Data Retention
Our Records Retention Policy establishes general guidelines and procedures for the retention and disposal of data, balancing the need to maintain data for an appropriate period with the associated risks of retention. We define different categories of data and specific retention periods based on legal, regulatory, and business requirements and we adhere to “data for purpose” principles, which require that only the necessary data is retained for the specified purposes.
We implement secure data storage and segregation measures to protect information from unauthorized access or loss during the retention period, and access controls are established to limit data access to authorized personnel only.
When disposing of data, we use appropriate methods to do so securely, including physical destruction and data sanitization techniques, and we conduct periodic reviews to identify and update retention schedules.