Virtual Lever Ltd t/a DevOps UK (referred to as “the Company”) recognises the importance of maintaining an appropriate data retention policy to ensure the secure and lawful handling of personal data. This Data Retention Policy outlines the Company’s approach to data retention and adheres to UK best practices, including compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This policy applies to all personal data processed by the Company, regardless of the format or medium in which it is stored or transmitted. It applies to all employees, contractors, and third parties acting on behalf of the Company.
The Company adheres to the following data retention principles:
a) Purpose Limitation: Personal data is retained only for the duration necessary to fulfill the purposes for which it was collected, as specified in the relevant privacy notice or as required by law.
b) Legal and Regulatory Requirements: Personal data is retained in compliance with applicable laws, regulations, and industry standards.
c) Minimization: Personal data is retained in a manner that minimizes the risk of unauthorized access, loss, or damage.
d) Data Subject Rights: The Company ensures that individuals can exercise their rights to erasure, rectification, or restriction of processing in accordance with applicable data protection laws.
e) Review and Disposal: Regular reviews are conducted to identify personal data that is no longer necessary. Once data is no longer required, it is securely disposed of in accordance with applicable legal and regulatory requirements.
- Retention Periods
The retention periods for different categories of personal data are determined based on the purpose for which the data was collected, legal requirements, and business needs. The following general guidelines apply:
a) Employee Data: Personal data relating to employees, including HR records, payroll information, and employment contracts, will be retained for the duration of the employment relationship and for a period after termination as required by law and for legitimate business purposes.
b) Customer Data: Personal data collected from customers, including contact information and transactional records, will be retained for as long as necessary to provide services, maintain customer relationships, and fulfill contractual obligations. Retention periods may vary based on the type of service provided and any legal or regulatory requirements.
c) Marketing Data: Personal data used for marketing purposes, such as email addresses and preferences, will be retained as long as the individual has not withdrawn consent or has not objected to the processing.
d) Financial and Accounting Data: Personal data related to financial transactions, invoices, and accounting records will be retained for the period required by law for financial reporting, tax, and auditing purposes.
e) Legal and Regulatory Data: Personal data retained for legal or regulatory purposes, including records related to compliance, investigations, or litigation, will be retained for the duration specified by the applicable legal or regulatory requirements.
- Data Disposal
The Company ensures the secure disposal of personal data once it is no longer required for the purposes for which it was collected or as required by law. Disposal methods may include permanent deletion from electronic systems, secure shredding of physical documents, or other appropriate measures to ensure data cannot be reconstructed or recovered.
- Data Subject Rights and Requests
The Company respects the rights of data subjects, including the right to erasure, rectification, and restriction of processing. Data subjects can exercise their rights by contacting the Data Protection Officer (DPO) as specified in the Data Protection Policy. The Company will respond to such requests promptly and in accordance with applicable data protection laws.
- Policy Review
This Data Retention Policy will be reviewed regularly to ensure its continued effectiveness and compliance with applicable laws and regulations. Any updates or revisions to this policy will be communicated to employees, contractors, and other relevant stakeholders.
- Contact Information
If you have any questions, concerns, or requests related to data retention or this policy, please contact our Data Protection Officer (DPO) at:
Name: Oliver Wright Email: firstname.lastname@example.org
This Data Retention Policy was last updated on 19/02/2023.