Data Retention Policy
Last updated: March 18, 2025
This Data Retention Policy describes how Brax Uvsol collects, stores, and manages personal and operational data. It outlines the periods for which different categories of data are retained, the reasons for retention, and the procedures applied when data is no longer required. By using our services, you acknowledge the practices described in this policy.
1. Purpose and Scope
This policy applies to all personal data and non-personal operational data processed by Brax Uvsol in connection with the delivery of its services. It covers data collected through our website, client communications, service agreements, and any associated platforms or tools.
The purpose of this policy is to ensure that data is:
- Retained only for as long as necessary to fulfil the purpose for which it was collected
- Managed in a consistent and accountable manner across all operational areas
- Disposed of securely when it is no longer required
- Protected against unauthorized access, loss, or misuse throughout its lifecycle
2. Categories of Data We Retain
2.1 Client and User Data
This includes personal information provided when registering for or using our services, such as full name, email address, phone number, postal address, and any other identifying information submitted through forms, communications, or account creation.
2.2 Financial and Transactional Data
Records relating to payments, invoices, subscription details, and billing history are retained for compliance, dispute resolution, and financial reporting purposes.
2.3 Communication Records
Correspondence exchanged between clients and our team, including emails, support messages, consultation notes, and service-related communications, may be retained to maintain accurate service records and ensure continuity of care.
2.4 Usage and Technical Data
Automatically collected data such as IP addresses, browser type, device identifiers, session duration, pages visited, and other technical logs generated through interaction with our website or platform.
2.5 Contractual and Legal Documents
Signed agreements, consent forms, service contracts, and related legal documentation maintained as part of our operational and compliance obligations.
3. Retention Periods
Data is retained for the minimum period necessary to fulfil its collection purpose, after which it is securely deleted or anonymized. The following table outlines general retention periods by data category:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Client account information | Duration of active relationship + 3 years | Service delivery and legitimate interest |
| Financial and billing records | 7 years from transaction date | Legal and regulatory compliance |
| Consultation and session notes | 5 years from last interaction | Service continuity and quality assurance |
| Support and communication logs | 3 years from date of correspondence | Dispute resolution and service improvement |
| Usage and technical logs | 12 months from collection | Security monitoring and analytics |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent and compliance |
| Legal and contractual documents | 10 years from contract end date | Legal obligation and dispute resolution |
| Anonymized or aggregated data | Indefinitely | Statistical analysis and service development |
These periods are indicative. Actual retention may be extended where required by applicable legal obligations, regulatory requirements, or ongoing legal proceedings.
4. Legal Basis for Retention
We retain data only where we have a valid legal basis to do so. The primary legal grounds on which data is retained include:
- Contractual necessity: Retaining data required to fulfil our obligations under a service agreement with a client
- Legal obligation: Retaining data to comply with applicable laws, regulations, tax requirements, or court orders
- Legitimate interests: Retaining data where we have a genuine business need that does not override individual rights
- Consent: Retaining data for purposes where the individual has provided specific, informed consent
5. Data Review and Deletion Procedures
5.1 Scheduled Reviews
We conduct periodic reviews of retained data to identify records that have exceeded their applicable retention period. These reviews are carried out at least annually and are documented as part of our internal compliance records.
5.2 Deletion and Anonymization
Upon expiry of the applicable retention period, data is either permanently deleted or anonymized so that it can no longer be linked to an identifiable individual. The method of deletion depends on the nature and sensitivity of the data, with secure erasure techniques applied to sensitive categories.
5.3 Exceptions and Holds
Deletion may be suspended where data is subject to a legal hold, ongoing investigation, regulatory inquiry, or active legal dispute. In such cases, the data will be preserved until the matter is resolved and the hold is lifted.
6. Data Storage and Security
All retained data is stored using appropriate technical and organizational security measures designed to protect against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data at rest and in transit where applicable
- Access controls restricting data to authorized personnel only
- Regular security assessments and system monitoring
- Secure backup procedures with defined recovery processes
Third-party service providers engaged for data storage or processing are required to maintain equivalent standards of security and are bound by contractual data processing agreements.
7. Third-Party Data Processors
Where we share data with third-party processors, including cloud service providers, analytics platforms, or payment processors, those parties operate under instructions consistent with this policy. We require that third parties:
- Retain data only for the period necessary to perform agreed services
- Do not use retained data for purposes beyond those specified
- Delete or return data upon termination of the service relationship
- Maintain appropriate security measures throughout the retention period
8. Individual Rights Regarding Retained Data
Individuals whose data we retain may exercise certain rights in relation to that data, subject to applicable legal exceptions. These rights may include:
- Right of access: Requesting confirmation of whether data is held and obtaining a copy
- Right to rectification: Requesting correction of inaccurate or incomplete data
- Right to erasure: Requesting deletion of data where retention is no longer justified
- Right to restriction: Requesting that processing of data be restricted pending review
- Right to object: Objecting to retention based on legitimate interests grounds
Requests relating to personal data can be directed to our contact details below. We will respond within a reasonable timeframe in accordance with our obligations.
9. Cookies and Tracking Technologies
Data collected through cookies and similar tracking technologies is subject to shorter retention periods aligned with the specific purpose of each technology. Session cookies are deleted at the end of a browser session. Persistent cookies are retained for the duration specified in our Cookie Policy. Analytics data derived from tracking technologies may be retained in aggregated form beyond the expiry of individual cookies.
10. Changes to This Policy
We reserve the right to update this Data Retention Policy at any time. Changes will be reflected by updating the date at the top of this document. Where changes are material, we may provide additional notice through our website or by direct communication. Continued use of our services following any update constitutes acceptance of the revised policy.
11. Contact Information
If you have any questions regarding this policy or wish to exercise your rights in relation to retained data, please contact us using the details below:
Brax Uvsol
Euro Dom, Świtezianki 16 III piętro, budynek, 91-498 Łódź, Poland
Email: [email protected]
Phone: +48785003293
Website: forever-grove.com