Data Retention & Deletion Policy
I. Scope of this Policy
This Policy applies to all data processed by Chill Zone, including personal data, transactional records, communications, technical logs, and compliance-related information collected through:
- The Chill Zone website and related services;
- Customer accounts, purchases, and support communications;
- Payment, fulfillment, and operational workflows;
- Security, fraud-prevention, and abuse-detection systems.
II. General data retention principles
Chill Zone retains data only for as long as it is reasonably necessary to:
- Provide and operate our services;
- Perform contractual obligations;
- Comply with legal, regulatory, tax, and accounting requirements;
- Protect against fraud, abuse, security incidents, and misuse;
- Establish, exercise, or defend legal claims.
We do not retain personal data indefinitely unless retention is required or permitted by applicable law.
III. Categories of data and typical retention periods
A. Account and customer data
Account information and customer identifiers are retained for as long as an account remains active and for a reasonable period thereafter to support customer service, legal compliance, and dispute resolution.
B. Transactional and purchase records
Order records, invoices, payment confirmations, and related transactional data are retained as required by tax, accounting, and financial regulations, and to support refunds, chargebacks, audits, and legal claims.
C. Communications and support records
Communications with users (including emails and support messages) may be retained to resolve issues, improve service quality, and document compliance or enforcement actions.
D. Technical, security, and log data
Technical logs, security events, IP-related data, and abuse-detection records may be retained for shorter or longer periods depending on operational and security needs, including investigation and prevention of fraud, attacks, or misuse.
IV. Data deletion and anonymization
When data is no longer required for the purposes described in this Policy, Chill Zone takes reasonable steps to delete, anonymize, or securely dispose of it in accordance with applicable law and technical feasibility.
Deletion may not occur immediately and may be delayed due to:
- Backup retention cycles;
- Legal or regulatory obligations;
- Ongoing investigations, disputes, or enforcement actions;
- Security, fraud-prevention, or abuse-detection needs.
V. User requests for deletion
Where required by applicable law (such as GDPR), users may request deletion of certain personal data by contacting us at: legal@chillzonecool.com.
We will review and respond to valid requests in accordance with applicable law. Some data may be retained despite a request where retention is legally required or necessary to protect legitimate interests, including compliance, security, and legal defense.
VI. Third-party processors and retention
Chill Zone relies on third-party service providers (such as payment processors and fulfillment partners). These providers retain and delete data in accordance with their own policies and legal obligations.
Chill Zone does not control third-party retention practices but requires that key processors apply appropriate data protection and security measures under their respective agreements.
VII. Legal holds and exceptions
If data is subject to a legal hold, investigation, dispute, or enforcement action, deletion may be suspended until the matter is resolved. This applies regardless of account status or deletion requests.
VIII. Changes to this Policy
We may update this Data Retention & Deletion Policy from time to time to reflect operational, legal, or regulatory changes. Updates become effective upon publication with a revised effective date.