At CrossClassify, we are committed to protecting the privacy and integrity of the data we handle, while adhering to applicable legal and regulatory requirements. This Data Retention Policy outlines how long we retain different categories of data and the processes we follow for data disposal.

1. 1.

   Data Retention Periods

   We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. The retention period varies depending on the type of data and the legal, operational, and business requirements.

   • •

     Customer Data: Personal data collected during interactions with our clients is retained for the duration of the customer relationship and for up to 6 months after account termination, unless required otherwise by law or contractual obligations.

   • •

     Transaction Data: Information related to fraudulent activities, transactions, and account monitoring is retained for up to 7 years, depending on regulatory and business needs.

   • •

     Log Data: Activity logs and system-generated data are stored for a period of 12 months to enable detailed audits, security investigations, and performance analysis. After this period, data may be anonymized or securely deleted.

   • •

     Backup Data: Backups of all data are maintained securely for 90 days to ensure data recovery in case of system failure, after which the data is permanently deleted or overwritten.

2. 2.

   Compliance with Legal and Regulatory Obligations

   We comply with all applicable legal and regulatory requirements, including GDPR, and other relevant data protection laws. Depending on these requirements, some categories of data may be retained for longer periods to fulfill auditing, reporting, or legal obligations.

3. 3.

   Data Anonymization and Deletion

   Once the data retention period has expired, personal data is either securely deleted or anonymized, depending on the type of data and its sensitivity. Anonymized data may be retained for research, statistical analysis, or fraud detection purposes without further notice.

4. 4.

   Data Disposal Procedures

   • •

     Electronic Data: Data is securely erased from our systems and any backups using industry-standard data destruction methods to prevent unauthorized recovery.

   • •

     Physical Data: Any printed or written records containing personal information are shredded or otherwise destroyed to ensure confidentiality.

5. 5.

   User Rights

   Individuals have the right to request access to, correction of, or deletion of their personal data at any time, subject to our legal and contractual obligations. To exercise these rights, please contact our Data Protection Officer at [DPO contact information].

6. 6.

   Regular Review

   This policy is reviewed regularly and updated to ensure compliance with evolving legal and regulatory requirements. Updates to this policy will be communicated to our clients and partners as required.