fbpx Skip to main content
  1. Introduction

The purpose of this Data Retention Policy is to ensure that Loystar manages data in a way that complies with legal requirements, protects privacy, and facilitates efficient business operations. This policy outlines the types of data collected, retention periods, and procedures for data destruction.

  1. Scope

This policy applies to all data collected, processed, and stored by Loystar, including customer data, employee data, and business data, across all departments and systems.

  1. Definitions

– Personal Data: Information relating to an identified or identifiable individual.

– Non-Personal Data: Information that does not identify an individual and cannot be used to re-identify an individual.

– Retention Period: The duration for which data must be kept before it is disposed of.

– Data Owner: The person or department responsible for managing specific types of data.

  1. Data Categories and Retention Periods

 4.1 Customer Data

– Personal Data: 

  – Retention Period: 7 years from the date of last activity.

  – Data Examples: Name, address, email, phone number, purchase history.

  – Justification: Legal compliance, business analytics, customer support.

– Transactional Data: 

  – Retention Period: 7 years from the date of transaction.

  – Data Examples: Order details, payment information, shipping details.

  – Justification: Financial reporting, audit requirements.

 4.2 Employee Data

– Personal Data: 

  – Retention Period: 7 years after termination of employment.

  – Data Examples: Employment contracts, performance reviews, payroll information.

  – Justification: Legal compliance, potential future litigation.

– Recruitment Data: 

  – Retention Period: 7 year from the date of application.

  – Data Examples: Resumes, interview notes.

  – Justification: Future recruitment opportunities, legal requirements.

 4.3 Business Data

– Financial Records: 

  – Retention Period: 7 years.

  – Data Examples: Financial statements, audit records, tax returns.

  – Justification: Legal compliance, financial audits.

– Operational Data: 

  – Retention Period: 7 years from the date of creation.

  – Data Examples: Project documents, internal communications.

  – Justification: Business continuity, operational reference.

 4.4 Marketing Data

– Marketing Analytics: 

  – Retention Period: 7 years from the date of collection.

  – Data Examples: Website analytics, email campaign data.

  – Justification: Business analysis, strategy planning.

– Customer Feedback: 

  – Retention Period: 7 years from the date of collection.

  – Data Examples: Survey responses, customer reviews.

  – Justification: Product improvement, customer service enhancement.

  1. Data Storage and Security

– All data must be stored securely, with access restricted to authorized personnel.

– Personal data must be encrypted both in transit and at rest.

– Regular security audits must be conducted to ensure compliance with data protection regulations.

  1. Data Disposal

– Data must be securely disposed of at the end of its retention period.

– Methods of disposal include shredding paper records and using secure data deletion tools for electronic records.

– Data owners are responsible for ensuring that data is disposed of in accordance with this policy.

  1. Legal and Regulatory Compliance

– This policy is designed to comply with applicable data protection laws and regulations, including GDPR, NDPR, CCPA, and others as relevant.

– Regular reviews and updates to the policy will be conducted to ensure ongoing compliance.

  1. Roles and Responsibilities

– Data Protection Officer (DPO): Responsible for overseeing the implementation of this policy and ensuring compliance with data protection laws.

– Data Owners: Responsible for managing data in their area and ensuring adherence to retention periods and disposal procedures.

– IT Department: Responsible for maintaining secure data storage systems and supporting data deletion processes.

  1. Training and Awareness

– All employees must receive training on data protection and the importance of data retention policies.

– Regular refresher courses and updates will be provided to ensure continued awareness and compliance.

  1. Policy Review

– This policy will be reviewed annually and updated as necessary to reflect changes in laws, regulations, or business practices.

– Any changes to the policy will be communicated to all employees and relevant stakeholders.

  1. Consequences of Non-Compliance

– Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.

– Legal consequences may also arise in the event of data breaches or non-compliance with regulatory requirements.

  1. Contact Information

– For questions or concerns about this policy, please contact the Data Protection Officer at [gov@loystar.co].

This comprehensive data retention policy ensures that Loystar manages its data responsibly, complies with legal requirements, and protects the privacy and security of personal information.