Data Retention Policy
Effective Date: 24 March 2026 | Last Updated: 24 March 2026
This Data Retention Policy explains how AccountsBro (“we”, “us”, or “AccountsBro”) manages the retention and deletion of data in compliance with the **EU GDPR**, the Finnish Data Protection Act, and the **Finnish Accounting Act (Kirjanpitolaki 1336/1997)**.
1. Purpose and Legal Framework
We retain data only as long as necessary for contractual, legal, and tax obligations. We prioritize Finnish mandatory retention periods (KPL) when they exceed general GDPR minimization principles.
- KPL §10(1): Financial statements and ledgers must be kept for 10 years.
- KPL §10(2): Vouchers (receipts, invoices) must be kept for 6 years.
2. Retention Schedule
| Data Category | Period | Legal / Trigger |
|---|---|---|
| Accounting core records | 10 years | KPL §10(1) |
| Supporting documents (Vouchers) | 6 years | KPL §10(2) |
| Tax filings & correspondence | 6-10 years | Vero Requirements |
| Business registration documents | Relationship + 6Y | Contractual Necessity |
| Migri Documentation | Relationship + 6Y | Contract + Legal |
| Client contract & correspondence | Relationship + 5Y | Claims Limitation |
| Invoicing & payment records | 6-10 years | KPL + Tax Law |
| Courier allocation records | 6 years | Tax Compliance |
| Marketing consent data | Until withdrawal | Consent (Art 6(1)(a)) |
| Website technical logs | 12 months | Legitimate Interest |
| Support tickets & communication | Relationship + 3-5Y | Dispute Resolution |
3. Special Cases (Termination)
We continue to retain mandatory accounting and tax records for the full legal period even after account closure. Other personal data is deleted within 3–6 months after final settlement.
4. Deletion and Anonymisation
Deletion is performed using industry-standard methods. Where full deletion is not possible due to legal retention (e.g., accounting ledgers), we anonymize personal identifiers where technically feasible.
5. Your Rights
You have the right to request erasure (“right to be forgotten”), though this is limited by our legal obligations (e.g., KPL). Contact us at privacy@accountsbro.fi for requests.
6. Contact Information
Compliant with GDPR Article 5(1)(e) and Finnish Accounting Act Chapter 2, Section 10.