The underlying goal of privacy laws is to limit the use and disclosure of the personal information under an entity’s control to the purposes for which the personal information was collected, permitted to be used or disclosed; to protect that information by security safeguards appropriate to the sensitivity of the information; and to give effect to any withdrawal of consent.To address these goals, the Privacy Policy must inform and gain consent for the length of time for which the personal information will be retained, the access the user will have to that information, and the ability of the user to terminate the use of their information. This clause will usually permit (not obligate) the company to retain the information for either a defined period of time (e.g. 30 days), or until the company no longer requires the information for the purposes set out in the Privacy Policy and according to the Terms of Use. This type of clause can differentiate between the length of time personal information in its original form will be retained, and the length of time the information can be retained in an aggregated and anonymized form. The clause will specify the time period for which information will be retained after termination of the relationship with the user. This clause may also contain a warning that such information will be deleted and will no longer be available to the user following a set period of time after termination.