Lifeplus Europe Limited
Data Retention Policy
We are Lifeplus Europe Limited. Lifeplus Europe is a data controller and a data processor. Our nominated representative for data protection is Sam Arnold. Our registered office is at Lifeplus House, Little End Road, Eaton Socon, St Neots, Cambridgeshire PE19 8JH. We may be reached at T +44 1480 224610; F +44 1480 224611; email to firstname.lastname@example.org.
This Policy sets out the obligations of Lifeplus Europe regarding retention of personal data collected, held, and processed by the company in accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”), who can be identified by reference to an identifier such as a name or an identification number such as a Lifeplus PIN number or by a physical, physiological, genetic, or other social identity of that natural person.
Under GDPR, Lifeplus Europe is required to keep personal data in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Sometimes it may be stored for longer periods, including where that data is to be processed for statistical purposes (provided we implement appropriate technical and organisational measures required by the GDPR to protect that data).
Data subjects have certain rights with respect to their data that we collect and store and these are explained in our Customers’ Rights Policy. This policy may be viewed at www.lifeplus.com/web-page/privacy-rights. These rights include the right to have their personal data erased and to prevent the processing of that personal data in the following circumstances:
- Where the personal data is no longer required for the purpose for which it was originally collected or processed;
- When the data subject withdraws their consent;
- When the data subject objects to the processing of their personal data and Lifeplus Europe has no overriding legitimate interest;
- When the personal data is processed unlawfully (i.e. in breach of GDPR); and
- When the personal data has to be erased to comply with a legal obligation
Additional rules concern the processing of personal data relating to the provision of information society services to a child but these do not apply to Lifeplus Europe.
For further information on data protection and compliance with the GDPR, please refer to our Privacy Notice which can be found at www.lifeplus.com/web-page/privacy-notice. The Privacy Notice sets out the types of personal data held by the company and the reasons why it is processed.
The primary aim of this Policy is to set out limits for the retention of personal data and to ensure that those limits, as well as further data subject rights to erasure, are complied with. This Policy applies to all personal data held by Lifeplus Europe and by third-party data processors processing personal data on the company’s behalf.
Personal data, held by Lifeplus Europe is stored in the following ways and in the following locations:
- In the company’s servers, located in St Neots, Cambridgeshire in the UK and in Batesville, Arkansas in the US
- In third-party servers located in the UK and in the US
- In computers permanently located in the company’s premises at St Neots, Cambridgeshire and in Bedford, Bedfordshire in the UK and in Batesville, Arkansas in the US
- In laptop computers, mobile phones and other mobile devices provided by the company to its employees
- On computers and mobile devices owned by employees, agents, and sub-contractors used in accordance with the company’s internal data security policies
- In paper records stored in St Neots, Bedford and Batesville
All personal data is held by Lifeplus Europe in accordance with the requirements of the GDPR and data subjects’ rights thereunder, as set out in the company’s Customers’ Rights Policy. This policy may be viewed at www.lifeplus.com/web-page/privacy-rights.
Measures have been put in place at Lifeplus Europe to protect the security of personal data which all employees must follow:
- All paper records containing personal data, along with any electronic copies on physical media must be stored securely
- Personal data must be handled with care at all times and should not be left unattended or on view
- Computers used to view personal data must always be locked before being left unattended
- Access to personal data (such as customer information and banking details) is restricted and should only be handled through approved business methods and systems and should not be accessed by unauthorised personnel. The use of employee-owned equipment for the transmission of personal data is prohibited.
- Personal data (such as customer information and banking details) must be collected for specific, explicit processing only and must not be printed or otherwise stored in any form after the specific, explicit processing has been completed
- Contractors and other parties when working on behalf of the company are required to process personal data, must comply fully with the company’s data protection policies and the GDPR
All employees and other parties working on behalf of the company receive training and are made fully aware of both their individual responsibilities and the company’s responsibilities under the GDPR.
Different types of personal data, used for different purposes, will be retained where necessary for different periods. When establishing and/or reviewing retention periods, in considering the requirements of GDPR, Lifeplus Europe will take the following factors into account:
- The objectives and requirements of the company
- The type of personal data in question
- The purpose(s) for which the data in question is collected, held, and processed
- The company’s legal basis for collecting, holding, and processing that data
- The category or categories of data subject to whom the data relates
Notwithstanding the defined retention periods, certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within the company to do so (whether in response to a request by a data subject or otherwise).
All data retention is subject to the implementation of appropriate technical and organisational measures to protect the rights and freedoms of data subjects, as required by GDPR.
Lifeplus Europe Limited
Registered in England, Company Number 3231785