Retention Policy

1. Purpose

We hold personal data about our Users/Subscribers when using Services offered through our Website (www.fieldelite.com) where data is provided by the use of a computer or other compatible device/systems during any registration process. The effective date of this Retention Policy is 20/03/2018.

Fieldelite is a SAAS system and this policy only applies to the tenants and those who we interact with directly. Data processed by our subscribers/tenants is under their control and you must refer to their policies.

This policy ensures that necessary digital information is adequately protected, and that our Users/Subscribers understand the rules governing the use, retention and destruction of their personal information, when such are collected by Heidi Computers Ltd., and are no longer needed, all in accordance with our Terms of Service (TOS), Privacy Policy and in compliance with the General Data Protection Regulation (GDPR).

 

2. Definitions

Personal Data: Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: Means any operation or group of operations which are performed on personal data or on groups of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Consent of the Data Subject: Means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Retention: Means the storage of your personal information in our database and servers for the period indicated in Section 4.2 to this Policy.

Data Destruction: Means the total erasure of your personal information from our database and servers, and the total destruction of your personal printed information on our files, as indicated in Section 4.3 to this Policy.

 

3. Types of Data Covered by this Policy

The information covered by this policy is:

 

4. Our Procedures

We process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we do not process personal data unless the individual whose details we are processing has consented to this.

We ensure the reasonable use of personal data using at least one of the conditions for its processing and this will be specifically documented and supported. All staff who are responsible for processing personal data will be aware of the conditions for such processing. The conditions for processing are available to data subjects in the Privacy Policy.

4.1 Procedure for Ensuring that Data is Properly Retained:

4.2 Procedures for ensuring that Data is properly Destroyed (Right to be Forgotten and Erasure):

Upon request, we will remove/block your personally identifiable information from our database, thus cancelling your registration. However, your information may remain stored on our servers (in archives) for a period of ninety (90) days after you have withdrawn your consent as specified above.

After 90 days, your personally identifiable information will be discarded, as follows:

4. 3 Exception:

We will exceptionally keep your personal information for more than 90 days, after you have withdrawn your consent as specified above, in the event of:

 

5. Compliance

Failure on the part of our employees or our contract staff to follow this policy can result in possible civil and criminal sanctions against our Organisation and its employees or contract staff and possible disciplinary action against responsible individuals. In accordance with the General Data Protection Regulation (GDPR), we will periodically review that these procedures are complied with and any new or revised regulation at the time in force.