Purpose
This Data Retention Policy outlines the principles and procedures for managing data stored in the production database and data lake at SourceDay. The policy ensures compliance with legal, regulatory, and business requirements while optimizing data storage and operational efficiency.
Scope
This policy applies to all data stored in the production database and data lake managed by SourceDay. It covers structured and unstructured data, including customer, operational, and analytical data.
Retention Periods
All data retention is aligned with the specific purposes for which the data was originally collected, in accordance with the principle of data minimization and purpose limitation under GDPR and is intended to serve an explicit purpose for SourceDay’s product and customers. Retention periods are regularly reviewed to ensure continued necessity and compliance with applicable laws and business requirements.
Operational data
- Customer-generated data (from ERP or supplier): retained for a maximum of 7 years to meet operational and audit requirements
- Transactional Data: retained for a maximum of 7 years to meet operational and audit requirements
- Audit Data: retained for a maximum of 7 years to meet operational and audit requirements
Documents
- User uploaded files: retained for 3 years
- User generated reports: retained for 3 years
Processed Data
- Aggregated and anonymized data: retained indefinitely
- SourceDay-generated metrics and data points: retained indefinitely
Deletion and Archival
– Deletion Procedures: Data exceeding retention periods will be securely deleted or anonymized using approved methods.
– Archival Process: Data needed for historical or compliance purposes may be archived in a secure, low-cost storage solution with access limited to authorized personnel.
Access and Security
Access to retained data is limited to authorized employees and follows SourceDay’s data access policies. All data will be encrypted at rest and in transit.
Exceptions
Exceptions to this policy must be documented and approved by SourceDay.
Review and Updates
This policy will be reviewed annually and updated as necessary to reflect changes in business, legal, or regulatory requirements.