Latest updated : November 19, 2025
1. Purpose
This policy outlines how long Tradoly has retained personal data collected through its platform, in compliance with:
- The General Data Protection Regulation (GDPR),
- The Danish Data Protection Act (Act No. 502 of 23 May 2018), and
- Applicable Danish sectoral laws (e.g., accounting, contract law).
The purpose is to ensure that data is not stored longer than necessary and is securely deleted or anonymized when no longer needed.
2. Scope
This policy applies to all personal data collected from:
- Registered users (buyers and sellers),
- Visitors,
- Business partners and dealers.
It covers all systems and formats (e.g., databases, logs, backups, email servers).
3. Retention Schedule
| Data Category | Purpose | Retention Period | Action After Expiry |
|---|---|---|---|
| User Account Info (name, email, phone, preferences) | User identification and service delivery | 12 months after account deletion or inactivity | Deleted or anonymized |
| Chat Messages | Buyer–seller communication and support | 6 months after last message or transaction | Deleted or anonymized |
| Vehicle Listings | Listing vehicles and historical reference | 6 months after listing expiration | Anonymized for analytics or deleted |
| Payment Records (receipts, transaction data) | Compliance with Spanish tax law | 10 years from end of fiscal year | Secure deletion |
| Support Communications (tickets, emails) | Customer service quality and dispute resolution | 12–24 months | Deleted |
| Access & Activity Logs (IP, login, session data) | Security and technical troubleshooting | 12 months | Deleted |
| Marketing Consent Logs | GDPR consent verification | 2 years after last communication | Deleted |
| Fraud/Abuse Investigation Records | Legal defense and abuse prevention | Up to 3 years from incident closure | Deleted or archived securely |
| User Reviews/Comments | Platform integrity and community value | Duration of account + 6 months | Deleted or anonymized |
| AI/Analytics Data Sets (pseudonymized) | Service improvement and insights | Indefinite if fully anonymized | No action needed |
4. Data Minimization and Anonymization
Wherever feasible, Tradoly replaces personal data with pseudonymized or anonymized versions after the original purpose has been fulfilled.
Anonymized data may be retained for:
- Service improvement (e.g., AI training),
- Statistical reporting,
- Research and development.
5. Backups
Backup data containing personal information is subject to the same retention periods but may be retained up to 30 additional days solely for restoration purposes.
6. Responsibilities
- Data Protection Officer (DPO): Oversees compliance and audits retention.
- IT Department: Ensures technical implementation of automated deletion.
- Business Teams: Define data purposes and notify when retention rules change.
7. Review and Updates
This policy is reviewed annually or upon major changes in legal, regulatory, or operational requirements.
8. Contact
For questions about this policy, contact: