A standard data retention policy example will first set forth its purposes in retaining information, define the users it concerns, and clarify its scope. It will then refer to relevant reference documents, laws and regulations. Next it will usually discuss the detailed data retention requirements, such as a general retention schedule, rules for safeguarding data during retention, guidelines for destruction of data, and rules for breach, enforcement, and compliance.
When considering a personal data retention policy, you must carefully audit all data collected to be sure your data retention policy considers all personal data your organization stores. Data stored in databases, documents, email, financial data, images, production data, system state information, and videos might all be important for your personal data retention policy.
Next, consider the location of the data subject. In some cases, data located in different places may require unique data retention policies. This is, in part, because different business and legal requirements may control various databases, servers, hardware, and other locations.
Any data retention policy guidelines should touch upon backup frequency. Relevant questions include:
Is there a risk of data loss? If so, how severe is that risk?
Should we backup the data more than once a day? If so, how often?
How long should we keep the data—and does it change depending on the type of data?
This is an example of a retention schedule set forth in this kind of data backup and retention policy:
Retain every daily backup for 7 days
Retain every weekly backup for 4 weeks
Retain every monthly backup for 12 months
Retain every annual backup for 7 years
Finally, ensure you eliminate any data silos or islands of data outside the backup data retention policy, including desktops, laptops, and remote offices.
- a. Achieve Method
- I. Automation Process
- II. Automatic process of archiving data runs once every month which will archive all the data matching below criteria to cold storage
- b. Criteria for archiving the data
- I. All the unpublished data will be archived in the cold storage which can be retrieved with 30 days prior notice. Any data uploaded by the user who has deleted the account or has ended the contract with the company will also be treated as unpublished data. All the activity logs of the user which may contain the IP address, location, device details, user agents will be archived after 180 days to cold storage as per guidelines of govt of india.
- II. Raw files of the content uploaded will be archived to cold storage after 180 days.
- III. We do not change any content while converting the files except for the addition of a watermark containing the logo of the product / brand & name and / or of the user id of the creator or the end user.
- IV. Any data retrieval from cold storage can be done within a maximum up to 30 days. Not applicable for any law enforcement agencies of the country.
- c. Media used to store the data
- There may be different archival mechanisms used at times ranging from deep archival object stores in cloud storage provided by cloud platforms on which the application is hosted.
- d. Data access Rules
- I. Archived data can only be accessed by the administrator of the cloud account for which the respective person must produce the request for access in writing over email to firstname.lastname@example.org of archival data by govt. or any respective authority.
- e. Mechanism that facilitates the process
- I. There may be different archival mechanisms used at times ranging from deep archival object stores in cloud storage provided by cloud platforms on which the application is hosted.
- a. Organisation Legal requirements
- I. Organisation reserves the right to collect the data including but not limited to IP Address, Device information, User Agents, Email Address, Phone Number, Universal Ad ID (if present) for legal purposes.
- II. Same data can be produced to any legal or government regulatory entity for auditing purposes.
- III. All the users of any application of Armsprime Media Pvt Ltd. are supposed to adhere to the data policy
- b. FPR for data retention policy
- I. Administrator of the cloud account.
- 1. When will the internal audit for compliance be conducted?
- Internal audit of the data archival process as mentioned in the policy above will be conducted every 6 months by the administrator of the cloud account.
- 2. Frequency of Data retention
- All the data which is published and currently visible on the platform is always stored in regular storage and can be retrieved for auditing purposes as and when required.
- All the unpublished data or data which does not match the terms & conditions of Armsprime Media Pvt Ltd is liable to be retained for up to 180 days from the date of unpublishing.
- Any legal or govt entity will be given access to published or unpublished data for auditing purposes as per the minimum notice days mentioned in ‘Criteria for Archiving Data’.
The details of our Chief Compliance Officer for compliance with the Information Technology, 2000 and the Rules made thereunder are below:
Name: Sayoni Sinha
Designation: Chief Compliance Officer
Email ID: email@example.com
The details of our Nodal Contact Person for coordination with law enforcement agencies and officers are below:
Name: Ishwaree Jange
Designation: Nodal Officer
Email ID: firstname.lastname@example.org
For any further grievance related issues, you may contact email@example.com
If there are any questions regarding these terms and conditions, you may contact us using the information below:
Armsprime Media Pvt. Ltd., 91 Springboard 74 Techno Park, Andheri East74/II, “C” Cross Road, Opp Gate No 2, MIDC 400 093, Seepz, Andheri East, Mumbai, Maharashtra; Email: firstname.lastname@example.org; Contact number - +91 93218 21735.
This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable and the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures.
I have read and understood the Terms and Conditions and I hereby, out of my free will, unconditionally accept to be bound by the same.