Under data protection rules, you should not retain personal data for longer than necessary, so we recommend that you review and clean up your Impact Stack data on a regular basis.
Find out more about your Impact Stack data here
When to expire data is up to you as the data controller; there’s no way for us to know when the purpose of a petition or other form has been fulfilled. We’re happy to work with you to carry out data expiry to your requirements.
Is expiry the same as deletion?
Rather than just deleting supporter data, we expire it for you. This means that the record will continue to exist in Impact Stack, so that any counters or analytics continue to work and your overall supporter numbers won't change, but all personally identifiable data will be gone. This means you can still access general information on eg which payment methods were most popular, which action, or version of an action, had the most submissions, but you are not retaining personal data.
What data can be expired?
These are the areas that hold data in Impact Stack that you may want to expire:
-
Contact data of the supporter record: All personal identifiable data will be deleted. The system will retain information showing that the record existed, including non-identifable data: country, supporter tags and, if applicable, the MP data.
-
Webform data We can delete webform data, either for specific nodes, or for all nodes. (Deleting this data would not affect the supporter record, which is held separately, so if you’ve added a segmentation tag showing that the supporter took this action, this won’t be affected, and you’ll still have a record that they took the action.) It is also possible to delete the data of a specific form field. For instance the comment field, or the email to target recipient and email.
- Bank details in form submissions (in case of direct debit via Impact Stack) can also be deleted.
After changing the data in the Impact Stack database, it is advisable to delete the CSV export files from your Nextcloud. The last 6 months will get regenerated overnight, with the new expired data in place.
Default data expiry set up
This is our default suggestion for data expiry on Impact Stack:
- Automatically expire all webform submissions older than 12 months
- Automatically expire all contact data without activity (no form submissions on Impact Stack) in the last 12 months
- One-off deletion of all data on files.impact-stack.org older than 12 months, then regular deletion of data on files.impact-stack.org every 3 months (beginning of January, April, July and October). Deleting this data is a manual process in the current version of Impact Stack that will take 15min of your support time every 3 months.
We can set up data expiry for you within 45-60min of your included support time. The expiry timeframe is flexible, so you can decide how old (in months) the data needs to be to get expired. If you need customisations on top of the expiry timeframe (for example to only expire contacts without an opt-in AND without activity) we would need to extend our set up to fit your needs. We can estimate the work needed for this more accurately once we know your exact requirements.
Deletion requests - SAR
A supporter may contact you and request for their data to be deleted. It is possible to delete individual supporter records or form submissions within the Impact Stack interface. However, we recommend contacting support to ask us to carry out this task for you - that way we can keep an (anonymised) list of records which are not to be restored in case we ever need to restore your database from backups, and make sure that the record isn't recreated in error. Back ups are retained for six months, after which they are deleted.
Comments