Introduction
Bedstone Holding B.V. includes several B.V. entities. These entities may process personal data. The protection of personal data is of vital importance to us. Personal data of (end) customers, employees, suppliers and other stakeholders are treated and protected with the utmost care. This policy concerns all the entities that fall under the Bedstone Holding B.V.
Why this policy?
In accordance with the GDPR, personal data should not be processed longer than necessary. This legal obligation is also known as the obligation of storage limitation.
The GDPR states:
Personal data shall be (…) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
In some cases it is laid down by law how long personal data must be kept (at least). In some cases, an organization itself must determine the criteria under which personal data are stored.
The overviews below indicate the storage period for each processing activity within our organization. If personal data are subject to different storage terms, the longest storage term is normally used for each processing activity. The data processing activities and retention periods correspond with the data processing register, but are specifically focused on the retention periods and the (legal) explanation why we maintain this retention period.
Is deviation from this policy possible?
In some case-by-case situations, it is possible that, this policy is deviated from. This could, for example be with the consent of the person concerned. When is being decided to deviate from this policy, there must be a clear necessity to do so and this necessity should be well documented. In all cases, legal retention periods have to be met.
Missing any data and/or not sure which retention period you should use?
Please contact the @data-retention-keeper. This policy is written with the utmost care, but can of course be subject to change if necessary.