This document outlines the data retention policy for Lipad Tech Limited to ensure that the company complies with all relevant laws and regulations regarding data retention. The policy applies to all data created, received, and maintained by the company, whether in paper or electronic form.
Overview
This document outlines the data retention policy for Lipad Tech Limited to ensure that the company complies with all relevant laws and regulations regarding data retention. The policy applies to all data created, received, and maintained by the company, whether in paper or electronic form.
Data Storage Locations
The following shows applications and locations where card data is handled within the Lipad ecosystem as currently architected:
| Category | Name | Type | DC | Location |
|---|---|---|---|---|
| Checkout | lipad-checkout-ui-prod | App | BLR1 | Bangalore, India |
| lipad-checkout-api-prod | App | LON1 | London, United Kingdom | |
| Database | lipad-postgresql-prod-01 | Database | LON1 | London, United Kingdom |
1. Purpose
The purpose of this Data Retention Policy is to ensure that Lipad Tech Limited (hereinafter referred to as "the Company") maintains the highest standards of data security and compliance with relevant regulations, particularly regarding cardholder data. This policy outlines the procedures for identifying and securely deleting stored cardholder data that exceeds the defined retention period.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who have access to cardholder data within Lipad Tech Limited.
3. Definitions
- Cardholder Data: Any personally identifiable information associated with a cardholder. This includes primary account number (PAN), cardholder name, expiration date, and service code.
- Retention Period: The duration for which cardholder data is stored by the Company.
4. Data Retention Schedule
- The retention period for cardholder data is defined as a specific time frame (e.g., 90 days).
- Beyond this period, cardholder data should be promptly identified and securely deleted from all storage systems.
5. Quarterly Data Purge Process
To ensure compliance with the defined retention period, the Company will conduct a quarterly process for identifying and securely deleting stored cardholder data. This process will include the following steps:
5.1 Data Inventory
Conduct a comprehensive inventory of all systems and databases that store cardholder data, and document the location, type, and volume stored in each.
5.2 Data Assessment
Review the data inventory to identify cardholder data that has exceeded the defined retention period, cross-verifying with transaction records and relevant logs.
5.3 Authorization & Documentation
Obtain necessary authorization from designated personnel for deletion, and document the details including date and individuals involved.
5.4 Secure Deletion Process
Utilize secure deletion methods to permanently remove cardholder data, confirm successful deletion, and maintain records of the process.
5.5 Monitoring & Reporting
Regularly monitor the success of the quarterly purge and generate reports summarizing deleted data, retention compliance, and any deviations.
6. Training and Awareness
Conduct regular training sessions for employees involved in the data purge process to ensure understanding of the policy and compliance requirements.
7. Non-Compliance Consequences
Failure to comply with this Data Retention Policy may result in disciplinary action, including but not limited to warnings, suspension, or termination of employment or contract.
8. Review and Revision
This Data Retention Policy will be reviewed annually and updated as needed to ensure continued compliance with regulations and industry best practices.
9. Contact Information
For questions or concerns regarding this policy, contact the relevant department or individual using the details below.
Conclusion
Lipad Tech Limited's data retention policy aims to ensure that data is retained only as long as necessary, is destroyed securely, and is backed up regularly. All data will be classified based on its sensitivity, importance, and legal requirements to determine its retention period and destruction requirements. The policy will be communicated to all employees, contractors, and third-party vendors who handle company data, and compliance with legal and regulatory requirements will be ensured. Any exceptions to the policy must be approved by the company's legal and compliance team and documented appropriately.
Contact Us
If you have questions regarding our data retention policy or any enquiries, kindly contact us via the information below.
Operations Headquarters — Lipad Tech Limited
Get in touch