How should I handle customer requests for account deletion or data anonymization?

This guide helps you understand and correctly address customer requests related to data privacy, particularly concerning account deletion and data anonymization under regulations like GDPR or CCPA. It clarifies the differences between these concepts, explains the technical and legal context, and provides guidance on how to fulfill such requests within the Cleeng ecosystem.

Understanding data deletion vs. data anonymization in Cleeng

When a customer (end user) requests their account or data to be "deleted," it's crucial to understand the distinction between true data deletion and data anonymization, which is Cleeng's primary method for fulfilling such privacy requests.

• Data Deletion (Complete Removal): This implies the irreversible and absolute erasure of all personal data, making it impossible to link any information back to an individual. In many contexts, especially for transactional data, complete deletion is rarely feasible due to legal and technical obligations.
• Data Anonymization (Cleeng's Approach): This is the process of processing personal data in such a way that it can no longer be attributed to a specific data subject. This additional information is kept separately and is subject to technical and organizational measures to ensure non-reidentifiability.  
  -> How Cleeng handles it: When a customer’s data is anonymized in Cleeng, all personally identifiable information (PII) such as their name, email address, physical address, and payment method details are removed or transformed into a non-identifiable format. However, certain transactional records (e.g., that a subscription was purchased, a payment was made, or content was accessed) may be retained in an anonymized, aggregated form for legal compliance, financial auditing, and statistical purposes. This approach fulfills the "right to be forgotten" as defined by GDPR while allowing you to meet other critical legal and business requirements. This is because such anonymization is the process that irreversibly removes any possibility of linking data back to an identifiable individual, thus making the data anonymous and outside the scope of data protection laws like GDPR or CCPA.

Why complete account deletion is not always feasible

While respecting user privacy is paramount, complete deletion of all records is often legally and technically impractical for businesses, including those using Cleeng.

• Legal & Regulatory Compliance: Laws such as tax regulations (e.g., requiring retention of financial transaction records for several years), anti-money laundering (AML) laws, and consumer protection laws often mandate that businesses retain certain transactional data for specific periods.
• Financial Integrity & Auditing: Retaining anonymized transactional records is essential for financial reporting, audits, and handling potential chargebacks or disputes.
• System Integrity & Analytics: Anonymized data helps maintain the integrity of your historical data for aggregated trend analysis (e.g., churn rates, subscription growth) without compromising individual privacy.

How to guide my customers for data anonymization requests?

When a customer contacts you asking for their data to be "deleted," explain that while full deletion is often not possible due to the reasons above, their data can be anonymized to effectively remove all personal identification.

1. Collect Key Information

• The customer's email address associated with their account.
• A clear statement of their request (e.g., "I want my personal data removed," "Please anonymize my account").

2. Explain the Anonymization Process:

• Clearly communicate that their PII will be removed from your systems and Cleeng's, rendering their data non-identifiable.
• Explain that some anonymized transactional data may be retained for legal/financial purposes.
• Inform them about the timeframe for processing the request.

How to process anonymization in Cleeng?

Use the tools within the Cleeng platform to process the anonymization request for the customer’s account. See the Anonymizing customer data article that explains how you can comply with such customer wishes and how you can easily anonymize personal customer data directly from the Cleeng dashboard.

What is Cleeng's role in data anonymization?

Cleeng provides the tools and processes to facilitate data anonymization requests on your behalf, ensuring compliance with relevant data protection regulations. Once an anonymization request is processed in Cleeng, the customer's PII is systematically removed from their record.

When should I contact Cleeng Support?

If you face any issues while processing a request or have questions beyond the standard anonymization process, please gather the following information before contacting Cleeng B2B Support for assistance:

• Customer's Email Address: The email address of the customer making the request.
• Date of Customer’s Request: When the customer first requested anonymization.
• Details of Any Complications: Describe any error messages or unusual behavior encountered when attempting to process the request.
• Confirmation of Explanation: Confirm that you have explained the anonymization process to the customer.

Related articles:

• Anonymizing customer data