Telecom provider Odido is examining whether it kept personal data longer than allowed. The review follows inquiries from former customers. These individuals said they left the company years ago but still received an email about last week’s data breach. These individuals were informed that their personal details may have been exposed.
According to Het Financieele Dagblad, Odido appears to have stored personal information of former clients for longer than the period stated in its own privacy policy. The policy promises that contract data will be kept for no more than two years after a customer leaves. However, people who ended their contracts five or ten years ago said they still received a warning email.
A spokesperson for Odido said the company’s “current assessment” is that the issue may involve data that were stored beyond the stated two‑year limit. The spokesperson noted that different retention periods apply depending on the purpose for which data are processed.
@anp | NEWS BRAINPORT
