Data Retention Requirements. (a) With respect to the CCPA: Businesses are not required to retain Personal Information collected for a single, one-time transaction if the information is not sold or retained by the business. However, businesses that sell or retain Personal Information shall provide disclosures to consumers regarding the collection and use of their Personal Information covering the preceding 12-month period from the date of receipt of the request. (b) With respect to the GDPR: Personal Data must be retained in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed, except as provided in the Applicable Privacy Law. Information about the period for which Personal Data will be stored, or if that is not possible, the criteria used to determine that period, shall to be included as part of the information requirements (see Section 2.5(b) above).
Appears in 3 contracts
Sources: Data Protection Agreement, Master Subscription Agreement, Master Subscription Agreement