Data Retention Policy

Effective Date: 15th September 2025
Last Updated: 15th September 2025

1. Introduction

DynamicL Technology Solutions Limited ("we", "our", "us") is committed to protecting the privacy and security of personal data. This Data Retention Policy outlines how long we retain different types of personal data and the criteria used for determining retention periods in compliance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all personal data processed by DynamicL Technology Solutions Limited, including:

Customer and client data
Employee and contractor data
Website visitor data
Marketing and communications data
Supplier and partner data

3. Legal Basis for Data Retention

We retain personal data in accordance with:

UK GDPR requirements for data minimisation and storage limitation
Legal and regulatory obligations
Legitimate business interests
Contractual requirements

4. Data Retention Periods

The following table outlines our standard retention periods for different categories of personal data:

Data Category	Retention Period	Legal Basis	Disposal Method
Customer Account Data	3 years after account closure	Contract performance, legal obligation	Secure deletion/destruction
Transaction Records	7 years from transaction date	Legal obligation (tax/accounting)	Secure deletion/destruction
Employee Records	6 years after employment ends	Legal obligation, legitimate interests	Secure deletion/destruction
Website Analytics	12 months	Legitimate interests	Automated deletion
Marketing Communications	Until consent withdrawn + 12 months	Consent, legitimate interests	Secure deletion
CCTV Footage	12 weeks	Legitimate interests, legal obligation	Automatic overwriting
Cookies and Website Data	As specified in Cookie Policy	Consent, legitimate interests	Automatic expiry/deletion
Correspondence/Communications	3 years	Legitimate interests, contract	Secure deletion

5. Factors Determining Retention Periods

When determining appropriate retention periods, we consider:

Legal requirements: Statutory retention periods for specific data types
Business necessity: How long data is needed for operational purposes
Data sensitivity: The risk associated with retaining the data
Individual expectations: Reasonable expectations of data subjects
Storage costs: The cost and effort of maintaining the data

6. Data Review and Disposal

6.1 Regular Reviews

We conduct regular reviews of retained data to ensure:

Data is still necessary for the original purpose
Retention periods are appropriate and compliant
Data quality and accuracy is maintained

6.2 Secure Disposal

When retention periods expire, we ensure secure disposal through:

Secure deletion of digital data using industry-standard methods
Physical destruction of paper records
Secure wiping of storage devices
Certificate of destruction where appropriate

7. Exceptions to Standard Retention

We may retain data beyond standard periods when:

Legal proceedings are ongoing or reasonably anticipated
Regulatory investigations are in progress
Individual requests for extended retention are made
Specific legal obligations require longer retention

8. Data Subject Rights

Under UK GDPR, individuals have the right to:

Request information about how long their data will be retained
Request deletion of their data (right to erasure)
Object to processing based on legitimate interests
Request rectification of inaccurate data

9. International Transfers

Where we transfer personal data internationally, retention periods may be affected by local laws. We ensure appropriate safeguards are in place and retention periods comply with the most stringent applicable requirements.

10. Third-Party Data Processors

We ensure that third-party processors comply with our retention requirements through:

Contractual obligations specifying retention and deletion requirements
Regular audits and compliance checks
Clear instructions on data handling and disposal

11. Responsibilities

11.1 Data Protection Officer

Our Data Protection Officer is responsible for:

Overseeing compliance with this policy
Regular policy reviews and updates
Training staff on retention requirements

11.2 Staff Responsibilities

All staff must:

Follow retention guidelines for their area
Report any data retention concerns
Ensure secure disposal when required

12. Policy Review

This policy is reviewed annually or when:

Legal requirements change
Business operations significantly change
Data protection incidents occur
Technology or systems change substantially

13. Contact Information

For questions about this Data Retention Policy, please contact:

Data Protection Officer:
DPO
DynamicL Technology Solutions Limited
17 Rusland Drive, Bolton, BL2 3NU
Email: hello@dynamicl.com

General Data Protection Enquiries:
Email: hello@dynamicl.com

14. Complaints

If you have concerns about how we handle your personal data retention, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF