Skip to main content
TRINAV DIGITAL PRIVATE LIMITED
TRINAV DIGITAL PRIVATE LIMITED

1. Purpose

The purpose of this Data Retention Policy is to establish guidelines for the retention, management, and secure disposal of data collected and processed by TRINAV DIGITAL Pvt. Ltd. ("the Company"). This policy is designed to:

  • Ensure compliance with legal, regulatory, and contractual obligations.
  • Protect the privacy and security of our customers, employees, and business partners.
  • Support effective data management practices throughout the data lifecycle.
  • Minimize the risks associated with data breaches and unauthorized access.

2. Scope

This policy applies to all data collected, processed, stored, and disposed of by the Company in connection with our e-commerce operations. It covers:

  • Customer data (personal information, payment details, order history, etc.)
  • Employee data
  • Supplier and partner data
  • Website analytics and usage data
  • Any other data collected as part of our business operations

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Sensitive Data: Data that requires additional protection, such as payment information or other sensitive personal data.
  • Retention Period: The duration for which data is kept before it is securely disposed of.
  • Data Subject: The individual whose personal data is collected, stored, or processed.

4. Data Classification and Retention Periods

Data shall be classified based on sensitivity and business value. The following are general retention periods; specific requirements may vary depending on the data type, applicable regulations, and business needs.

4.1 Customer Data

  • Account Information (e.g., name, email, contact details): Retained for the duration of the customer’s active account and for 10 years after account deactivation.
  • Order History and Transaction Records: Retained for 10 years from the date of transaction to comply with financial, tax, and audit requirements.
  • Payment Information: Stored only as necessary for transaction processing and retained in a secure, encrypted format in compliance with Payment Card Industry Data Security Standards (PCI DSS). This data is purged or tokenized as soon as practical after processing.

4.2 Employee Data

  • Personnel Records (e.g., employment history, payroll information): Retained for 10 years after employment termination, in accordance with local labor laws.
  • Recruitment Data: Retained for 18 months after the recruitment process is completed unless consent is given for longer retention.

4.3 Supplier and Partner Data

  • Contracts, Correspondence, and Related Documents: Retained for the duration of the partnership plus 1 years after termination.
  • Financial Records: Retained for 1 years in line with financial and tax regulations.

4.4 Website Analytics and Usage Data

  • Non-Personal Analytics Data: Retained for 1 months to support business analytics and performance improvement.
  • Personalized User Data: Retained in compliance with customer data policies and relevant legal requirements.

5. Data Storage and Security

  • Storage: Data shall be stored in secure, access-controlled systems that meet or exceed industry standards.
  • Encryption: Sensitive data must be encrypted both in transit and at rest.
  • Access Control: Access to stored data is limited to authorized personnel based on role and necessity.
  • Monitoring: Systems storing sensitive data must be regularly monitored for unauthorized access or suspicious activity.

6. Data Deletion and Anonymization

Once the applicable retention period expires, data shall be securely deleted, anonymized, or disposed of to ensure that it is no longer recoverable or associated with a data subject. This process includes:

  • Secure deletion of electronic files using approved methods.
  • Physical destruction of any paper records where applicable.
  • Documenting the deletion process for audit and compliance purposes.

7. Responsibilities

  • Data Protection Officer (DPO)/Compliance Manager: Responsible for overseeing data retention practices and ensuring compliance with this policy.
  • IT Department: Ensures that secure storage, encryption, access controls, and deletion mechanisms are in place.
  • Department Heads: Ensure that departmental data handling practices adhere to this policy.
  • All Employees: Must follow this policy and report any data management issues or breaches to their supervisor or the DPO.

8. Compliance and Auditing

The Company will conduct regular audits to ensure adherence to this Data Retention Policy. Non-compliance with the policy may result in disciplinary action and potential legal consequences. External audits may also be conducted to verify compliance with regulatory requirements.

9. Policy Review and Updates

This policy will be reviewed annually or whenever significant changes occur in business practices, technology, or legal/regulatory requirements. Updates and revisions must be approved by the Designated Authority.

10. Questions and Reporting

For any questions regarding this policy or to report a potential data retention issue, please contact the Data Protection Officer at:
Email: info@tinybazar.in

Free Shipping

Enjoy free shipping on all orders

Product Replace

Easy Product Replacement Available!

Emi Available

No cost EMI available on all major credit cards

24/7 Support

Dedicated 24/7 support via chat and email