- Introduction
The purpose of this Data Retention Policy is to ensure that Loystar manages data in a way that complies with legal requirements, protects privacy, and facilitates efficient business operations. This policy outlines the types of data collected, retention periods, and procedures for data destruction.
- Scope
This policy applies to all data collected, processed, and stored by Loystar, including customer data, employee data, and business data, across all departments and systems.
- Definitions
– Personal Data: Information relating to an identified or identifiable individual.
– Non-Personal Data: Information that does not identify an individual and cannot be used to re-identify an individual.
– Retention Period: The duration for which data must be kept before it is disposed of.
– Data Owner: The person or department responsible for managing specific types of data.
- Data Categories and Retention Periods
4.1 Customer Data
– Personal Data:
– Retention Period: 7 years from the date of last activity.
– Data Examples: Name, address, email, phone number, purchase history.
– Justification: Legal compliance, business analytics, customer support.
– Transactional Data:
– Retention Period: 7 years from the date of transaction.
– Data Examples: Order details, payment information, shipping details.
– Justification: Financial reporting, audit requirements.
4.2 Employee Data
– Personal Data:
– Retention Period: 7 years after termination of employment.
– Data Examples: Employment contracts, performance reviews, payroll information.
– Justification: Legal compliance, potential future litigation.
– Recruitment Data:
– Retention Period: 7 year from the date of application.
– Data Examples: Resumes, interview notes.
– Justification: Future recruitment opportunities, legal requirements.
4.3 Business Data
– Financial Records:
– Retention Period: 7 years.
– Data Examples: Financial statements, audit records, tax returns.
– Justification: Legal compliance, financial audits.
– Operational Data:
– Retention Period: 7 years from the date of creation.
– Data Examples: Project documents, internal communications.
– Justification: Business continuity, operational reference.
4.4 Marketing Data
– Marketing Analytics:
– Retention Period: 7 years from the date of collection.
– Data Examples: Website analytics, email campaign data.
– Justification: Business analysis, strategy planning.
– Customer Feedback:
– Retention Period: 7 years from the date of collection.
– Data Examples: Survey responses, customer reviews.
– Justification: Product improvement, customer service enhancement.
- Data Storage and Security
– All data must be stored securely, with access restricted to authorized personnel.
– Personal data must be encrypted both in transit and at rest.
– Regular security audits must be conducted to ensure compliance with data protection regulations.
- Data Disposal
– Data must be securely disposed of at the end of its retention period.
– Methods of disposal include shredding paper records and using secure data deletion tools for electronic records.
– Data owners are responsible for ensuring that data is disposed of in accordance with this policy.
- Legal and Regulatory Compliance
– This policy is designed to comply with applicable data protection laws and regulations, including GDPR, NDPR, CCPA, and others as relevant.
– Regular reviews and updates to the policy will be conducted to ensure ongoing compliance.
- Roles and Responsibilities
– Data Protection Officer (DPO): Responsible for overseeing the implementation of this policy and ensuring compliance with data protection laws.
– Data Owners: Responsible for managing data in their area and ensuring adherence to retention periods and disposal procedures.
– IT Department: Responsible for maintaining secure data storage systems and supporting data deletion processes.
- Training and Awareness
– All employees must receive training on data protection and the importance of data retention policies.
– Regular refresher courses and updates will be provided to ensure continued awareness and compliance.
- Policy Review
– This policy will be reviewed annually and updated as necessary to reflect changes in laws, regulations, or business practices.
– Any changes to the policy will be communicated to all employees and relevant stakeholders.
- Consequences of Non-Compliance
– Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.
– Legal consequences may also arise in the event of data breaches or non-compliance with regulatory requirements.
- Contact Information
– For questions or concerns about this policy, please contact the Data Protection Officer at [gov@loystar.co].
—
This comprehensive data retention policy ensures that Loystar manages its data responsibly, complies with legal requirements, and protects the privacy and security of personal information.