Data Retention Policy

Page 1

Storm Technologies Limited

Policy Title: Data Retention Policy

Policy No: 021

Effective Date: 26/03/18

Version: 1.04

Reviewed: January 2023

Owner: Data Protection Officer

The purpose of this policy is to ensure that all data is securely protected and maintained and to ensure that records that are no longer required are deleted within the correct timeframes.

The Data Retention policy applies to all members of Storm Technologies staff.

Some data may need to be retained to meet statutory, regulatory or contractual requirements, along with supporting essential business activities. Examples of these are, records that may be required as evidence that the business operates with in any statutory or regulatory rules, to ensure defence against potential civil or criminal action or to confirm the financial status or organisation to external parties or auditors.

National law or regulations may dictate the rime period and data content for information retention.

We have assessed our records to:

• Determine their value as a source of information about Storm Technologies, its operations, relationships and environment.

• Assess their importance as evidence of business activities and decisions.

• Establish whether there are any legal or regulatory retention requirements.

Data Retention Timeframes:

Employee Personal Data – all data except that required to be retained by law will be deleted from our systems three months after employment ceases with Storm Technologies.

Emails – ex-employee mailboxes will be kept securely with limited access for a period of three years after employment ceases with Storm Technologies and this is for business reasons, such as customer queries, performing customer service duties, renewals.

Customer Data – customer data will be kept for a period of five years once trading ceases or an account if formally closed. This is for the purpose of product recalls, warranty queries and future trading possibilities.

Lead & Prospect Data – as part of a system upgrade to implement a new CRM system, this data will be cleaned and confirmed as accurate and legitimate before transferring to the new system. Any data not accurate or being held legitimately will be deleted from our systems.

1

Storm Technologies Limited

In certain instances, this Data Retention Policy may be temporarily suspended, specifically if an investigation, court case or audit is anticipated. In other instances, this policy’s Data Retention schedule may conflict with the need to produce documents relevant to the aforementioned legal or regulatory procedures. If this is the case then the need to comply fully with the law and/or regulation will override this policy, causing this policy to be temporarily suspended until the matter in question is satisfactorily resolved. Suspension of this policy will take the form of no business data being disposed of whatsoever for a period of time.

Storm Technologies Data Retention Schedule is maintained by the Data Protection Officer.

This policy has been reviewed and approved by:

Name:

Position:

Date: Signed:

2

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Storm Technologies Limited

0
page 2

Storm Technologies Limited

1min
page 1
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.