To comply with the terms of the General Data Protection Regulation (GDPR), Solaris must delete customer data when requested or otherwise legally required to do so. Your solution must follow specific guidelines with regard to handling (and deleting) personal data from customers. This page describes how to handle GDPR deletion requests in your system.
If you store any kind of data from customers in your system, then you must subscribe to the PERSON_DELETED webhook so that you can receive notifications whenever Solaris deletes a customer's data. If you also serve business customers, then you must also subscribe to the BUSINESS_DELETED webhook.
As soon as you receive a PERSON_DELETED
or BUSINESS_DELETED
notification, you must immediately delete all data related to the person or business named in the webhook payload.
Notifications on the PERSON_DELETED
and BUSINESS_DELETED
webhooks will contain the ID of the deleted person or business.
Example payload:
{
"id": "d57e8c6c42a94dff9c2db57c4a42cper"
}
Solaris is legally required to delete all records related to persons who did not become Solaris customers (i.e., did not establish a contractual relationship with Solaris) within 90 days of collection. After this 90 day period has passed, Solaris will send a PERSON_DELETED
(or BUSINESS_DELETED
) webhook notification, at which point you must immediately delete their data.