Data Deletion Policy
1. Introduction
This Data Deletion Policy outlines the procedures and guidelines for the Scottish company “GUITAR AND MUSIC ONLINE LEARNING LTD” (hereinafter referred to as “the Company”) to manage the deletion of personal data in accordance with applicable data protection laws and regulations. This policy is designed to ensure the responsible and secure handling of personal data throughout its lifecycle.
2. Scope
This policy applies to all personal data processed by the Company, whether in electronic or physical format. It covers data collected from customers, employees, contractors, and any other individuals whose data the Company processes.
3. Principles of Data Deletion
The Company is committed to the following principles when it comes to data deletion:
a. Necessity: Personal data will only be retained for as long as it is necessary to fulfill the purposes for which it was collected.
b. Lawfulness: The Company will comply with all relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR), when determining the lawful basis for processing and retaining personal data.
c. Accuracy: Personal data that is inaccurate or no longer necessary for its original purpose will be promptly deleted or rectified.
d. Security: Appropriate technical and organizational measures will be implemented to ensure the secure deletion of personal data.
4. Data Retention Periods
The Company will establish specific data retention periods for different categories of personal data, taking into account legal requirements and business needs. Retention periods will be documented and regularly reviewed to ensure compliance with applicable regulations.
5. Data Deletion Procedures
a. Automatic Deletion: Personal data that has reached the end of its retention period and is no longer required will be automatically deleted from all systems and databases.
b. Manual Deletion Requests: Individuals have the right to request the deletion of their personal data under certain circumstances. Such requests will be assessed on a case-by-case basis, and if the conditions for deletion are met, the data will be promptly and securely deleted.
c. Data Backups: Personal data stored in backup systems will also be subject to deletion procedures. Backups containing personal data that has exceeded its retention period will be securely overwritten or deleted during routine backup maintenance.
6. Third-Party Data Processors
The Company will ensure that third-party data processors engaged to process personal data on its behalf also adhere to appropriate data deletion practices. Contracts with such processors will include provisions for secure data deletion at the end of the engagement.
7. Record Keeping
The Company will maintain records of data deletion activities, including the date of deletion, the data subject’s identity (if applicable), the purpose of deletion, and the responsible personnel. These records will be retained for documentation and accountability purposes.
8. Training and Awareness
All employees and contractors who handle personal data will receive training on the Company’s data deletion procedures and the importance of responsible data handling.
9. Policy Review
This Data Deletion Policy will be reviewed periodically to ensure its effectiveness and compliance with changing legal and business requirements.
10. Contact Information
For any inquiries or requests related to data deletion, individuals can contact the Company’s designated data protection officer at [insert contact details].
11. Effective Date
This Data Deletion Policy is effective from 07/08/2023.
This policy is designed to ensure the secure and responsible management of personal data, promoting transparency and compliance with data protection regulations.