This Policy sets out how long the Operator of the @protected.is domain retains different categories of personal and operational data, the legal basis for each retention period, and how data is deleted when retention periods expire or upon valid request.
This Policy applies to all data processed in connection with the @protected.is domain, including data received from or about Communicating Parties. It supplements the Privacy Notice and is required for compliance with GDPR Article 5(1)(e) (storage limitation principle) as implemented under Icelandic law.
Legal basis for retention generally: Data is retained only as long as necessary for the purpose for which it was collected, or as required by the legal obligations and legitimate interests described in this Policy — in particular, the Operator's right to enforce the Communications & Data Liability Agreement and Policy and to respond to regulatory and legal proceedings.
| Data Category | Examples | Retention Period | Legal Basis |
|---|---|---|---|
| Email Communications General correspondence |
Emails sent to/from @protected.is addresses | 3 years from date of communication |
Legitimate interest — dispute resolution, Agreement enforcement |
| Incident Records Breach evidence, demand letters |
Data Breach Evidence Records, Unique Email Notices, demand letters, arbitration filings | 5 years from incident discovery, or until final legal resolution — whichever is later |
Legitimate interest — legal proceedings; Legal obligation — statute of limitations |
| Unique Email Assignment Records | Unique Email Acknowledgment Notices | Duration of relationship + 5 years from last contact with Communicating Party |
Legitimate interest — proof of assignment for Agreement enforcement |
| Website Usage Data | Server logs, access logs, diagnostic data from protected.is | 90 days rolling |
Legitimate interest — security monitoring, abuse detection |
| Contact / Inquiry Data | Emails sent to privacy@protected.is or other contact addresses | 2 years from date of inquiry |
Legitimate interest — record of correspondence; Contract performance |
| Legal Hold Data | Any data subject to active litigation, arbitration, or regulatory inquiry | Indefinite until legal hold is lifted |
Legal obligation — evidence preservation duty |
Incident records are retained for 5 years regardless of whether a demand letter was sent or legal action was taken. The statute of limitations for contract claims in Illinois is 5 years for written contracts. Retaining records for this full period ensures the Operator can pursue claims up to the last possible moment.
When a retention period expires, data is deleted or anonymized within 30 days of the expiry date. Deletion means permanent removal from all active systems and backups where technically feasible. Where complete deletion is not technically feasible (e.g. encrypted backup archives), data is anonymized so that it can no longer be attributed to an individual.
Communicating Parties whose data is processed by the Operator in connection with the @protected.is domain have the following rights under applicable law. These rights are subject to the limitations and exceptions described in the Privacy Notice Section 11 and applicable legal requirements.
Request a copy of personal data the Operator holds about you and information about how it is processed.
Request correction of inaccurate personal data held about you.
Request deletion of your data where retention is no longer necessary, subject to legal hold and legitimate interest exceptions. Note: data retained for Agreement enforcement cannot be deleted while a claim is active or pending.
Request restriction of processing in certain circumstances, e.g. while accuracy is contested.
Object to processing based on legitimate interest. The Operator will assess and respond, but may maintain processing where overriding legitimate grounds exist — including Agreement enforcement.
Request a structured, machine-readable copy of data provided by you and processed on the basis of consent or contract performance.
To exercise any of these rights, contact privacy@protected.is. The Operator will respond within 30 days. Identity verification may be required before processing requests. If you are unsatisfied with the response, you have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) at personuvernd.is.
The right to erasure under GDPR Article 17 does not override the Operator's legitimate interest in retaining data for the purpose of enforcing the Communications & Data Liability Agreement and Policy. Specifically:
A deletion request submitted by a Communicating Party after or during a Security Incident investigation will be treated as a potential attempt to interfere with evidence and will be logged. The request will be refused on the basis of GDPR Article 17(3)(b) (legal claims) and Article 17(3)(e) (legal obligations). The request itself will be retained as part of the incident record.
This Policy is reviewed annually and updated as needed. The current version is always available at protected.is/retention/. Material changes will be reflected in an updated version number and effective date.
Governing Law: This Policy is governed by the dual-jurisdiction framework of the Communications & Data Liability Agreement and Policy — Illinois law for US parties, Icelandic law and GDPR for EEA parties. Data protection inquiries: privacy@protected.is · Regulatory authority: Persónuvernd (personuvernd.is)