Satori Data Deletion Policy
Satori’s Data Deletion Policy ("Deletion Policy") describes how our customers' service data is deleted with respect to the cancellation or termination of an account in the Satori service or with respect to deletion of data under the GDPR (General Data Protection Regulation), which comes into force in May 2018. This document explains the rights of data subjects in relation to data deletion and the responsibilities of Satori in responding with such requests.
Individuals have the right to erasure, also known as "the right to be forgotten". The principle underpinning this right is to enable individuals to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Individuals have a right to have personal data deleted and to prevent processing in the following circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no other legal ground for the relevant processing activity.
- When the personal data was unlawfully processed.
- Where the personal data has to be erased in order to comply with a legal obligation.
Satori keeps two types of data for each customer account:
- Technical information about the data stores protected by the Satori service (hostname, port, type, etc.).
- Personal information of the users allowed to access the management console (email address and name).
- Policy configuration (identity provider group names, custom tag definitions, etc).
Data Access Metadata
Consists of various fields that describe the activity of accessing data to the data stores protected by the Satori service. For a full list of fields, see Metadata Shared from Data Access Controllers with the Management Console.
Deletion of Service Data
When an account is cancelled or terminated, configuration data is immediately "soft deleted" by moving it from the primary data set of the management console database to a secondary data set that is not accessed by the management console application or APIs.
90 Day Holding Period
The data is kept in the secondary data set for a period of 90 days in service of any customer-related inquires that might arise after an account is cancelled or terminated, afterwards it's "hard-deleted" from the secondary data set.
When an account is cancelled or terminated, data access metadata is immediately "hard-deleted".