Data Retension Policy

Data Retension Policy

1. Intent of the Policy

This Data Retention Policy sets out the obligations of [ Company Name ] (hereinafter collectively referred to as "[ Company Name ] ", "We", "Us" or "Our") regarding retention of personal data collected, maintained, and processed [ Company Name ] . The retention of information collected through our Site shall be governed by this Policy and is therefore incorporated into our Terms of Use.

This Policy is intended to protect and safe user records collected and retained by [ Company Name ] . This policy details out what is expected of [ Company Name ] employees and other stakeholders involved in retention of data and its protection.

After processing of personal data, it shall not kept longer than it required and maintained in such a form described in the policy. In certain cases, personal data may be stored for longer periods than duration mentioned due to public interest, for scientific or historical research, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures required to protect that data.

2. Some Important Key Terms

a. "User" (hereinafter referred as "You", "Your",), mean our customers who obtain our Service(s) or any other natural person who visit our website(s) and whose personal data is being collected, held or processed by [ Company Name ] .

b. "Personal Data" means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the [ Company Name ] .

c. "Service Data" means all electronic data, text, messages, Email or other materials, including personal data of Users, submitted to the service(s) by You in connection with Your use of the service(s), including, without limitation, to Personal Data.

3. Motives and Objectives

a. The primary aim behind this Policy is to set out limits for the retention of personal data and Service Data.

b. In addition to protect the rights of users by ensuring that excessive amounts of data are not retained by [ Company Name ] , this Policy also aims to improve the speed and efficiency of data management.

4. Scope

a. This Policy applies to all personal data held by [ Company Name ] for the sole purpose of processing requests made by users and not for other use.

b. This policy applies on all [ Company Name ] workstations - desktops, laptops, servers, physical modes of personal data collection including but not limited to physical forms, visitor logs, visiting cards collected etcetera, this policy also covers all virtual machines including cloud servers under control of [ Company Name ] .

5. What Are Records?

a. Records under this policy is nothing but any data you enter on our site or give us in any other way. For example, during sign up you provide us with name, email, address, telephone etc. You can choose not to provide certain information, but then you might not access to take advantage of all of our services and features. We use the information that you provide for purposes as mentioned in our Privacy Policy.

b. Such records may be of one person or more persons. Such records may be present in electronic format. Such records may be present inside the local machines or on a cloud or digital mode.

6. Data Retention

a. [ Company Name ] shall not retain any personal and other business data for period more than is necessary considering the purpose(s) for which that data is collected, maintained, and processed, unless required by the law.

b. Different types of personal data, used for specific purposes, will necessarily be retained for different periods.

c. When establishing and/or reviewing retention periods, the following points shall be considered:

i. The objectives and requirements of [ Company Name ]

ii. The type of personal data

d. If retention period cannot be fixed for a particular type of data, it will be determined based on type of data, and the retention of that data, can be regularly reviewed against those criteria.

e. Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period by taking necessity into consideration and decision by [ Company Name ] to do so whether in response to a request by a user or otherwise.

f. The required retention period for any category of data not specifically defined unless otherwise mandated differently in accordance with applicable law, will be deemed to be 12 months from the date of creation of the data.

7. Storage and Transfer of Data

Your Personal Data and files are stored on servers of [ Company Name ] . We have servers located in India, however your personal information may be transferred across boundary of nation as the companies we hire to help us run our business may be located in different countries around the world. Even in certain cases, the transmission of information via the internet is not completely secure, we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict measures and security features to prevent unauthorized access.

8. Security of Information

We understand that importance of security of your personal information. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. Our Site is also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for you. While we provide administrative, technical, and physical security controls to protect your personal information. At the same time, it is important for you to protect against unauthorized access to your security credentials and to your computer. Be sure to sign off when finished using a shared computer. However, despite our efforts, security controls are not 100% effective and we can't ensure or warrant the security of your personal information.

9. Data Disposal

Upon the expiry of the data retention periods set out in this Policy and fulfilment of objective for which the data was taken, personal data shall be deleted, destroyed, or otherwise disposed unless as required by the law.

10. Roles and Responsibilities

a. The grievance officer solely responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, [ Company Name ] 's other data management policies, with the Information Technology Act 2008(Amended) and other applicable data protection legislation.

b. Any query and questions regarding this Policy, the retention of personal data, or any other aspect of compliance with IT Act 2008 should be referred to the grievance officer.

The data may be retained for period exceed than specified in the policy in certain circumstances which are mentioned below:

  • Ongoing investigations from any competent authorities under Indian law, if there is a chance records of personal data are needed by us to prove compliance with any legal requirements; or
  • When exercising legal rights in cases of lawsuits or similar court proceeding.

11. Implementation of Policy

[ Company Name ] expects that its Users read and understand this policy and in case you are not able to understand any part of this policy, you are required to contact the grievance officer of this Policy in [ Company Name ] .