You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
Fox
@Velocio
So I've now read https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/ and http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN (47-49) and think I'm OK to keep email (for a very long time) and not offer consent withdrawal on it.
Consent is already asked for and given via Google and Microsoft login methods, and so I only need to add a consent notification to the email for the login code method.
Legitimate use does cover retaining the email, as it is used for fraud detection, impersonation detection, to block trolls and abusers, etc.
Which means I don't have to offer consent withdrawal for email at all... saves me some work, and it would have been hugely destructive to ones own account if anyone had clicked it.