Skip to main content
Empuls maintains a formal, documented process to securely delete, destroy, or return personal data to customers when the contracted purpose has been fulfilled or upon an explicit deletion or return request.
When an employee recognition or rewards programme concludes—or when a customer chooses to migrate away—Empuls provides a clear, end-to-end process for handling all personal data collected during the contract period. This applies to employee profiles, reward and redemption histories, engagement survey responses, and any HR data sourced through integrations with systems such as Workday, SAP SuccessFactors, or Darwinbox. How the deletion and return process works At contract end, Empuls initiates a structured data lifecycle review. Personal data that is no longer required for legal, regulatory, or operational purposes is securely deleted or destroyed from active systems and backups within a defined retention window. Customers who need a copy of their data before deletion receive exports in a standard, machine-readable format. The entire handover and deletion sequence is documented and confirmed in writing. Customers do not need to wait until contract expiry to submit a request. Empuls accepts formal data deletion or return requests at any time, provided the request aligns with applicable legal retention obligations. For example, if an organisation migrates from Empuls to a new recognition tool mid-programme, the Empuls data protection and customer success teams coordinate an orderly data export followed by verified deletion of all residual records. Integration and cross-system data Empuls integrates with HRIS and people platforms including Workday, SAP SuccessFactors, and Darwinbox. Personal data synced from these systems into Empuls is subject to the same deletion and return obligations as data entered natively. An employee record pulled from Darwinbox during onboarding carries the same end-of-contract handling as any profile created directly inside Empuls. For organisations running Empuls alongside collaboration tools such as Slack or Microsoft Teams, recognition and notification data held within Empuls is scoped for deletion as part of the same process. Data residing in third-party platforms falls outside Empuls’s direct deletion scope, but Empuls provides clear documentation of which systems hold which data categories to help customers manage their full organisational data footprint. Compliance alignment This capability supports compliance with GDPR’s right to erasure and equivalent regional data protection regulations. Empuls holds ISO 27001 certification and a SOC 2 Type II attestation—both of which mandate documented data disposal controls as part of their frameworks. Customers undergoing internal or external compliance audits can request evidence of Empuls’s data handling procedures through their account or legal contacts. Initiating a request Customers wishing to submit a data deletion or return request contact Empuls through their designated account management or support channel. Each request is logged, acknowledged within the agreed service timeframe, and closed with written confirmation once the deletion or return is complete. Learn more: Empuls Help Centre — General

Data Retention Policy

Understand how long Empuls retains different categories of personal data and the controls customers have over retention periods.

GDPR Compliance on Empuls

Learn how Empuls supports GDPR obligations including data subject rights, lawful bases for processing, and Data Processing Agreements.