RiskWise Data Retention Policy
1. Purpose
This Data Retention Policy outlines how RiskWise ("we", "our", "us") manages the storage, retention, and deletion of customer data to ensure compliance with legal, regulatory, and contractual obligations.
2. Scope
This policy applies to all customer data collected, processed, and stored through the RiskWise platform, including but not limited to:
- User account information
- Property, Event and Action records
- Uploaded files and documents
- Logs and audit trails
- API usage data
3. Data Retention Periods
We retain data for the following durations unless otherwise agreed upon in a customer contract:
| Data Item | Retention Period |
| Archived Systems – Database & Files | 2 Years |
| Standard User Session Logs | 1 Year |
| Standard User Page View Logs | 1 Year |
| Contractor User Session Logs | 6 Months |
| Contractor User Page View Logs | 6 Months |
| Email Logs | 1 Year |
| 3rd Party Import Logs | 1 Year |
| 3rd Party Import Source Files | 1 Year |
| Deleted Property Data | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Files linked to Deleted properties | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Deleted Events | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Files linked to Deleted Events | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Deleted Actions | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Files linked to Deleted Actions | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Deleted Permit to Work records and associated Files | Retained in the database for a minimum of 12 months after the date of soft-deletion |
| Deleted Service Desk Request records and associated Files | Retained in the database for a minimum of 12 months after the date of soft-deletion |
4. Data Deletion
- Data deleted within a client RiskWise system is only 'soft-deleted' and is still kept within the client RiskWise database. If a client requests for specific data to be permanently deleted, we will do so, except in the event that we are required to keep it by law. ‘soft deleted’ data will also be removed in line with the retention periods specified above.
- If a client decides to no longer subscribe to RiskWise, we will archive that system, setting it as inactive, however we will only delete the system data upon client request or in line with our data retention periods specified above, provided always that we may retain certain data as required by law.
- Users may request early deletion of their data by contacting riskwise@s2partnership.co.uk.
5. Backups
- Backups are retained for disaster recovery purposes.
- Backup data is encrypted and stored securely.
- Deleted user data may remain in backups until the backup retention period expires.
6. Legal and Regulatory Requirements
We may retain certain data beyond the standard retention periods if required to:
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
7. Policy Updates
We reserve the right to update this policy. The Client Representative for a system will be notified of significant changes via email.
8. Contact
For questions or data deletion requests, please contact our Data Protection Officer at riskwise@s2partnership.co.uk.
Comments
0 comments
Article is closed for comments.