GDPR deletion requests
To comply with the terms of the General Data Protection Regulation (GDPR), Solaris must delete customer data when requested or otherwise legally required to do so. Your solution must follow specific guidelines with regard to handling (and deleting) personal data from customers. This page describes how to handle GDPR deletion requests in your system.
How to handle a GDPR deletion request
If you store any kind of data from customers in your system, then you must subscribe to the PERSON_DELETED webhook so that you can receive notifications whenever Solaris deletes a customer's data. If you also serve business customers, then you must also subscribe to the BUSINESS_DELETED webhook.
note
As soon as you receive a PERSON_DELETED or BUSINESS_DELETED notification,
you must immediately delete all data related to the person or business named
in the webhook payload.
Notifications on the PERSON_DELETED and BUSINESS_DELETED webhooks will
contain the ID of the deleted person or business.
Example payload:
{
"id": "d57e8c6c42a94dff9c2db57c4a42cper"
}note
Solaris is legally required to delete all records related to persons who did
not become Solaris customers (i.e., did not establish a contractual
relationship with Solaris) within 90 days of collection. After this 90
day period has passed, Solaris will send a PERSON_DELETED (or
BUSINESS_DELETED) webhook notification, at which point you must
immediately delete their data.
