Delete-vs-Burden-of-Proof.pdf

Therefore, the data saved in promio.connect is subject to these standard deleting rules:

• 36 months after an address is added to the blacklist, the personal data of this data set is automatically deleted. The internal user ID remains the same, but the data set contains no further information after deletion.
• The entry in the blacklist remains and prevents a new import or registration of the address.
• A deletion log records the timestamp and extent of the deletion. The deletion log does not contain personal data.
• Therefore, after deletion, no connection can be drawn to personal data anymore.

These standard deleting rules are the minimum–differing, stricter rules can be defined for each client. The following processes are possible:

• Parameter: Number of days after entry into blacklist: min. 1 day, max. 1095 days (3 years)

• Parameter: Number of days after last sending of a message: min. 90 days, max. 1095 days (3 years)

• An automatic import process can be set up. Included email addresses will be deleted automatically. The user of promio.connect carries the responsibility for this deletion process. Warning: a falsely deleted data set cannot be restored in promio.connect.