Data Retention Policy
Last Updated: February 18, 2025
This Data Retention Policy explains how Doroxenth ("we," "us," or "our") retains, stores, and deletes personal data and other information collected through our online platform located at doroxenth.com.
1. Purpose and Scope
This policy outlines the periods for which we retain different categories of data, the criteria used to determine retention periods, and the processes for secure deletion or anonymization of data when it is no longer needed.
This policy applies to all data collected from users, participants, instructors, and visitors of our platform, including but not limited to personal information, usage data, and technical data.
2. Data Categories and Retention Periods
2.1 Account and Registration Data
Data Type: Name, email address, password (hashed), contact information, profile details
Retention Period: Retained for the duration of the active account plus 3 years after account closure or last activity
Purpose: To maintain user accounts, provide services, and comply with legal obligations
2.2 Workshop and Course Enrollment Data
Data Type: Enrollment records, course progress, assignment submissions, completion certificates, grades
Retention Period: Retained for 7 years after course completion or last enrollment activity
Purpose: To maintain educational records, issue certificates, and support ongoing learning
2.3 Payment and Billing Information
Data Type: Transaction records, invoice details, payment method information (tokenized)
Retention Period: Retained for 7 years from the date of transaction
Purpose: To comply with financial reporting requirements, resolve disputes, and prevent fraud
2.4 Communication Records
Data Type: Email correspondence, support tickets, chat messages, feedback submissions
Retention Period: Retained for 3 years from the date of last communication
Purpose: To provide customer support, resolve issues, and improve services
2.5 Technical and Usage Data
Data Type: IP addresses, browser type, device information, access logs, cookies, session data
Retention Period: Retained for 2 years from the date of collection
Purpose: To analyze platform performance, ensure security, and improve user experience
2.6 Marketing and Consent Data
Data Type: Marketing preferences, newsletter subscriptions, consent records
Retention Period: Retained until consent is withdrawn plus 1 year for compliance verification
Purpose: To manage marketing communications and demonstrate compliance with consent requirements
2.7 User-Generated Content
Data Type: Forum posts, comments, uploaded files, collaborative project materials
Retention Period: Retained for the duration of the active account plus 2 years after account closure
Purpose: To maintain platform community and educational resources
3. Retention Criteria
We determine retention periods based on the following criteria:
- Legal Requirements: Compliance with applicable laws, regulations, and legal obligations
- Contractual Obligations: Fulfillment of agreements with users and third parties
- Business Necessity: Operational needs, including service provision and improvement
- Legitimate Interests: Fraud prevention, security, dispute resolution, and enforcement of terms
- User Expectations: Reasonable expectations regarding data availability and service continuity
4. Data Deletion and Anonymization
4.1 Deletion Process
When retention periods expire, we implement the following deletion procedures:
- Permanent deletion from active databases and systems
- Removal from backup systems within 90 days following deletion from active systems
- Secure overwriting or destruction of physical storage media when applicable
- Deletion of data from third-party processors and service providers
4.2 Anonymization
In certain cases, instead of deletion, we may anonymize data by removing all personally identifiable information. Anonymized data cannot be traced back to individual users and may be retained indefinitely for statistical analysis, research, and platform improvement.
4.3 Exceptions to Deletion
Data may be retained beyond standard retention periods when:
- Required by law or legal process (court orders, investigations)
- Necessary for ongoing legal claims or disputes
- Essential for fraud prevention or security investigations
- Retained with explicit user consent for extended periods
- Maintained in backup systems pending scheduled backup cycles (maximum 90 days)
5. User Rights Regarding Data Retention
Users have the following rights concerning their retained data:
- Right to Access: Request information about what data we hold and retention periods
- Right to Deletion: Request early deletion of personal data before retention periods expire
- Right to Restriction: Request limitation of processing during retention periods
- Right to Object: Object to retention based on legitimate interests
- Right to Data Portability: Receive retained data in a structured, machine-readable format
To exercise these rights, contact us at contact@doroxenth.com.
6. Inactive Accounts
Accounts with no activity for 3 consecutive years are considered inactive. We will:
- Send email notifications at 30 months and 33 months of inactivity
- Provide 60 days notice before account closure
- Close the account and begin data retention countdown if no response is received
- Retain data according to the periods specified in Section 2
Users may reactivate accounts during the notice period by logging in or contacting support.
7. Third-Party Data Processing
When we share data with third-party processors (payment providers, hosting services, analytics tools), we ensure they:
- Adhere to retention periods no longer than ours unless legally required
- Delete or return data upon termination of services
- Implement appropriate security measures during retention
- Comply with applicable data protection regulations
8. Data Security During Retention
Throughout the retention period, we implement appropriate technical and organizational measures to protect data, including:
- Encryption of data at rest and in transit
- Access controls limiting data access to authorized personnel only
- Regular security audits and vulnerability assessments
- Secure backup and disaster recovery procedures
- Employee training on data handling and confidentiality
9. Policy Review and Updates
We review this Data Retention Policy annually and update it as necessary to reflect:
- Changes in applicable laws and regulations
- Modifications to our business practices and services
- Technological developments affecting data storage
- User feedback and concerns
Material changes to retention periods will be communicated to users via email or prominent platform notices.
10. Contact Information
For questions, concerns, or requests regarding this Data Retention Policy, please contact us:
Doroxenth
Pécs, Vörösmarty u. 4, 7621
Hungary
Email: contact@doroxenth.com
Phone: +3622379604
11. Record of Retention Policy Updates
| Version | Date | Changes Made |
|---|---|---|
| 1.0 | February 18, 2025 | Initial policy publication |