RoundAssist – User Deletion Policy

1. Purpose

This policy outlines how RoundAssist handles requests from individuals to delete their personal data, in accordance with the EU GDPR (Right to Erasure), Canada’s PIPEDA (Withdrawal of Consent & Retention Limits), and U.S. CPRA/CCPA (Right to Deletion).

Our goal is to provide a clear, consistent, and secure process for deleting user data while balancing business, legal, and regulatory obligations.

2. Scope

This policy applies to all personal data processed by RoundAssist about:

  • Customers and end-users of our products/services
  • Website visitors and subscribers
  • Employees and contractors (where applicable)

3. User Rights

Users may request deletion of their personal data by:

  • Sending an email to [email protected]
  • Submitting a request via our web-based privacy portal (if available)
  • Writing to our privacy office address

RoundAssist will:

  • Acknowledge requests within 5 business days
  • Respond to valid requests within 30 calendar days (or 45 days for U.S. residents where legally allowed)

4. Deletion Process

Upon receiving a valid deletion request:

  1. Verify identity
    • Request confirmation via the account email address or other secure verification methods to prevent fraudulent deletion.
  2. Assess scope
    • Identify all systems, databases, and vendors where the individual’s personal data is stored.
    • Exclude data that must be retained for legal, regulatory, or contractual reasons (see section 5).
  3. Execute deletion
    • Delete personal data from active databases.
    • Anonymize or pseudonymize records where full deletion is not feasible.
    • Queue deletion from backup systems (within defined backup retention cycles).
  4. Confirm deletion
    • Provide written confirmation to the individual once deletion is complete, including a description of any data that could not be deleted due to legal obligations.

5. Exceptions

RoundAssist may retain personal data despite a deletion request if:

  • Required by law (e.g., financial record retention, tax reporting, employment obligations)
  • Necessary to resolve disputes or enforce agreements
  • Needed to detect, prevent, or investigate fraud or security incidents
  • Data is anonymized or aggregated so the individual is no longer identifiable

6. Data Retention Timelines

  • Active systems: Deleted within 30 days of request approval.
  • Backups: Data removed within 90 days, or upon the next scheduled backup purge.
  • Vendor systems: Vendors notified within 10 business days; deletion timelines subject to vendor SLAs.

7. Record-Keeping

  • All deletion requests are logged in the Privacy Request Register (date received, method, requester, outcome, completion date).
  • Records of deletion requests are retained for 3 years for audit and compliance purposes.

8. Responsibilities

  • Privacy Lead / DPO — Oversees request handling and ensures compliance.
  • IT & Security Teams — Execute technical deletion in databases, applications, and backups.
  • Vendor Management — Ensure processors honor deletion requests.

9. Policy Review

This User Deletion Policy is reviewed annually and updated as needed to reflect changes in laws, technology, or RoundAssist’s business practices.

10. Contact Information

For deletion requests or questions:

Data Protection Officer – RoundAssist
📧 [email protected]
📍100 Broadview Ave, unit 300
Toronto, ON, M4M 3H3,
Canada

Scroll to Top