Home My Library Resources
Home About Contact

Data Deletion Policy

 Effective January 1st 2019 

Section Title

CFIBootcamp.com takes data privacy seriously.

1. Purpose
To ensure that personal and sensitive data collected, processed, or stored by CFI Bootcamp is securely and permanently deleted when no longer required for business, legal, or regulatory purposes, in compliance with applicable data protection laws and industry best practices.

2. Scope
This policy applies to all personal data (including, but not limited to, student records, instructor profiles, marketing contacts, billing details, and analytics logs) processed or stored by CFI Bootcamp systems, platforms, and third-party services worldwide.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Data Subject: An individual whose personal data is processed by CFI Bootcamp (e.g., students, instructors, prospects).

  • Data Deletion: The secure removal or destruction of data such that it cannot be reconstructed or retrieved.

  • Data Retention Period: The length of time CFI Bootcamp is required or chooses to keep certain data before deletion.

4. Policy Principles

  1. Lawfulness & Transparency

    • Only collect and retain personal data for legitimate, clearly communicated purposes.

  2. Data Minimization

    • Retain the minimum amount of personal data necessary for operational, legal, or compliance needs.

  3. Purpose Limitation

    • Do not use data for purposes beyond those originally specified without obtaining fresh consent.

  4. Accountability

    • Maintain records of deletion requests and deletion actions to demonstrate compliance.

 5. Data Deletion Procedures

  1. Automated Deletion

    • Systems are configured to automatically flag data for deletion upon expiration of retention periods.

  2. Manual Deletion Requests

    • Data Subjects may request deletion via info@cfibootcamp.com or through their dashboard.

    • Verify requester identity before processing.

    • Log request in the Data Deletion Register.

  3. Secure Deletion Methods

    • Electronically stored data: cryptographic erase or multi-pass overwrite.

    • Physical media: shredding or degaussing.

  4. Third-Party Vendors

    • Ensure contracts with vendors include obligations for timely, verifiable data deletion.

6. Roles & Responsibilities

  • Data Protection Officer (DPO)
    Oversees policy enforcement and handles escalation of complex deletion requests.

  • IT Operations
    Implements and monitors automated deletion processes; performs manual purges.

  • Support Team
    Receives and validates deletion requests; liaises with DPO and IT.

  • Legal & Compliance
    Advises on retention requirements stemming from regulatory changes.

7. Verification & Record-Keeping

  • Maintain a Data Deletion Register recording:

    • Request date

    • Verified identity of the Data Subject

    • Data categories deleted

    • Deletion method

    • Completion date

  • Perform quarterly audits to confirm that scheduled deletions have executed successfully.

8. Exceptions

  • Data required for ongoing litigation or investigations will be “locked” and retained until the matter is resolved.

  • Critical system logs needed for security monitoring may exceed standard analytics retention under DPO approval.

9. Policy Review

  • This policy will be reviewed annually (or upon significant legal/technical changes) by the DPO and updated as needed.