This personal data retention and destruction policy (this “policy”) sets out the obligations of Nanumo Limited (“Nanumo”/we/us/our”) regarding the retention of the personal data we collect, hold and process. The purpose of this policy is to set out the basis and periods for which we will retain personal data, and how we will dispose of personal data. This will ensure compliance with our legal obligations and effective data management. This procedure must be read together with Nanumo data protection policies and procedures.
This policy applies to all personal data received from service users, employees, professional advisers, suppliers and others, whether held in electronic or physical records, processed by Nanumo or on behalf of Nanumo (such as personal data in hosted or cloud systems). This includes personal data in structured records (such as databases), unstructured records (such as documents and spreadsheets), in emails, in audio and video recordings and includes personal data we generate (such as through access control systems and in personnel files) as well as personal data provided to us.
This Policy applies to all Nanumo employees, consultants and workers (“Personnel” “You”, “Your”). Your compliance with this Policy is mandatory.
This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and the Nigerian Data Protection Regulation, 2019 ('NDPR')
The same definitions as stated in the Nanumo Data Protection Policy apply for this policy.
The same responsibilities as stated in the Nanumo Data Protection Policy apply for this policy.
The following data retention and destruction principles shall apply to all personal data processed by Nanumo:
Meeting these principles helps to ensure that we manage risks to rights and freedoms of data subjects associated with processing their personal data, facilitate data subject rights, meet our legal obligations and improve the quality and efficiency of our data management.
Personal data will be retained for a period no longer than is required to provide the service for which the user has agreed to be provided.
In certain situations, personal data may be kept for longer but only where the Data Protection Officer has given his approval and where Nanumo has reasonable grounds for retain the personal data beyond the retention period. Examples include situations where:
When establishing or reviewing personal data retention periods, the following shall be considered:
Personal data shall be disposed of in the following circumstances:
Where personal data is erased at the request of a data subject, Nanumo may retain such limited personal data as is reasonably necessary to keep a record of the erasure for the purposes of demonstrating compliance, and enforcing erasure across all business systems, provided appropriate technical and organisational measures have been applied to the retained data in order to protect the risks to rights and freedoms of the data subject.
The personal data which may be erased, destroyed, or otherwise disposed of in a secure manner, are as follows:
In all cases, proof of destruction is to be recorded. Where an external destruction supplier is used, a certificate of destruction must be provided by the supplier.
Electronic or physical records may contain different types of personal data which are used for different purposes. These different types of personal data may be subject to different retention periods or have different levels of sensitivity. It is therefore imperative that the data itself is managed individually according to categories and not the physical or electronic file as a whole. It may be necessary to destroy some data from a file, at the same time retaining other information from the same file.
This Policy shall be deemed effective as of 21 July 2022 and shall be reviewed annually and following any data breach involving personal data by the Data Protection Officer and any other individual deemed necessary for the review process.
Updates to this policy will be made at this URL and more information about the policy and updates to the policy can be obtained by emailing [email protected]