Data subject rights are a fundamental part of the General Data Protection Regulation (GDPR), which is responsible for sustainable standards around data protection and privacy within the European Union. Data subject rights are rights granted to individuals regarding their personal data, including the right to access, rectify, erase, restrict processing, data portability, and object to processing (Chapter 3 (Art. 12-23).

The right to erasure, also known as the ‘right to be forgotten’, is executed by data subjects for a list of reasons, including wanting to minimize their digital footprint and personal traces. 

Leaving exceptions and given our partnership model rather unrelated clauses aside, if there is no legitimate reason and legal ground for any further processing of an individual's information, such request shall be carried out without undue delay.*

As our privacy policy states, a request for deletion can be placed by sending an email to

Minimum storage period

While we aim to execute deletion requests promptly, we must adhere to certain timeframes due to potential chargebacks. 

Chargebacks are are reversals of credit card transactions initiated by cardholders or issuers due to disputes in case of fraud or unsatisfactory purchases, resulting in funds being returned to the cardholder.

Customers can file a chargeback via their banks, and usually, they have up to 120 days after purchase to dispute a charge. Therefore, our minimum storage period is set to 120 days. As a result, we are required to secure your data for a period of 120 days.

A request came in; what needs to happen now?

1. Convious: Next to verifying that the rightful person places the request by asking for a booking detail of the requestor's last visit, as the processor, we are reaching out to you to give us the official instruction to execute a received request.

2. Convious Partner:
Verify whether the deletion should be carried out. 
Yes → Send us a written instruction to do so along the lines of "We hereby confirm that the below request should be granted.(...)."
No → If you have valid grounds to refuse the request, please inform us of such along with the reason and the instruction to not carry on with the deletion. 

3. Convious: 
Once we have received your instruction and confirmation, we will delete the personally identifiable information of the individual within your Convious database and inform the data subject once the deletion is completed.

If you refuse the request, we would communicate such along with its reasoning to your visitor on your behalf. 

4. Convious Partner: However, as sometimes data may have been downloaded and used in other systems, you, too, must check whether you have to take action and carry out a deletion within such systems.*



*Please note that the information given is in no form any legal advice. The information aims to help our partners understand the basics of the subject and the Convious tools so that partners can determine and execute their own level of compliance. While we do our best to provide helpful information as a starting point, certain concepts may not apply in all countries. Thus, nothing can substitute regional legal advice. Convious accepts no liability for the correctness and completeness of the information and the affirmative actions taken as a response.