Data Retention Policy

Introduction

Due to legislative and regulatory requirements, Calzada Media Limited is required to record and retain certain details about every communication activity to and from our network. This policy details what records we store (or retain), how we store, where we store them and for how long.

This policy may be revised, without notice, at any time and at the discretion of Calzada Media Limited. Typically, this policy may be amended to reflect any possible legislative or regulatory changes.

If you have any questions about this or any other policy please contact us.

Legal Requirements

As a UK company with all of our servers located within the UK, we are subject to a number of legislative and regulatory requirements that define data retention requirements and their disclosure. These include the Regulation of Investigatory Powers Act 2000, the Communications Act 2003, the Data Retention Regulations 2009, and the Data Retention Regulations 2014.

What data is retained or stored?

Under the Data Retention Regulations 2009, we are required to retain data necessary to:

  • Trace and identify the source of a communication
  • Identify the destination of a communication
  • Identify the date, time and duration of a communication
  • Identify the type of communication (i.e. email message, webpage request)

The majority of communication to and from our servers is either email messages of website visits.

For email, we record:

  • The address of the sender
  • The address of the recipient
  • The message subject line
  • The date and time the message was received by our servers and all subsequent occasions when it is accessed.

For website traffic, we record:

  • The date and time of the request
  • The client's IP address
  • The requested website address
  • Details of the clients web browse (the UserAgent)
  • Any Referer information

What data is not recorded?

We do not record or log the contents of a communication. For example, whilst we record the subject of a message, we do not record the message's content (the body).

Where is data stored and for how long?

Initially, the data is stored on the relevant server involved in the communication. As part of our standard maintenance cycle, we archive this data on a monthly basis with the generated archives being stored off-server in a secure location.

We are required to retain data for 12 months from the data of communication. After 12 months, the data is deleted.

Who may access retained data?

Internally, access to the retained data is limited to personnel for diagnostic or troubleshooting purposes.

Access to data by external parties is defined under the Regulation of Investigatory Powers Act 2000. We will only provide access to external or third parties when legally required to do so by defined UK authorities.

Backups

We consider backups to be completely separate from our data retention requirements. We do not allow access to backups unless legally compelled.

Possible & Future Changes

Following the 2015 General Election, there are indications the Communications Data Bill (sometimes referred to as the Snooper's Charter) is to be revived. This bill includes proposals that extend beyond what is already required by the Data Retention Regulations 2014.

Alexander JohnOver 15 years experience with all things IT, Internet & Web for companies small and large. Microsoft Certified IT Professional (MCITP), MIET, MBCSDirectorCalzada Media Limited
Please wait, loading ...
Copyright © 2011 - 2017 Calzada Media Limited. All Rights Reserved.