Client deletion handling

Overview


The GDPR gives individuals the right to be forgotten – individuals will have the right to have their personal data erased and to cease further dissemination of the data, and potentially have third parties halt processing of the data.

Delete my account / forget my data client feature


HostBill gives you the opportunity to allow your customers to delete their account and remove their personal information. You can enable this feature in Admin UI → Settings General Settings → Other →  GDPR. When enabled, the client will be able to click Delete my account / forget my data button placed in Account → Overview section.


Once clicked the customer will see the following confirmation message:

If the client confirm the account deletion, they will be automatically logged out:

Note: Client can start the account removal process only if there are no unpaid invoiced linked to their account.

If the client has active services that can't be cancelled (domains, unpaid invoices etc.), the following message will pop-up:

Following services cannot be automatically cancelled:

  • the list of services/domains that block account deletion

Please contact us to resolve this and have your data removed


Note about customized themes

Note: If you’ve customized your client area template you should consider updating it with files coming from latest version of original template your theme is based on.
Otherwise your customers would not be able to access profile overview or request profile deletion.

New files added to themes are clientarea/overview.tpl and clientearea/delete.tpl
Link to profile overview which you can put in your theme menus can look like this: <a href="{$ca_url}clientarea/overview">{$lang.overview}</a>

Account removal process


Once the client starts the process:

  1. The account is being marked with Pending Removal status.

  2. The client with the account status 'pending removal' will not be able to sign-in anymore.

  3. Every day HostBill automation will search for 'pending removal' accounts in the database and if the account meets the requirements (was closed X days ago - to be determined in settings):

  • if the client profile can be deleted as the account meets the Data Retention Settings requirements (the last paid invoice is older than X months), the account will be completely deleted (along with all the services, domains etc)

  • if the client profile can't be completely deleted as the account doesn't meet the requirements, the account will be anonymizated.