Data retention policy
Data Retention Policy
Last reviewed: 29 July 2025
1.Purpose
This Data Retention Policy outlines how Evolution Aqua Group Ltd (“we”, “our”, or “us”) manages the storage and deletion of personal data. It ensures we retain data only for as long as is necessary for the purposes for which it was collected, to meet legal, regulatory, and operational requirements.
2. Scope
This policy applies to all personal data held by Evolution Aqua Group Ltd in both electronic and physical formats across all business units and departments.
3. Retention Principles
We adhere to the following principles:
– Data will not be kept longer than necessary.
– Retention periods are determined by legal obligations, business needs, and customer expectations.
– Data no longer needed will be securely deleted or anonymised.
4. Retention Periods by Category
Data Category
|
Retention Period |
Reason/Justification |
Customer contact |
7 years after last |
To support |
Payment and |
7 years |
Required for tax |
Marketing consent |
Until consent is |
To demonstrate |
Recruitment data |
12 months from |
In case of future |
Employment records |
6 years after |
Statutory |
Health and safety |
40 years (for |
Legal requirement |
CCTV and video |
30 days (unless |
For security and |
Dashcam footage |
30 days (unless |
Operational need |
Complaints and |
6 years |
In line with |
5. Secure Deletion
At the end of the retention period, personal data will be:
– Permanently deleted from all systems and backups, or
– Anonymised where continued use is required without identifying individuals.
6. Responsibilities
It is the responsibility of data owners and managers across the business to ensure compliance with this policy. The Data Protection Officer (DPO) or designated privacy lead is responsible for monitoring retention practices and advising on exceptions.
7. Review and Updates
This policy will be reviewed annually or whenever significant changes in legislation or operations occur.