As the data processor, Aptem will act on the instructions of the data controller, and data will be removed on request only. This ensures manual oversight, so no data is accidentally deleted, or deleted too early, simply due to automated processing.
When a data deletion request has been submitted via a support ticket, Aptem works on this request within reasonable time, though not extending over 1 month for simple requests or 3 months for complex requests. This timeline can be paused when the information provided to Aptem is incomplete, for the time that is required to get the full details.
When Aptem initiates the data removal, the data is initially only hidden from the system view, and is then anonymised 30 days later via an automated process. This allows for a short period of data recoverability, should a request have been made in error. At the point when a learner is anonymised within the active system, all documents associated with the learner will be removed.
Data is usually anonymised rather than deleted, to allow for continued statistical data analysis.
For standard removal requests, as per industry standard, within 12 months of being anonymised within the active system, the user data is removed from backups, which completes the removal process.
For expedited removal requests, which will involve losing the ability to restore from backups prior to the user’s removal, the user data is removed from backups at an earlier time than the industry standard of 12 months.
Details required by Aptem to process a user removal request
- User’s first name
- User’s last name
- User’s email address
- Request type
- Written approval from authorised customer representative