Data Removal Policy for Rukovoditel-Based Application

Version: 1.0
Effective Date: March 26, 2026
Last Updated: March 26, 2026

This Data Removal Policy (hereinafter “the Policy” ) explains how Cadvision (hereinafter “we”, “us”, “our”, “Makers Community Projects”) handles the deletion of personal data collected through our Rukovoditel-based application (hereinafter “the Application” ).

We are committed to respecting your privacy rights, including the right to erasure (also known as the “right to be forgotten”) under applicable data protection laws such as the GDPR and CCPA. This Policy provides clear instructions on how you can request removal of your data and what happens during the process.

1. What Data Can Be Removed

You may request removal of the following categories of personal data:

Data Category	Description
Account Data	Your username, email address, hashed password, profile information, and account settings.
User-Generated Content	Records, entities, tasks, comments, file attachments, and any other content you created within the Application.
System Logs	IP addresses, browser information, and activity logs associated with your account.
Cookie Data	Session and preference cookies stored on your device (you may also clear these via your browser).

Important Note: If you are using the Application as part of an organization (e.g., your account was created by an employer or client), you may need to contact the account administrator first. In such cases, the organization is the data controller, and we will cooperate with their authorized representative.

2. Retention Periods Before Deletion

Different types of data are retained for varying periods, even after an account is marked for deletion. The table below outlines our standard retention schedule:

Data Type	Retention Period	Reason
Active Account Data	Until account deletion is requested	To provide core Application functionality.
User Content	Deleted immediately upon account deletion, except where noted below	To ensure complete removal of user-created materials.
Audit Logs (activity)	Up to 180 days after account deletion	For security analysis and fraud prevention.
Backup Systems	Up to 30 days after account deletion	Data may remain in encrypted backups for disaster recovery purposes. After this period, backups are rotated and data is permanently removed.
Invoices / Billing Records	7 years (where applicable)	To comply with tax and accounting legal obligations. Billing records contain only transaction details (name, address, payment method token), not your Application content.

3. How to Request Data Removal

You can request data removal using any of the following methods. For security reasons, we may ask you to verify your identity before processing the request.

A. Self-Service Deletion (Recommended)

If your Rukovoditel installation includes account self-deletion functionality:

Log in to your account.
Navigate to User Menu → My Profile → Account Settings.
Click “Delete My Account” or “Request Account Closure” .
Confirm your decision by entering your password and clicking “Confirm Deletion” .

Once confirmed, your account will be scheduled for deletion. You will receive a confirmation email.

B. Request via Email

If self-deletion is not available, or if you need assistance, send an email to admin@cadvision.fi with the subject line:
“DATA REMOVAL REQUEST – [Your Username]”

Your email must include:

Your username
The email address associated with your account
A clear statement that you are requesting full deletion of your personal data

We will respond within 30 days to confirm receipt and next steps.

4. What Happens After You Request Deletion

Once we receive a verified deletion request, the following process begins:

Step 1: Account Deactivation (Immediate)

Your account is immediately deactivated. You will no longer be able to log in, and your account will not appear in user lists.

Step 2: Grace Period (7 days)

A 7-day grace period begins. During this time:

You may cancel the deletion request by contacting us (if you changed your mind).
Your data remains intact but inaccessible to you and other users.

Step 3: Permanent Deletion (After Grace Period)

After the grace period expires:

Account Data: Your username, email, and profile are permanently removed from the active database.
User Content: All records, entities, tasks, comments, and attachments are deleted. This action is irreversible.
Logs: Activity logs are anonymized (username replaced with [deleted user]) and retained for up to 180 days for security purposes.
Backups: Your data will be purged from our backup systems within 30 days.

Step 4: Confirmation

You will receive a final confirmation email once the deletion is complete.

5. Exceptions to Deletion

In certain circumstances, we may be unable to delete specific data if required by law or for legitimate business purposes. Exceptions include:

Legal Obligations: Data that must be retained for tax, audit, or regulatory compliance (e.g., invoices, payment records).
Ongoing Investigations: If your account is under investigation for fraud, abuse, or violation of our Terms of Service, deletion may be delayed until the investigation concludes.
Technical Constraints: Data stored in encrypted backups may take up to 30 days to be fully rotated and removed.

If any exception applies, we will notify you in writing explaining the reason and the expected timeline for final deletion.

6. Data Removal for End Users (If You Use Our Application to Manage Third-Party Data)

If you are using our Rukovoditel-based Application to manage data about your own customers, employees, or other individuals (hereinafter “End Users” ), you are the data controller for that information. As a data controller, you are responsible for:

Providing your own privacy and data removal policies to your End Users.
Handling deletion requests from your End Users in accordance with applicable laws.
Using the Application’s built-in features (e.g., entity deletion, anonymization) to fulfill those requests.

We do not have a direct relationship with your End Users. If we receive a deletion request from someone who is not a registered user of the Application but believes their data is being processed through your account, we will forward the request to you.

7. Contact Information for Privacy Inquiries

If you have any questions about this Data Removal Policy or need assistance with a deletion request, please contact us:

Role	Contact
Privacy Team	admin@cadvision.fi
Postal Address	Cadvision, Marsunkatu 3, 24100 SALO, FINLAND

For urgent security matters, please mark your email subject with “URGENT – DATA REMOVAL” .

8. Changes to This Policy

We may update this Data Removal Policy from time to time to reflect changes in legal requirements or our internal processes. The latest version will always be available at projects.olohuone.fi/privacy/data-removal . If we make material changes, we will notify you via email or through a notice in the Application.

This Data Removal Policy was created following Rukovoditel documentation standards and is designed to comply with GDPR, CCPA, and similar privacy regulations.

Summary Table for Quick Reference

Action	Timeline	Details
Account Deactivation	Immediate	After verified request
Grace Period	7 days	Opportunity to cancel
Permanent Deletion	After 7 days	Irreversible removal from active systems
Backup Purge	Within 30 days	Data removed from encrypted backups
Audit Logs Retention	Up to 180 days	Anonymized logs retained for security
Response Time	Within 30 days	For initial acknowledgment of request