Legal
Data Retention Policy
Last updated: 2026-07-07
Retention periods
- Registry records (public) — retained for as long as the record serves the registry's verification function; lifecycle changes (status, disputes, expiry) are recorded rather than deleted, so the audit trail stays coherent.
- Submitted evidence documents — retained privately for the life of the associated record plus up to 6 years (limitation-period documentation), unless earlier deletion is requested and no legal obligation requires retention.
- Account data — retained while the account exists; deleted or anonymized within 90 days of account closure, except where statutory retention (e.g. §147 AO / §257 HGB commercial and tax records: 6–10 years) applies.
- Payment records — retained per statutory commercial/tax retention (up to 10 years).
- Server logs / visitor analytics — short-lived operational data, retained no longer than 30 days unless needed for security investigation.
- Newsletter subscriptions — until unsubscribed; suppression entries kept to honour opt-outs.
Deletion requests
Requests for access, correction or deletion: compliance@swlef.com. Where a record was relied upon in verification, SWLEF may retain a minimal audit stub (identifiers, dates, status history) as permitted by GDPR Art. 17(3).