Data Deletion Policy
Official policy for data retention and deletion in mTime.
Overview
This policy defines how mTime handles data deletion for both Controller and Processor roles under applicable data protection regulations. It specifies retention periods, deletion triggers, and responsibilities for different types of data managed by the system.
Data Deletion Guarantee
mTime guarantees that all customer data is permanently deleted within 2 months of workspace deletion.
This timeline accounts for:
- 30-day workspace data retention period (for recovery purposes)
- 30-day backup retention period
- 30-day log retention period
Retention Periods by Data Type
Production Data
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Workspace data | 30 days after workspace deletion | Workspace owner initiates deletion |
| User records | 30 days after workspace deletion | Part of workspace data |
| Time records | 30 days after workspace deletion | Part of workspace data |
Backups
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Database backups | Maximum 30 days | Automatic rotation |
| Snapshot backups | Maximum 30 days | Automatic rotation |
System Data
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Application logs | Maximum 30 days | Automatic rotation |
| Audit logs | Maximum 30 days | Automatic rotation |
| System metrics | Maximum 30 days | Automatic rotation |
Triggers for Data Deletion
Primary Trigger: Workspace Deletion
The primary mechanism for data deletion is workspace deletion initiated by the workspace owner. When a workspace is deleted:
- Immediate access revocation for all users
- 30-day retention period begins for workspace data
- After 30 days, data enters permanent deletion queue
- Complete removal within 2 months maximum
See Delete Workspace for detailed instructions.
Automatic Triggers
The following data types are automatically deleted on a rolling basis:
- Database backups: Deleted after 30 days
- Log files: Deleted after 30 days
- Temporary files: Deleted after processing completion
Assigned Responsibilities
Customer Responsibilities
- Workspace Owner: Responsible for initiating workspace deletion when no longer needed
- Users: Responsible for exporting personal data before workspace deletion if required
mTime Responsibilities
- Product Team: Maintains and updates this policy
- Operations Team: Monitors automated deletion processes
- Support Team: Assists customers with data export and deletion requests
- Engineering Team: Implements and maintains deletion mechanisms
Data Deletion Process
For Customers
- Export any data you wish to retain using the data export feature
- Navigate to workspace deletion in admin settings
- Confirm workspace deletion
- Data becomes inaccessible immediately
- 30-day recovery window begins
- After 30 days, permanent deletion process begins
- Full deletion completed within 2 months
For mTime Operations
All deletion processes are fully automated and monitored by the operations team.
Exceptions and Special Cases
Data Subject Access Requests (DSAR)
For explicit data deletion requests under GDPR or similar regulations, mTime will:
- Expedite deletion outside of normal retention periods when legally required
- Provide confirmation of deletion upon completion
- Process requests within regulatory timeframes
Legal Hold Requirements
If data is subject to legal hold or regulatory investigation:
- Standard deletion policies may be suspended
- Data will be retained as legally required
- Customers will be notified of any retention extensions
Related Documentation
- Delete Workspace - Instructions for workspace owners
- Data Export - How to export your data before deletion
- GDPR Information - TIMEmSYSTEM GDPR compliance information
- Trust Centre - Visma Group trust and compliance resources
Compliance Framework
This policy supports compliance with:
- General Data Protection Regulation (GDPR)
- Visma Group data protection requirements
- Industry best practices for data lifecycle management
Policy Updates
This policy is reviewed and updated:
- Annually at minimum
- When significant product changes affect data handling
- When regulatory requirements change
- When Visma Group policies are updated
All employees are notified of policy updates through internal communication channels. Customers are notified of material changes through product notifications and updated documentation.
Contact Information
For questions about this policy or data deletion requests:
- Review this documentation first
- Contact support through the in-product help system
- For legal or compliance inquiries, contact your TIMEmSYSTEM representative
This policy is maintained by the mTime team and was last updated on January 23, 2026.