2.1.18 [P3P1.0:2002] Section 3.3.6, The RETENTION element
V0025:
-
Each STATEMENT element that does not include a NON-IDENTIFIABLE element MUST contain a RETENTION element that indicates the kind of retention policy that applies to the data referenced in that statement.
All Document Modes (All Versions)
STATEMENT elements that do not contain a NON-IDENTIFIABLE child element are not required to contain a RETENTION element containing at least one subchild.
V0026:
-
<RETENTION> the type of retention policy in effect The RETENTION element MUST contain one of the following: <no-retention/> Information is not retained for more than a brief period of time necessary to make use of it during the course of a single online interaction. Information MUST be destroyed following this interaction and MUST NOT be logged, archived, or otherwise stored. This type of retention policy would apply, for example, to services that keep no Web server logs, set cookies only for use during a single session, or collect information to perform a search but do not keep logs of searches performed. <stated-purpose/> For the stated purpose: Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. <legal-requirement/> As required by law or liability under applicable law: Information is retained to meet a stated purpose, but the retention period is longer because of a legal requirement or liability. For example, a law may allow consumers to dispute transactions for a certain time period; therefore a business may for liability reasons decide to maintain records of transactions, or a law may affirmatively require a certain business to maintain records for auditing or other soundness purposes. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human- readable privacy policy. <business-practices/> Determined by service provider's business practice: Information is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. <indefinitely/> Indefinitely: Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.
All Document Modes (All Versions)
The RETENTION element is not required to contain any subelements.