General

This document is only applicable to employees of Blue Ring Digital Services Limited.

"Data Retention and Destruction Policy" refers to this Data Retention and Destruction Policy.

"You", "Your" refers to You the employee of Blue Ring Digital Services Limited.

"We", "Us", "Our", "Blue Ring Digital Services Limited" refers to Blue Ring Digital Services Limited.

This Data Retention and Destruction Policy sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within Blue Ring Digital Services Limited.

This Data Retention and Destruction Policy applies to all business units, processes, and systems in all countries in which Blue Ring Digital Services Limited conducts business and has dealings or other business relationships with third parties.

This Data Retention and Destruction Policy applies to all Blue Ring Digital Services Limited officers, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to data (including personal data and/ or sensitive personal data). It is the responsibility of all of the above to familiarise themselves with this Data Retention and Destruction Policy and ensure adequate compliance with it.

This Data Retention and Destruction Policy applies to all information used at Blue Ring Digital Services Limited.

We will try to keep everything in this document as straightforward as possible, but if there’s anything You don’t understand, please get in touch with Us.

The headings in this Data Retention and Destruction Policy are for convenience only and shall not affect their interpretation.The masculine shall include the feminine and the neuter and the singular the plural and vice versa.

If any provision or part of any provision of this Data Retention and Destruction Policy is found by a court or other competent authority to be void or unenforceable, such provision or part of a provision shall be deleted from this Data Retention and Destruction Policy and the remaining provisions or parts of the provision shall continue to be in full force and effect.

Reference Documents

  • EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC);
  • .

Retention Rules

In the event, for any category of documents not specifically defined elsewhere in this Data Retention and Destruction Policy (and in particular within the Data Retention and Destruction Schedule) and unless otherwise mandated differently by applicable law, the required retention period for such document/ record will be deemed to be 3 years from the date of creation of the document/ record.

Retention General Schedule

The Data Protection Officer defines the time period for which the documents and electronic records should to be retained through the Data Retention and Destruction Schedule. As an exemption, retention periods within Data Retention and Destruction Schedule can be prolonged in cases such as:-

  • Ongoing investigations from member states authorities, if there is a chance records of personal data are needed by Blue Ring Digital Services Limited to prove compliance with any legal requirements;

  • When exercising legal rights in cases of lawsuits or similar court proceeding recognised under local law.

Safeguarding of Data during Retention Period

The possibility that data media used for archiving will wear out shall be considered. If electronic storage media are chosen, any procedures and systems ensuring that the information can be accessed during the retention period (both with respect to the information carrier and the readability of formats) shall also be stored in order to safeguard the information against loss as a result of future technological changes. The responsibility for the storage falls to the Data Protection Officer.

Destruction of Data

Blue Ring Digital Services Limited and its employees should, on a regular basis, review all data, whether held electronically on their device or on paper, to decide whether to destroy or delete any data once the purpose for which those documents were created is no longer relevant. Overall responsibility for the destruction of data falls to the Data Protection Officer.

Once the decision is made to dispose according to the Data Retention and Destruction Schedule, the data should be deleted, shredded or otherwise destroyed to a degree equivalent to their value to others and their level of confidentiality. The method of disposal varies and is dependent upon the nature of the document.

In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that the Data Protection Officer subcontracts for this purpose.

Appropriate controls shall be in place that prevents the permanent loss of essential information of Blue Ring Digital Services Limited as a result of malicious or unintentional destruction of information – these controls are described in the Blue Ring Digital Services Limited .

The Data Protection Officer shall fully document and approve the destruction process. The applicable statutory requirements for the destruction of information, particularly requirements under applicable data protection laws, shall be fully observed.

Breach, Enforcement and Compliance

The person appointed with responsibility for data protection, the Data Protection Officer, has the responsibility to ensure that each of the Blue Ring Digital Services Limitedoffices complies with this Data Retention and Destruction Policy. It is also the responsibility of the Data Protection Officer to assist any local office with enquiries from any local data protection or governmental authority.

Any suspicion of a breach of this Data Retention and Destruction Policy must be reported immediately to Data Protection Officer. All instances of suspected breaches of the Data Retention and Destruction Policy shall be investigated and action taken as appropriate.

Failure to comply with this Data Retention and Destruction Policy may result in adverse consequences, including, but not limited to, loss of customer confidence, litigation and loss of competitive advantage, financial loss and damage to the Blue Ring Digital Services Limited reputation, personal injury, harm or loss. Non-compliance with this Data Retention and Destruction Policy by permanent, temporary or contract employees, or any third parties, who have been granted access to the Blue Ring Digital Services Limited premises or information, may therefore result in disciplinary proceedings or termination of their employment or contract. Such non-compliance may also lead to legal action against the parties involved in such activities.

Document Disposal

Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows:-

  • Announcements and notices of day-to-day meetings and other events including acceptances and apologies;

  • Requests for ordinary information such as travel directions;
  • Reservations for internal meetings without charges / external costs;
  • Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slips and similar items that accompany documents but do not add any value;
  • Message slips;
  • Superseded address list, distribution lists etc.;
  • Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files;
  • Stock in-house publications which are obsolete or superseded;
  • Trade magazines, vendor catalogues, newsletters and flyers from vendors or other external organisations.

In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation.

Destruction Method

Paper based documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm.

Electronic data is subject to secure deletion when the device/ hardware is disposed of.

Disposal should include proof of destruction.

Data Retention and Destruction Schedule

Changes to Our Data Retention and Distruction policy

This Data Retention and Destruction Policy replace all previous versions. We reserve the right to change this Data Retention and Destruction Policy at any time.