Storm Technologies Limited
Policy Title: Data Retention Policy
Policy No: 021
Effective Date: 26/03/18
Version: 1.04
Reviewed: January 2023
Owner: Data Protection Officer
The purpose of this policy is to ensure that all data is securely protected and maintained and to ensure that records that are no longer required are deleted within the correct timeframes.
The Data Retention policy applies to all members of Storm Technologies staff.
Some data may need to be retained to meet statutory, regulatory or contractual requirements, along with supporting essential business activities. Examples of these are, records that may be required as evidence that the business operates with in any statutory or regulatory rules, to ensure defence against potential civil or criminal action or to confirm the financial status or organisation to external parties or auditors.
National law or regulations may dictate the rime period and data content for information retention.
We have assessed our records to:
• Determine their value as a source of information about Storm Technologies, its operations, relationships and environment.
• Assess their importance as evidence of business activities and decisions.
• Establish whether there are any legal or regulatory retention requirements.
Data Retention Timeframes:
Employee Personal Data – all data except that required to be retained by law will be deleted from our systems three months after employment ceases with Storm Technologies.
Emails – ex-employee mailboxes will be kept securely with limited access for a period of three years after employment ceases with Storm Technologies and this is for business reasons, such as customer queries, performing customer service duties, renewals.
Customer Data – customer data will be kept for a period of five years once trading ceases or an account if formally closed. This is for the purpose of product recalls, warranty queries and future trading possibilities.
Lead & Prospect Data – as part of a system upgrade to implement a new CRM system, this data will be cleaned and confirmed as accurate and legitimate before transferring to the new system. Any data not accurate or being held legitimately will be deleted from our systems.