Data Retention Period
We keep data only for as long as needed to fulfill our obligations to our clients and staff.
The retention period will vary according to the type of data and where it's located in our system. For example:
- On own servers - very brief for testing and analysis purposes (hours/days)
- On third party servers - all data is erased or redacted when it is clear it is no longer required by the data subject. Certain data we are required to keep (e.g. for accounting, regulation or litigation purposes)
- In email accounts - generally this data will remain indefinitely unless we receive a specific request for redaction or in our opinion it can safely be deleted.
- Desktops - very brief for testing and analysis purposes.
- Employee-owned device - no data is stored, other than in caches, on employee owned devices.
- Backup storage - data picked up in the backup cycle will remain there until it is eventually flushed by overwriting cycles.
Generally data will no longer be retained when :
- the data subject has withdrawn consent to processing;
- a contract has been performed or cannot be performed anymore; or
- the data is out of date
In some cases erasure will mean complete destruction of data. In others it will mean anonymimsation so that an individual cannot be identified.