Data retention

As part of getting your site GDPR ready, your organization is responsible for creating any plans or documents that detail how long your site retains any personal data that is collected. HCL Commerce does not provide any functionality for creating a retention plan.

HCL Commerce does provide functionality that your organization can use to delete data from your database when your organization no longer needs the data or when you need to directly erase data. Your organization is responsible for erasing any collected personal data that is retained within your system when the data is no longer needed. Your organization is responsible for determining the data retention period for specific personal data types. For instance, order history data might need be retained while any return policies or warranties are in effect. Order the data might also need to be retained for a specific period for auditing and other business purposes. After the retention period elapses and the data is no longer needed, you can erase the data.

To help your organization delete data when that data is no longer needed, HCL Commerce provides a database cleanup utility. Your organization can run the utility on a schedule to erase personal data that is no longer needed. This utility is configured by default to delete some types of data based on parameters that you can configure when you run the utility. If your site collects more personal data than can be collected with the sample store pages and features that are provided with HCL Commerce, you can configure the utility to erase the additional data.

By default, HCL Commerce is configured to store data within only the HCL Commerce database. The Database Cleanup utility can remove data from only this database. If you store data in another database or location, you are responsible for developing a method to remove data from that database or location.

If you need to directly erase personal data from the HCL Commerce database, such as when a user submits a request for their data to be erased, you can customize and use SQL statements to erase the data. For more information, see SQL statements: Right to erasure.