Data Retention Policy

Effective Date: November 3, 2024:

At The Humanius Group (THG), we are committed to responsibly managing and securing personal data, ensuring it is retained only as long as necessary for the purposes for which it was collected or as mandated by applicable laws. This policy details our approach to the storage, review, and deletion of personal data in compliance with the General Data Protection Regulation (GDPR) and other relevant regulations.

Purpose and Retention Periods
Personal data is collected to fulfil specific purposes, such as providing services, improving user experience, and meeting legal obligations. Once the purpose for which data was collected is achieved, we determine whether it is necessary to retain the data based on legal, administrative, and operational needs. Typical retention periods may vary based on the nature of the data. For example, transaction-related data may be stored longer to meet legal reporting requirements, while browsing data may be retained for a shorter period.

Data Review and Deletion Process
We conduct regular reviews to ensure that personal data is kept no longer than necessary. Once the retention period ends, or upon fulfilling the intended purpose, data is securely erased or anonymised. Erasure procedures are designed to ensure data is unrecoverable and that any paper records are securely shredded, while electronic records are deleted from our active systems and, where possible, removed from backup systems.

Secure Storage and Access Control
To protect retained data, we employ strong security measures, including encryption, restricted access, and secure storage facilities. Access to personal data is limited to authorised personnel based on the principle of least privilege, ensuring only those with a legitimate need can access specific data.

User Rights and Requests
In line with GDPR, individuals have the right to request access, correction, deletion, or restriction of their data. Users may also request a review of the retention period applied to their data if they feel it is not aligned with GDPR standards. Such requests can be made by contacting us.

Data Breach Protocols for Retained Data

Data security remains a priority during retention. In the event of a data breach, we follow a structured response plan to mitigate risks, notify affected individuals, and report the incident to the relevant authorities if required.

Policy Updates
We may review and update this Data Retention Policy periodically to reflect legal, regulatory, or operational changes. Updates to this policy will be communicated on our website to ensure ongoing transparency in our data retention practices.

For questions about this policy or requests related to your data, please contact us.

error: Content is protected !!