Odriken
Book Now

Data Retention Policy

Last Updated: January 31, 2025

This Data Retention Policy explains how Odriken ("we," "our," or "us") retains, stores, and deletes personal data and other information collected through our platform and services. This policy applies to all users of our educational platform and booking services.

1. Purpose and Scope

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This policy outlines our retention periods and deletion practices across different data categories.

2. Data Categories and Retention Periods

2.1 Account and Profile Information

Personal information including name, email address, phone number, and profile details:

  • Active accounts: Retained for the duration of your account plus 90 days after account closure
  • Inactive accounts: Accounts inactive for 3 years may be anonymized or deleted with prior notice
  • Deleted accounts: Personal data removed within 30 days, except where retention is required by law

2.2 Booking and Transaction Data

Information related to bookings, enrollments, and service purchases:

  • Transaction records: Retained for 7 years from the date of transaction for accounting and tax purposes
  • Booking history: Retained for 3 years after service completion for customer service and dispute resolution
  • Payment information: Tokenized data retained according to payment processor policies; we do not store full payment card details

2.3 Learning and Educational Data

Data generated through use of our educational platform:

  • Course progress and completion records: Retained for 5 years after course completion or last activity
  • Assignments and submissions: Retained for 2 years after course completion
  • Certificates and credentials: Retained permanently or until account deletion, whichever comes first
  • Live session recordings: Retained for 90 days unless specifically saved by request

2.4 Communication Records

Communications between users and our platform:

  • Customer support correspondence: Retained for 3 years from last communication
  • Email communications: Retained for 2 years or until unsubscribe
  • Chat messages with instructors: Retained for 1 year after course completion
  • Notifications and system messages: Retained for 90 days

2.5 Technical and Usage Data

Technical information collected during platform use:

  • Access logs and IP addresses: Retained for 12 months
  • Cookie and tracking data: Retained according to cookie policy, typically 12-24 months
  • Device and browser information: Retained for 18 months
  • Usage analytics: Aggregated and anonymized after 6 months

2.6 Marketing and Preference Data

Information related to marketing communications and user preferences:

  • Marketing consent records: Retained for 3 years after consent withdrawal
  • Preference settings: Retained for duration of account plus 90 days
  • Newsletter subscriptions: Retained until unsubscribe plus 30 days

3. Legal and Compliance Retention

Certain data may be retained longer than standard periods when required by law or legitimate business interests:

  • Tax and accounting records: 7 years minimum as required by financial regulations
  • Legal claims and disputes: Duration of legal proceedings plus 6 years
  • Regulatory compliance: As required by applicable regulations
  • Fraud prevention: Up to 5 years for security and fraud detection purposes

4. Data Deletion and Anonymization

4.1 Deletion Process

When retention periods expire, we employ the following deletion methods:

  • Secure deletion from active databases within 30 days of retention period expiration
  • Removal from backup systems within 90 days following standard backup rotation cycles
  • Permanent destruction of archived data according to secure deletion protocols

4.2 Anonymization

Where beneficial for analytics or research purposes, we may anonymize data instead of deletion. Anonymized data:

  • Cannot be traced back to individual users
  • May be retained indefinitely for statistical analysis and service improvement
  • Does not constitute personal data under privacy regulations

5. User Rights and Requests

5.1 Right to Deletion

Users may request deletion of their personal data before standard retention periods expire, subject to legal exceptions. Deletion requests are processed within 30 days.

5.2 Right to Data Portability

Users may request a copy of their data in machine-readable format. Data exports are provided within 30 days of request.

5.3 Exceptions to Deletion

We may retain data despite deletion requests when:

  • Required by law or legal obligation
  • Necessary for legal claims or defense
  • Required for fraud prevention or security purposes
  • Needed to complete transactions or provide requested services

6. Data Storage and Security

Throughout the retention period, all data is:

  • Stored on secure servers with encryption at rest and in transit
  • Protected by access controls limiting data access to authorized personnel
  • Backed up regularly according to disaster recovery protocols
  • Monitored for unauthorized access or security breaches

7. Third-Party Data Processors

We work with third-party service providers who process data on our behalf. These providers:

  • Are contractually obligated to follow our retention policies
  • Must implement appropriate security measures
  • May only retain data for the duration of service provision
  • Must delete or return data upon contract termination

8. Children's Data

For users under the age of 18, we apply enhanced protection measures:

  • Parental consent records retained for duration of account plus 3 years
  • Educational records retained according to parental preferences where legally permitted
  • Deletion requests from parents or guardians processed with priority

9. Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. The successor organization will be bound by this retention policy unless users are notified of changes and provided opportunity to delete their data.

10. Policy Updates

We may update this Data Retention Policy to reflect changes in our practices or legal requirements. Updates will be posted with a revised "Last Updated" date. Continued use of our services after updates constitutes acceptance of the revised policy.

11. Contact Information

For questions about our data retention practices or to exercise your rights:

Odriken
Niedźwiedzia 4C
02-737 Warszawa, Poland
Email: info@odriken.com
Phone: +48510999591

12. Record of Retention Periods Summary

Data Type Retention Period Basis for Retention
Active account data Account duration + 90 days Service provision
Transaction records 7 years Legal and tax compliance
Course progress 5 years Educational records and credentials
Support communications 3 years Customer service and quality
Access logs 12 months Security and fraud prevention
Marketing consent 3 years after withdrawal Legal compliance
Session recordings 90 days Educational purposes

This Data Retention Policy is effective as of the last updated date and applies to all data collected through our platform and services.