<aside> 💡

DRAFT: This is a working document that will evolve. AI generated from internal sources, so re-check relevant information before acting.

</aside>

1. Purpose and scope

Consolidate Denteo's data-retention and deletion rules into a single Löschkonzept that, per data category, states how long data is kept, on what legal basis, from which trigger, and how it is deleted/anonymized — and reconciles the documented posture (AVV, TOM, privacy notice) with what the system actually does. Closes the open Review-3 (Jan 2026) action item "Consolidate Data retention policy".

Scope: primary = customer (dental-practice) + patient data in the Denteo PMS; secondary = internal/operational data (logs, backups, monitoring, HR, AI/DSFA).

2. Roles

3. Legal framework (summary)

Swiss law layers a floor of minimum-keep duties under a ceiling of delete-when-done:

<aside> ⚖️

Operating rule (the Löschkonzept hinge): retention = the maximum of all applicable legal minimums, measured from the correct trigger; once it lapses, deletion/anonymization is mandatory. Keeping longer without a justifying purpose itself breaches FADP Art. 6 Abs. 4.

</aside>

<aside> 🔎

Re-verify before any external/legal use: cantonal article numbers (ZH §18 LS 813.13, GE Art. 57, BE in BSG 811.011), the (not-found) SSO dental-specific figure, federal 20y special cases (radiation/transplant), and GDPR applicability. Primary-source citations: FADP/OR/MWSTG on fedlex.admin.ch; EDÖB patient-data guidance; FMH archiving guide.

</aside>

4. Data inventory and categories