openai-domain-verification=dv-EwQEmWTbOFTVYsxfoxxQ1oFz
top of page

Privacy Policy

Data Retention and Deletion Policy

1. Purpose

This policy outlines Structured PM's approach to data retention and deletion to ensure compliance with GDPR, the UK Data Protection Act, and other applicable regulations. It establishes clear retention periods and deletion procedures to enhance data security, operational efficiency, and regulatory compliance.

2. Scope

This policy applies to all data collected, stored, and processed by Structured PM, including personal data, client records, financial data, and operational documents. It covers digital and physical records across all departments and platforms.

3. Data Classification

Structured PM categorises data into the following types:

Personal Data: Client and employee information, including contact details and identification data.

Financial Records: Invoices, tax documents, and financial statements.

Operational Documents: Contracts, project records, and internal reports.

Marketing Data: Email lists, CRM records, and analytics data.

4. Retention Periods

Data will be retained only for as long as necessary, in compliance with legal and business requirements:

Customer and Client Data: Retained for 5 years after project completion or contract termination.

Financial Records: Retained for 6 years to comply with HMRC tax regulations.

Employee Data: Retained for 6 years post-employment.

Marketing Data: Retained until consent is withdrawn or after 2 years of inactivity.

Project Documentation: Retained for 7 years post-completion for audit and reference purposes.

5. Deletion Procedures

At the end of the retention period, data will be securely deleted or archived as follows:

Personal and Client Data: Permanently erased from all systems, including backups, using GDPR-compliant deletion methods.

Financial and Operational Data: Securely archived if required for legal or business purposes; otherwise, permanently deleted.

Marketing Data: Removed from CRM systems upon withdrawal of consent or inactivity.

Physical Documents: Shredded or securely disposed of in accordance with best practices.

6. Automated Retention & Review

Structured PM will implement automated workflows to flag and delete expired data.

Regular audits will be conducted to ensure compliance with the retention schedule.

Backup data containing deleted records will be purged periodically to prevent unauthorised retention.

7. Data Security & Access Control

Only authorised personnel may access stored data.

Role-based access controls will be applied to minimise data exposure.

Encrypted storage will be used where necessary to protect sensitive data.

8. Employee Training & Compliance

All employees handling data must be trained on this policy and GDPR compliance. Non-compliance may result in disciplinary action.

9. Policy Review & Updates

This policy will be reviewed annually to ensure alignment with evolving regulations and business needs.

10. Contact Information

For any queries regarding this policy, please contact Structured PM’s Data Protection Officer Tiago Lourenco at info@structured-pm.com.

bottom of page