Your IP address and the name of your Internet service provider, which we only store for security reasons, will be deleted after seven days. Otherwise, we delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this time period, data storage only takes place to the extent made necessary by the legislation, regulations or other legal provisions to which we are subject in the EU or by legal provisions in third-party countries if these have an appropriate level of data protection. Should it not be possible to delete data in individual cases, the relevant personal data are flagged to restrict their further processing.
This is the policy for the European Union. It states that your IP and ISP name’s data get deleted after seven days. This is a security measure. This is likely found in the privacy policy?
That’s not even remotely true. First, there is no such thing as 7 days limit. It must do as quickly as possible. And how fast is quickly — it depends, but general guideline is 30 days. Secondly, there is no need to delete ISP and/or even IP. Only that is needed is erase personal data. That’s it. And it is not included logs of web-servers.
No, that is the maximum time after a request from the user to delete any data.
This is not what is mentioned in the standard ToS.
It should be retained as short as possible, but there is a consideration between the interest of the system administrator (for instance for purposes of spam control or DDoS prevention) and the interest of the users.
An IP address is Personally identifiable information which is subject to the GDPR.
No it isnt. There is no time limit. It must be done in resonable time. Sure countries can have own rules and laws, but it is not from EU.
No it is not and has never been. It start to be if someone tries use it to identify an person. Do you see the difference? When an admin deletes user account IP is just numbers without any change to know a person.
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;**