Data Retention Policy
Last Updated: November 25, 2024
This Data Retention Policy outlines how Yarnkul retains, manages, and disposes of personal and non-personal data collected through our services. We are committed to maintaining data only as long as necessary to fulfill legitimate business purposes and comply with applicable legal obligations.
Overview
Yarnkul retains data for specific, limited periods based on the type of information collected and the purpose for which it was obtained. This policy applies to all data processed through our website, services, and communications.
Types of Data Retained
Account Information
Personal data associated with user accounts, including names, email addresses, and profile information, is retained for the duration of the active account plus an additional period as specified below.
Learning Progress Data
Records of course completion, assessment results, and learning activity are maintained to support educational continuity and credential verification.
Communication Records
Correspondence with users, including support inquiries and feedback submissions, is retained to maintain service quality and resolve ongoing matters.
Technical Data
Server logs, access records, and technical diagnostics are collected automatically and retained for system security and performance optimization.
Payment Information
Transaction records and billing details are maintained in accordance with financial recordkeeping requirements. Sensitive payment credentials are not stored directly by Yarnkul.
Retention Periods
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Active Account Data | Duration of account activity | Service provision |
| Inactive Account Data | 24 months after last login | Reactivation opportunity |
| Course Completion Records | 7 years after completion | Credential verification |
| Support Communications | 3 years after resolution | Quality assurance |
| Server Logs | 12 months | Security and diagnostics |
| Financial Records | 7 years after transaction | Accounting obligations |
| Marketing Consent Records | 3 years after withdrawal | Compliance documentation |
Retention Criteria
When determining appropriate retention periods, we consider the following factors:
Purpose Fulfillment: Data is retained only as long as necessary to achieve the purpose for which it was collected.
Legal Requirements: Certain data must be maintained to comply with financial, tax, or other regulatory obligations.
Legitimate Interests: We may retain data to establish, exercise, or defend legal claims, prevent fraud, or ensure system security.
User Expectations: We consider reasonable user expectations regarding data availability, particularly for educational records and account recovery.
Data Disposal
Upon expiration of the applicable retention period, data is securely disposed of through methods appropriate to the sensitivity and format of the information.
Deletion Methods
Electronic Data: Securely erased using methods that prevent recovery, including overwriting and cryptographic erasure.
Backup Systems: Data in backup systems is deleted during the next scheduled backup rotation following the retention period expiration.
Third-Party Systems: We instruct service providers to delete data in accordance with contractual obligations and this policy.
Physical Records: Any physical documents containing personal data are shredded or otherwise destroyed to prevent reconstruction.
Extended Retention
In certain circumstances, we may retain data beyond standard periods:
Legal Holds: When data is subject to litigation, investigation, or regulatory inquiry, retention continues until the matter is resolved.
Dispute Resolution: Data relevant to unresolved disputes or claims is maintained until final resolution.
User Request: Users may request extended retention of their educational records for credential purposes.
Fraud Prevention: Information related to suspected fraudulent activity may be retained longer to protect system integrity.
User Rights
Users have specific rights regarding data retention:
Access: You may request information about what data we retain and for how long.
Deletion: You may request early deletion of your data, subject to legal and contractual obligations.
Objection: You may object to retention practices you believe exceed necessary purposes.
Portability: Before deletion, you may request a copy of your data in a structured format.
Anonymization
Where possible, we anonymize data rather than delete it entirely. Anonymized data cannot be linked back to individual users and may be retained indefinitely for analytical and research purposes.
Anonymization involves removing or altering identifying elements so that re-identification is not reasonably possible using available means.
Third-Party Retention
Service providers and partners who process data on our behalf are contractually required to follow retention practices consistent with this policy. We conduct regular reviews to ensure compliance.
When third-party relationships end, we require return or certified destruction of all data within specified timeframes.
Retention Schedule Review
This Data Retention Policy and associated retention schedules are reviewed annually to ensure continued appropriateness and compliance with evolving legal requirements.
Updates to retention periods are communicated through our standard notification channels and reflected in the last updated date of this policy.
Contact Information
For questions about data retention practices or to exercise your rights:
Email: info@yarnkul.com
Phone: +380954919995
Address: Volodymyra Sosyury St, 5, Kyiv, Ukraine, 02000
This policy is effective as of the last updated date and supersedes all previous versions.
