Under GDPR rules, personal data may only be retained by a data processor as long as a user gives their permission and there is a clear business objective being achieved by the data processor retaining that data. Pulsate will retain any information that a data controller has sent us as long as the data controller remains a client of Pulsate or until we receive notice that user data should be deleted.
If a client (data controller) decides to end their contract with Pulsate Mobile Ltd there will be therefore be no business requirement for Pulsate to retain any data (including personal data) which that data controller has sent to Pulsate to process and that client's account and all data related to it will be deleted by Pulsate Mobile Ltd within 30 days of the ending of the clients contractual relationship with Pulsate Mobile Ltd.
Under the GDPR and other regulations there are very strict regulations related to what happens in the event of a data breach. Pulsate Mobile Ltd has taken all possible steps to ensure that our system is secure. However, in the event of a data breach, Pulsate Mobile Ltd undertakes to notify all of the necessary stakeholders in a timely fashion and to take all necessary steps to minnimise issues arising from that breach.
Under GDPR, it is the data controller's responsibility to notify the relevant authority within 72 hours of any data breach of personal user data. For our part, as a data processor, Pulsate Mobile Ltd. undertakes to notify all clients (data controllers) of any breach of the personal data that they control within 48 hours of Pulsate Mobile Ltd becoming aware of that breach.