DATA RETENTION POLICY

This Data Retention Policy (hereinafter referred to as” Policy”) is effective from [INSERT DATE ON WHICH THE POLICY COMES INTO FORCE] and applies to all employees of the [INSERT COMPANY’S NAME] (hereinafter referred to as “Us” or “we” or “our” or “Company”).

This policy outlines the set guidelines and procedures to ensure security of Data and best practices to safeguard the confidentiality, integrity, and availability of Company’s data.

1. PURPOSE
   1. The purpose of this policy is to provide clear and structured guidelines for the management and security of various types of data, both digital and physical and Company’s confidential information. It outlines measures to protect sensitive and valuable data from unauthorized access, breaches and loss.
2. SCOPE
   1. This policy applies to all [INSERT COMPANY’S NAME] employees, contractors or any individual with whom data is stored and company’s confidential information is being maintained, distributed or stored within the Company.
3. TYPES OF DATA
   1. All Data related to Customer, Employee information, Company’s financial and operational records, marketing and sales data should be retained for as long as the Company requires or for a period defined by legal or regulatory requirements.
4. RETENTION PERIOD
   1. Company’s financial data such as invoices, payment and transaction records, should be retained for a maximum 7-10 years to comply with applicable tax laws and financial regulations.
   2. Operational Data includes data related to Company’s Day to day business operations such as inventory, supply chain records and must be retained for a few years depending upon its usefulness and requirement.
   3. Customer data should be retained for as long as the customer relation is active or as per Company’s requirement.
   4. Employee records should be retained for the duration of the employment and for a period afterward, typically 3-7 years to comply with applicable laws and potential legal disputes.
5. DATA COLLECTION AND USE
   1. Confidential information should only be collected for specific, legitimate purposes and should not be used or disclosed for other purposes without obtaining consent, unless required by law.
   2. Data collection should be minimized to what is necessary and relevant for the intended purpose.
   3. Review the authentication mechanisms to ensure only authorized personnel can access sensitive systems and data. Access to areas containing sensitive equipment or data is restricted to authorized personnel only and will be regulated by the security department.
6. DATA STORAGE AND SECURITY
   1. Personal and Confidential information of the Company should be stored securely, whether in physical or electronic form, to prevent unauthorized access, use, or disclosure.
   2. Appropriate technical and organizational measures should be implemented to protect personal information against accidental or unlawful destruction, loss, alteration, or unauthorized access.
   3. Access to personal information should be restricted to authorized personnel on a need-to-know basis.
   4. All devices of the facility containing sensitive information and data must be secured by the security personnel when not in use. The devices or other systems of the facility such as computers or mobile devices must be encrypted, and password protected.
7. DATA RETENTION AND STORAGE
   1. Personal information should be retained only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
   2. When personal information is no longer needed, it should be securely disposed of using appropriate methods, such as shredding physical documents or permanently deleting electronic data.
8. CONFIDENTIALITY, INFORMATION SECURITY, PROPRIETARY INFORMATION AND INTELLECTUAL PROPERTY
   1. We are committed to business information confidentiality, integrity and accessibility, we implement proper technical security measures and it is our staff’s obligation to uphold this. Proprietary information includes all non-public information that might be harmful to the company or its customers, business partners if disclosed to unauthorized parties. All members must handle any such information as secret. It also covers that, no one is entitled to trade with securities while in possession of non-public information or deliver non-public information to others that could have an impact on the securities. Every rule ensuring information security must be followed all the time.
   2. Employees must maintain the confidentiality of the company and information. Sharing sensitive information with unauthorized individuals is strictly prohibited.
9. PRIVACY, PERSONAL DATA PROTECTION
   1. We respect employees' privacy and we acknowledge customers, employees and other natural persons’ need to feel confident that their personal data is processed appropriately and for a legitimate business purpose. We are committed to comply with all personal data protection laws. We only acquire and keep personal information that is necessary and we give proper information on these activities to data owners. We implement proper security measures to assure confidentiality, integrity and availability of personal information.
10. COMPLIANCE
    1. Compliance with this policy and applicable laws should be regularly monitored and audited to identify and address any potential gaps or non-compliance.
    2. Any identified breaches or non-compliance should be promptly investigated and appropriate corrective actions should be taken.
11. CHANGES TO THE POLICY
    1. We reserve the right to update and make changes to this policy from time to time based on the working conditions of the Company. The Company on updating this policy will inform the members of the Company.
12. FURTHER INFORMATION
    1. For any queries or further Information regarding our Company or about this Policy, the concerned person can contact us through email [INSERT COMPANY’S EMAIL ADDRESS]
13. ACKNOWLEDGEMENT
    1. We expect all employees to adhere to this policy of the Company. The Company will apply this policy consistently and fairly to ensure a harmonious and productive workplace for all.
    2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this policy.
    3. You acknowledge that you will follow the set guidelines of this policy as well as of the Company and failure to do so; the Company can take Disciplinary action against such person.

COMPANY      

[INSERT COMPANY’S NAME]            

Authorized Signature

Print Name and Title

[INSERT SIGNING AUTHORITY AND DESIGNATION]