BEXST.com Data Deletion and Retention Policy

Effective Date: August 25, 2025

This policy outlines how BEXST.com ("BEXST," "we," "us," or "our") manages the retention and deletion of personal data. We are committed to protecting the privacy of our users and ensuring compliance with global data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Purpose and Scope

The purpose of this policy is to establish clear guidelines for the retention, secure deletion, and disposal of personal data collected from our users. This policy applies to all personal data held by BEXST, whether in digital or physical format.

This policy is designed to:

  • Ensure that we do not retain personal data for longer than is necessary.

  • Uphold the legal rights of our users to have their data deleted.

  • Minimize our data footprint to reduce security risks.

  • Provide a transparent framework for our data management practices.

2. User Rights to Deletion (Right to Erasure)

Under applicable data protection laws, you have the right to request the deletion of your personal data held by us. This is also known as the "right to be forgotten."

You may exercise this right under the following conditions:

  • The data is no longer necessary for the purpose for which it was collected.

  • You withdraw your consent for data processing and there is no other legal basis for us to continue processing it.

  • You object to the processing of your data and there is no overriding legitimate interest to continue processing.

  • The data has been unlawfully processed.

  • The data must be erased to comply with a legal obligation.

3. Data Deletion Procedures

We provide a simple and accessible method for you to submit a data deletion request. You can make a request by:

  • Sending an email to our dedicated privacy team at privacy@bexst.com.

  • Using the online data request form in your account settings on our website.

Upon receiving a valid deletion request, we will:

  1. Acknowledge Receipt: We will send you a confirmation email within 10 business days acknowledging that we have received your request.

  2. Verify Your Identity: To protect your privacy and security, we will take reasonable steps to verify your identity before processing the request. This may include asking for information already associated with your account.

  3. Process the Request: Once your identity is verified, we will securely and permanently delete your personal data from our active systems.

  4. Notify Third Parties: If we have shared your data with a third party (e.g., payment processors), we will instruct them to delete your data as well, in accordance with our agreements with them.

  5. Confirm Deletion: We will confirm the completion of your request by email.

We will process all valid deletion requests within 30 days of receiving them. If a request is particularly complex or involves a large amount of data, we may extend this period by an additional 60 days, and we will notify you of any such extension and the reasons for it.

4. Data Retention Periods and Deletion Exceptions

While we are committed to promptly deleting data upon request, certain circumstances may require us to retain some or all of your data for a specific period of time. Your data will be deleted once the purpose for retention is fulfilled.

Reasons for data retention may include:

  • Legal Compliance: To comply with a legal obligation, such as tax laws or accounting requirements.

  • Contractual Obligations: To fulfill the terms of a contract or service, such as retaining purchase history for warranty or return purposes.

  • Security and Fraud Prevention: To detect, prevent, or investigate security incidents, fraud, or other malicious, deceptive, or illegal activity.

  • Dispute Resolution: To establish, exercise, or defend legal claims.

  • Technical Functionality: To debug and identify errors that impair our systems' intended functionality.

Data retained for these purposes is not used for any other reason, and we will apply security measures to ensure its integrity and confidentiality.

5. Secure Deletion and Archiving

When we delete your data, we use secure methods to ensure it is unrecoverable. Data on our backup systems will be securely and automatically deleted in accordance with our retention schedule. We do not retain data in an identifiable format on our backup systems for longer than necessary.

6. Policy Review

This policy will be reviewed periodically and may be updated to reflect changes in our data processing practices or legal requirements. The latest version of this policy will always be available on our website.

7. Contact Information

If you have any questions about this policy or wish to submit a data deletion request, please contact us at:

Email: customerservice@bexst.com