Data Retention Policy

**Data Retention Policy**

**1. Purpose**

The purpose of this policy is to establish guidelines and procedures for the retention and disposal of data within Together Software Ltd. This policy aims to ensure compliance with legal and regulatory requirements, optimize storage resources, and mitigate risks associated with retaining unnecessary data.

**2. Scope**

This policy applies to all employees, contractors, and third parties who handle or have access to Together Software Ltd's data assets.

**3. Data Classification**

Data shall be classified into categories based on sensitivity, legal requirements, and business needs, such as:

- Transactional Data: Data related to business transactions, such as invoices, purchase orders, and financial records.
- Customer Data: Information about customers, including personal details, purchase history, and communication records.
- Employee Data: Personal information about employees, including payroll records, performance reviews, and HR documents.
- Operational Data: Data necessary for the operation of systems and processes, such as system logs and configuration files.
- Regulatory Data: Data subject to specific legal or regulatory requirements, such as tax records and industry-specific compliance data.

**4. Retention Periods**

Retention periods for each category of data shall be defined based on legal requirements, industry standards, and business needs. The following factors shall be considered when determining retention periods:

- Legal Requirements: Compliance with applicable laws and regulations governing data retention, such as tax laws, industry regulations, and statutes of limitations.
- Business Needs: The operational and strategic value of retaining data for analysis, reporting, or historical purposes.
- Privacy Considerations: The need to protect the privacy and confidentiality of individuals' personal information by limiting the retention period.

**5. Data Retention Procedures**

- Identification: Data owners and custodians shall identify and classify data within their control based on the classification categories defined in this policy.
- Retention Schedule: A retention schedule shall be established for each category of data, specifying the retention period, storage location, and disposal method.
- Storage: Data shall be stored securely in accordance with Together Software Ltd's data storage policies and procedures to prevent unauthorized access or loss.
- Disposal: At the end of the retention period, data shall be securely disposed of using methods that render it irrecoverable, such as shredding physical documents or securely wiping electronic storage devices.

**6. Exceptions**

Exceptions to the defined retention periods may be granted in exceptional circumstances with the approval of Management and in compliance with applicable laws and regulations.

**7. Policy Review and Updates**

This data retention policy shall be reviewed and updated regularly to reflect changes in legal requirements, industry standards, and business practices.

**8. Compliance with Laws and Regulations**

Together Software Ltd is committed to complying with all relevant data retention laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any other applicable laws in the jurisdictions where we operate.

**9. Approval**

This data retention policy has been approved by Management and is effective as of 1st January 2024.