Comlux
Data retention summary
This summary shows the default categories and purposes for retaining user data. Certain areas may have more specific categories and purposes than those listed here.
Site
Category
- System interaction data
Technical interaction data generated by users interacting with the platform.
Purpose
- Platform Security and Operation
Personal data is processed to ensure the secure operation of the training platform, including authentication, system monitoring, logging and protection against unauthorised access.
- Retention period
- 12 months
| Lawful bases | |
|---|---|
| Legitimate interests (GDPR Art. 6.1(f)) | Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child |
Users
Category
- User Identity Data
Personal data used to identify and authenticate platform users.
Purpose
- User Account Management and Training Participation
Personal data is processed to create and maintain user accounts,
enable authentication, and allow learners to participate in
training programmes delivered through the platform.- Retention period
- 7 years
| Lawful bases | |
|---|---|
| Contract (GDPR Art. 6.1(b)) | Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Course categories
Category
- Training Record Data
Records of training activity, course completion, assessments and certifications.
Purpose
- Training Compliance and Certification
Personal data is processed to maintain training completion records, examination results and certification evidence necessary for organisational compliance and regulatory oversight of training programmes.
- Retention period
- 7 years
| Lawful bases | |
|---|---|
| Legal obligation (GDPR Art 6.1(c)) | Processing is necessary for compliance with a legal obligation to which the controller is subject |
Courses
Category
- Training Record Data
Records of training activity, course completion, assessments and certifications.
Purpose
- Training Compliance and Certification
Personal data is processed to maintain training completion records, examination results and certification evidence necessary for organisational compliance and regulatory oversight of training programmes.
- Retention period
- 7 years
| Lawful bases | |
|---|---|
| Legal obligation (GDPR Art 6.1(c)) | Processing is necessary for compliance with a legal obligation to which the controller is subject |
Activity modules
Category
- Training Record Data
Records of training activity, course completion, assessments and certifications.
Purpose
- Training Compliance and Certification
Personal data is processed to maintain training completion records, examination results and certification evidence necessary for organisational compliance and regulatory oversight of training programmes.
- Retention period
- 7 years
| Lawful bases | |
|---|---|
| Legal obligation (GDPR Art 6.1(c)) | Processing is necessary for compliance with a legal obligation to which the controller is subject |
Blocks
Category
- System interaction data
Technical interaction data generated by users interacting with the platform.
Purpose
- Platform Security and Operation
Personal data is processed to ensure the secure operation of the training platform, including authentication, system monitoring, logging and protection against unauthorised access.
- Retention period
- 12 months
| Lawful bases | |
|---|---|
| Legitimate interests (GDPR Art. 6.1(f)) | Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child |