Under data protection rules, you should not retain personal data for longer than necessary, so we recommend that you review and clean up your Impact Stack data on a regular basis.
When to expire data is up to you as the data controller; there’s no way for us to know when the purpose of a petition or other form has been fulfilled. We’re happy to work with you to carry out data expiry to your requirements.
Is expiry the same as deletion?
Rather than just deleting supporter data, we expire it for you. This means that the record will continue to exist in Impact Stack, so that any counters or analytics continue to work and your overall supporter numbers won't change, but all personally identifiable data will be gone. This means you can still access general information on eg which payment methods were most popular, which action, or version of an action, had the most submissions, but you are not retaining personal data.
What data can be expired?
These are the areas that hold data in Impact Stack that you may want to expire:
- Contact data of the supporter record: All personal identifiable data will be deleted. The system will retain information showing that the record existed, including non-identifable data: country, supporter tags and, if applicable, the MP data.
- Webform data We can delete webform data, either for specific nodes, or for all nodes. (Deleting this data would not affect the supporter record, which is held separately, so if you’ve added a segmentation tag showing that the supporter took this action, this won’t be affected, and you’ll still have a record that they took the action.) It is also possible to delete the data of a specific form field. For instance the comment field, or the email to target recipient and email.
- Bank details in form submissions (in case of direct debit via Impact Stack) can also be deleted.
After changing the data in the Impact Stack database, it is advisable to delete the CSV export files from your Nextcloud. The last 6 months will get regenerated overnight, with the new expired data in place.
Data expiry process
We'll work through your requirements so that we're all clear about which data should be expired. You'll need to think about:
- Which data do you want to expire, based on the list above?
- For which time frame should the data be kept? In other words, what is the date of the oldest data you would like to keep?
- Of which actions do you want to expire the form data?
- Do you want to consider the opt-in status when expiring the supporter contact data? For this it might be useful to do a data import from another tool (CRM, email marketing) first - so all records have a synchronized, up to date opt-in status.
- Do you want to regularly expire data? Once we run the expiry manually and you are happy with the results, we can look into automation.
Depending on your needs we will amend our expiry scripts for the different areas of data. The time required will depend on how complex your requirements, and the size of your database. If it is very straightforward it might be within your included support time. Most expiry requests can be covered within a 5h support package.
Deletion requests - SAR
A supporter may contact you and request for their data to be deleted. It is possible to delete individual supporter records or form submissions within the Impact Stack interface. However, we recommend contacting support to ask us to carry out this task for you - that way we can keep an (anonymised) list of records which are not to be restored in case we ever need to restore your database from backups, and make sure that the record isn't recreated in error. Back ups are retained for six months, after which they are deleted.