UPZELO LIMITED (“UPZELO”) - DATA RETENTION POLICY.
The retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (the “UK GDPR”), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 as amended, and any successor legislation (“GDPR Laws”) do not specify specific periods for data retention, deletion or destruction. The policy of data retention under the Data Retention (EC Directive) Regulations 2009 applies to a wide range of sources. This Upzelo Retention Policy will define how Upzelo stores, retains, archives, retrieves and disposes of personal data (as defined in the GDPR Laws) that it receives, holds, uses and processes as it performs its services for those registered to use Upzelo services on its website at www.upzelo.com. Inappropriate retention of such personal data may lead to a breach of contract as well as a breach of legislation leading to potential financial or reputational loss. Should Upzelo be subject to unexpected events such as business continuity issues or litigation there may be occasions where it needs to have access to the original personal data to protect its interests and those of its direct counterparties who by agreement can use Upzelo’s website services.
The GDPR Laws aim to reduce the time that personal data is held by entities after the original consented purpose of it being held or processed has finished. Upzelo has considered the nature of the data it holds, the services it provides, the methods and reasons for clients giving their consent to Upzelo and how such consented purposes ceases alongside the justified general legal (contract and tortious) and practical need to retain it. The conclusions of Upzelo and its working policy is shown in the table in Section 3 below. Directors and senior management of Upzelo will ensure all employees are aware of this Data Retention Policy and of the personal data retention periods as stated in this Policy. All personal data that is no longer required or used in accordance with the consent of the data subject (as defined in the GDPR Laws) will be destroyed in accordance with this Data Retention Policy. Any personal data held in hard copy will be stored in locked cabinets or offsite in a secure location until that time. It is incumbent upon all Upzelo staff to ensure accurate records are maintained electronically to match any hard copy records held within Upzelo and that the location of the file is recorded.
Personal data will, so far as technologically possible at the time be deleted/redacted or otherwise destroyed as soon as reasonably practicable after the said retention period. This Data Retention Policy comes into force on 10th February 2022 and will be reviewed annually to by the Upzelo ensure it remains fit for purpose.
Dated: 10th February 2022
