Retention and Deletion Policy
Marvalero’s data retention and deletion practices in Pakistan adhere to local regulations, such as the Pakistan Electronic Crimes Act (PECA) and guidelines from the Federal Investigation Agency (FIA) on digital data retention.
1. Data Retention Standards
-
Financial and Transaction Data:
-
Retained for 5 years to comply with financial reporting, anti-money laundering (AML), and counter-terrorism financing (CTF) requirements as per PECA and FIA guidelines.
-
Includes all transaction records, payment details, and invoices related to Marvalero services.
-
-
Personal and Contact Information:
-
Retained as long as the account remains active. Once an account is closed, identifiable personal data will be deleted unless further retention is required by law.
-
For compliance purposes, anonymized data may be retained indefinitely to support analytics and improve Marvalero services.
-
-
Health and Service Data:
-
Retained for 3 years following the last transaction for any sensitive data related to customer service preferences and stylist notes, ensuring compliance with data protection best practices under PECA.
-
-
Marketing and Communications Data:
-
Retained for 3 years from the collection date or until the user opts out. This includes marketing emails, engagement tracking, and in-app notifications.
-
2. Data Deletion Process
When an account deletion request is made or data removal is requested, Marvalero’s process in Pakistan is as follows:
-
Request Submission: Users can request account deletion through the Marvalero app or by contacting customer support.
-
Verification Requirements: For security, identity verification is mandatory before processing deletion requests.
-
Permanent Deletion:
-
Personal data is permanently erased unless legal obligations require extended retention.
-
Anonymized data used solely for statistical or analytical purposes is retained without personal identifiers.
-
3. Automated Deletion and Compliance Reviews
Marvalero undertakes scheduled reviews and automates the deletion of data that is no longer essential:
-
Data Purge After 5 Years: Inactive accounts are subject to deletion after 5 years from the last activity to comply with PECA requirements.
-
Inactive Marketing Data: Marketing and engagement data not in use for over 3 years is automatically deleted.
Requesting Data Deletion
For both the U.S. and Pakistan, users can request account deletion by following these steps:
-
Access Account Settings: Navigate to the “Account” section in the Marvalero app to initiate a deletion request.
-
Submit Verification Information: Verify identity for security purposes.
-
Confirmation of Deletion: Once verification is complete, users will receive a confirmation that the deletion process has begun.
​
Please note that certain data may be retained for compliance with U.S. Pakistani laws, such as records required for audits, anti-fraud measures, or other regulatory purposes. Aggregated, anonymized data used for research and development is retained without personal identifiers.
Compliance Assurance
Marvalero reviews this Data Retention and Deletion Policy annually or as regulations evolve in the U.S. and Pakistan, ensuring ongoing compliance and protection of user data. This comprehensive approach safeguards Marvalero users while fulfilling legal and regulatory requirements across jurisdictions.