Data Retention Policy

1. About this policy

The information, records, and data held by Digital Leads are important to the way we operate our business, manage website registrations, deliver campaigns, respond to enquiries, and demonstrate compliance with legal and regulatory obligations.

There are circumstances in which we are required to retain data for a defined period of time. There are also circumstances where retaining data for too long may create unnecessary risk, cost, and compliance exposure. This policy is intended to ensure that data is kept for no longer than necessary, while also making sure that records remain available where they are needed for business, legal, regulatory, security, audit, or dispute-resolution purposes.

This policy may be updated from time to time and does not create contractual rights. It is a policy statement explaining how Digital Leads approaches data retention and disposal.

2. Scope of this policy

This policy applies to personal data and non-personal data that Digital Leads holds or controls in connection with website registrations, lead generation activity, marketing records, customer support, technical systems, analytics, compliance administration, and related business operations.

It covers both electronic and physical records, including databases, emails, call records, spreadsheets, campaign files, consent records, suppression files, contracts, invoices, support messages, exported reports, and documents or data stored by third-party providers on our behalf.

3. Guiding principles

Our retention practices are based on a number of core principles:

We retain data where there is a legal, regulatory, contractual, operational, evidential, security, or legitimate business reason to do so.

We do not intend to keep data indefinitely without justification.

We aim to comply with the storage limitation principle, meaning personal data should not be retained for longer than necessary for the purposes for which it was collected and processed.

We aim to handle retained data securely and dispose of data in a controlled and responsible manner once retention is no longer justified.

We maintain suppression and opt-out data for as long as reasonably necessary to ensure that marketing objections and unsubscribe requests are respected.

4. Roles and responsibilities

Digital Leads is responsible for determining appropriate retention periods, reviewing data holdings, and ensuring that data is not retained unnecessarily. Responsibility for data retention may be shared across management, compliance, operations, technical teams, and service providers acting on our behalf.

Where required, we may appoint or designate a responsible privacy, compliance, or data protection contact to oversee retention decisions, record keeping, disposal activity, and responses to access, deletion, or suppression requests.

5. Types of data covered

Data covered by this policy may include:

Formal or operational records: registration records, consent logs, suppression records, contracts, invoices, financial records, customer correspondence, compliance evidence, and technical logs that are needed for business operations or legal accountability.

Disposable or temporary information: duplicate exports, drafts, temporary working documents, internal notes that are no longer needed, and other material with only short-term value.

Personal data: information relating to identifiable individuals such as names, phone numbers, email addresses, postcodes, addresses, dates of birth, IP addresses, and communication records.

Non-personal data: aggregated reports, anonymised statistics, operational reporting, and technical metadata that does not identify a living individual.

6. Retention periods

We determine retention periods by considering the purpose for which the data was collected, the sensitivity of the data, the risk associated with retaining it, any legal or regulatory obligations, the need to establish or defend legal claims, the need to maintain security records, and the need to maintain evidence of consent, objections, or suppression.

As a general approach:

Registration and lead data may be retained for campaign administration, validation, fraud prevention, compliance, and business analysis for as long as reasonably necessary for those purposes.

Marketing consent records may be retained for as long as necessary to demonstrate when and how permission was obtained, and to evidence compliance if challenged.

Suppression and unsubscribe records may be retained for an extended period so that we can ensure individuals who object to marketing are not contacted again inappropriately.

Financial, accounting, tax, and contractual records may be retained for the periods required by law, regulation, audit practice, or standard business record-keeping requirements.

Temporary or disposable information should only be kept for as long as it has a genuine operational purpose.

Where data is no longer needed, it should be deleted, anonymised, or securely destroyed unless a valid exception applies.

7. Storage, backup, and disposal

Data should be stored in a secure, organised, and reasonably accessible way. Depending on the nature of the data, this may include secure databases, controlled-access folders, encrypted devices, protected cloud systems, and managed backups.

We may maintain backups for resilience, continuity, security, and disaster recovery purposes. Backup copies may persist for a limited period even after live records are updated or deleted, but we aim to ensure backup retention remains proportionate and controlled.

When data reaches the end of its retention period and is no longer required, it should be securely disposed of. Electronic data should be deleted or overwritten where appropriate, and physical documents should be shredded or otherwise destroyed in a secure way.

8. Special circumstances and preservation holds

In some situations, normal disposal or deletion schedules may need to be paused. This can happen where data may be relevant to current or anticipated litigation, regulatory enquiries, audits, investigations, disputes, law enforcement requests, security incidents, or internal reviews.

Where such a hold applies, affected data must be preserved until the issue is resolved and the hold is formally lifted. During that period, otherwise applicable deletion timelines may be suspended.

9. Data subject rights and retention decisions

Requests for access, rectification, deletion, restriction, objection, or withdrawal of consent are considered in line with applicable data protection law. In some cases, we may need to keep certain information even after a deletion request, for example where we must retain it for compliance, legal defence, fraud prevention, or suppression purposes.

Where we cannot delete information completely, we may instead restrict its use, archive it securely, or retain only the minimum necessary record required to respect future preferences or legal obligations.

10. Monitoring, review, and audit

We may periodically review the categories of data we hold, the purposes for which we keep them, the systems in which they are stored, and whether continued retention is justified. We may also review our disposal procedures, backup practices, and supplier arrangements to make sure retention remains proportionate and compliant.

11. Contact us

If you have questions about this Data Retention Policy or would like to make a request relating to your personal data, please contact:

Digital Leads
106 DLF Prime Towers,
OIA - I, New Delhi - 110020 INDIA

Email: info@digital-leads.in
Phone: +91 9319970289
ICO Registration Number: ZA252743