Retention period for personal data

RETENTION PERIOD FOR PERSONAL DATA

Puro.earth Oy Last updated: 20 March 2026

We store personal data for as long as necessary to fulfil the purpose for which it was collected, to protect Puro.earth’s legal rights, or to comply with statutory retention obligations. Personal data is not retained beyond the periods set out in the table below.

DELIVERY OF PRODUCT OR SERVICE AND CUSTOMER SERVICE

Information about the agreement, customer relationship and transactions 10 years from the termination of the customer relationship

Digital account and login ID 3 years from the last login.

SALES, MARKETING AND STAKEHOLDER COMMUNICATIONS

Marketing opt-outs Until further notice

Online marketing and analytics 26 months

Information used for segmentation 3 years from the termination of the contractual relationship

SECURITY

Access logs and security event data 24 months from the time of collection

STATUTORY OBLIGATIONS

Bookkeeping and financial records 6 years from the end of the financial year during which the data was processed (as required by Finnish Accounting Act)

PRODUCT AND SERVICE DEVELOPMENT AND INTERNAL REPORTING

Pseudonymised Anonymised customer information 20 years. The extended retention period is justified by the long-term audit and verification requirements of carbon markets, where historical issuance and transaction data must remain traceable for the duration required to substantiate the permanence and integrity of carbon removal.

DELETION AND ANONYMISATION

Personal data is securely deleted or destroyed at the end of the applicable retention period. In some cases, personal data is anonymised by permanently removing all identifiers by which an individual could be identified. Anonymised data is no longer considered personal data and may be retained for analytical or reporting purposes.

This schedule is reviewed annually and updated as needed. It should be read in conjunction with Puro.earth’s Privacy Notice.