Data Retention and Destruction Policy
Effective Date: 01/04/2025
1. Purpose
This policy outlines the guidelines for the retention, storage, and secure disposal of data collected, processed, and stored by ZenithWave Capital Limited (βCompanyβ). It ensures compliance with GDPR, Data Protection Act 2018, and other applicable regulations while protecting the confidentiality, integrity, and availability of information.
2. Scope
This policy applies to all employees, contractors, partners, and third-party service providers who handle data on behalf of the Company. It covers all forms of data, including electronic records, paper documents, emails, and backup copies.
3. Data Retention Guidelines
3.1 General Retention Principles
Data shall be retained only for as long as necessary to fulfill the purpose for which it was collected, comply with legal and regulatory requirements, or support business operations. Retention periods shall be determined based on legal, operational, and business needs.
3.2 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Employee Records | 6 years after termination | Employment law compliance |
| Financial Records & Transactions | 7 years | Tax and accounting regulations |
| Customer Data | 5 years after service termination | Legal and business purposes |
| Training Records | 3 years | Compliance and accreditation |
| Marketing Data | Until consent is withdrawn or 2 years max | GDPR compliance |
| Emails | 2 years | Business continuity |
| CCTV Footage | 30 days (unless required for investigation) | Security and privacy |
Note: If any record is involved in an ongoing dispute, litigation, or investigation, it shall be retained until the issue is resolved.
4. Data Destruction Procedures
4.1 Secure Disposal Methods
- Electronic Data: Permanently deleted using secure wiping software.
- Physical Documents: Shredded or incinerated securely.
- Backup Data: Securely deleted in accordance with retention policies.
4.2 Accountability & Compliance
- Only authorized personnel shall oversee data destruction.
- A log shall be maintained for all destroyed records.
- The Data Protection Officer (DPO) shall conduct periodic audits to ensure compliance.
5. Data Subject Rights
- Request access to their personal data.
- Request correction or deletion of inaccurate or outdated data.
- Withdraw consent for marketing or processing.
6. Policy Review & Updates
This policy shall be reviewed annually or when regulatory requirements change. Employees are responsible for staying informed of any revisions.
7. Contact Information
If you have any questions regarding this policy, please contact:
ZenithWave Capital Limited
π Southbridge House, Southbridge Place, Croydon, CR0 4HA
π§ support@zenithwavecapital.com