Right to Erasure

Regulation: GDPR Article 17 — Right to erasure ('right to be forgotten') Last reviewed: 2026-05-22

You have the right to request that SGEN deletes personal data it holds about you. This page explains how the process works: how to request it, what gets deleted, what is retained by legal obligation, and the timeline.


1 — Who can submit an erasure request

Erasure requests under GDPR Article 17 apply to personal data for which SGEN is the data controller — primarily:

  • Your SGEN account data (name, email address, billing address, login history)
  • Marketing consent records and email preferences
  • Support ticket records where your personal details appear

For personal data that SGEN processes on behalf of your organisation (i.e., where your organisation is the data controller and SGEN is the data processor), erasure requests should be directed to your organisation. SGEN acts on your organisation's instructions as set out in the Data Processing Agreement.


2 — When the right to erasure applies

You can request erasure where one of the following grounds applies (GDPR Art 17(1)):

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other lawful basis for processing
  • You object under Article 21 and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Erasure is required to comply with a legal obligation

3 — How to submit a request

Self-service (where available): Log in to dashboard.sgen.com and navigate to Account → Privacy → Request Data Deletion.

By email: Send a request to privacy@sgen.com with the subject line: "Erasure request — [your account email address]".

What to include:

  • The email address associated with your SGEN account
  • Confirmation that you are the account holder, or a description of your relationship to the data (for requests made on behalf of another person)

4 — Identity verification

SGEN verifies the identity of the requester before processing an erasure request. This prevents unauthorised deletion.

Verification steps:

  1. SGEN sends a confirmation email to the address on the account.
  2. You confirm via a link in that email.
  3. For requests involving billing data or sensitive account records, SGEN may request additional verification — for example, confirming the last 4 digits of the payment method on file.

5 — Timeline

SGEN processes erasure requests within 30 days of identity verification.

If a request is complex or there are a high volume of requests, SGEN may extend this by a further 60 days (90 days total). If this applies, SGEN will notify you within the first 30 days and explain the reason.


6 — What gets erased

On a confirmed erasure request, SGEN deletes or anonymises the following data:

Data categoryAction
Account profile (name, email, phone)Deleted
Login history and session recordsDeleted
Marketing consent recordsDeleted (replaced with a flag confirming erasure request was received and processed)
Support ticket records (personal identifiers)Anonymised — ticket content retained for audit but personal identifiers replaced
Activity Log entries attributed to the accountAnonymised — event records retained; account identifier removed
Dashboard.sgen.com usage dataDeleted

7 — What is retained (exceptions)

SGEN is required to retain certain data categories by law, regardless of an erasure request. This is permitted under GDPR Article 17(3).

Data categoryReason for retentionRetention period
Billing records and invoicesLegal obligation — tax and financial compliance
Records of contractual obligationsLegal obligation — contract enforcementDuration of any applicable limitation period
Security incident recordsLegal obligation / legitimate interests — fraud prevention and compliance
Records of the erasure request itselfAccountability obligation — demonstrates SGEN processed the request

Where data is retained under an exception, SGEN will confirm this in writing as part of the erasure confirmation notice.


8 — Backup purge

SGEN's backup systems retain snapshots for operational resilience. After an erasure request is confirmed:

  • Active-system data is deleted immediately (or within the processing window).
  • Backup copies containing your data are purged within .

SGEN will confirm when backup purge is complete as part of the erasure confirmation notice.


9 — Post-erasure audit trail

SGEN retains a minimal internal record that an erasure request was received and fulfilled. This record contains:

  • The date of the request
  • The date of completion
  • The data categories that were erased or anonymised
  • The exception categories retained and the legal basis

The record does not contain the personal data that was deleted. It exists solely to demonstrate SGEN's compliance with GDPR Article 5(2) (accountability principle).


10 — Example scenario

Your organisation uses SGEN to run an e-commerce site. A former employee — a site administrator — had an administrator account on your SGEN dashboard. They leave the company and submit an erasure request for their account data.

What happens:

  1. The former employee submits a request to privacy@sgen.com.
  2. SGEN sends a verification email to the address on the account.
  3. The former employee confirms via the link.
  4. Within 30 days, SGEN deletes the account profile and login history. Activity Log entries attributed to the account are anonymised (the events remain; the account identifier is removed).
  5. Billing records that reference the account (e.g., an invoice during their employment) are retained for tax compliance — the former employee is notified of this exception.
  6. SGEN sends a written confirmation listing what was erased and what was retained.

11 — Related documents

DocumentPurpose
GDPR Posture StatementFull list of data subject rights + contact details
Data Processing AgreementErasure obligations when SGEN acts as processor
Data ResidencyWhere data is stored, including backups
Sub-processorsSub-processor erasure obligations
UK GDPR AddendumUK-specific erasure considerations

Questions about an in-progress erasure request: privacy@sgen.com.