GDPR deletion requests

To comply with the terms of the General Data Protection Regulation (GDPR), Solaris must delete customer data when requested or otherwise legally required to do so. Your solution must follow specific guidelines with regard to handling (and deleting) personal data from customers. This page describes how to handle GDPR deletion requests in your system.

How to handle a GDPR deletion request

If you store any kind of data from customers in your system, then you must subscribe to the PERSON_DELETED webhook so that you can receive notifications whenever Solaris deletes a customer's data. If you also serve business customers, then you must also subscribe to the BUSINESS_DELETED webhook.


As soon as you receive a PERSON_DELETED or BUSINESS_DELETED notification, you must immediately delete all data related to the person or business named in the webhook payload.

Notifications on the PERSON_DELETED and BUSINESS_DELETED webhooks will contain the ID of the deleted person or business.

Example payload:

    "id": "d57e8c6c42a94dff9c2db57c4a42cper"

Solaris is legally required to delete all records related to persons who did not become Solaris customers (i.e., did not establish a contractual relationship with Solaris) within 90 days of collection. After this 90 day period has passed, Solaris will send a PERSON_DELETED (or BUSINESS_DELETED) webhook notification, at which point you must immediately delete their data.