The Global Convening on Crisis and Care (“we,” “our,” or “us”) is committed to managing and protecting personal data responsibly. This Data Retention Policy outlines how we retain, store, and securely delete personal information collected through our website, event registrations, and other interactions, in line with legal requirements and organisational best practices.
1. Purpose
The purpose of this policy is to specify the types of data we collect, the retention period for each type of data, and our procedures for safely storing and disposing of personal data. This ensures that we comply with data protection regulations, protect the privacy of our users, and manage data responsibly.
2. Scope
This policy applies to all personal data collected, processed, and stored in relation to our convening, including registration, communications, and website analytics.
3. Data Retention Periods
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, as described below:
• Event Registration Data (e.g., name, email, phone number): Retained for up to one year following the event date to facilitate post-event communications, feedback, and future event planning.
• Communications Data (e.g., email enquiries, support requests): Retained for up to one year after the inquiry is resolved, unless ongoing communication is required.
• Mailing List Information (e.g., names, emails for newsletter subscribers): Retained until you opt out of receiving communications. You may unsubscribe at any time, and we will promptly delete your data from our mailing lists.
• Financial and Payment Information (if applicable, e.g., donations, event fees): Retained for seven years to comply with financial and auditing regulations, after which it will be securely deleted or anonymised.
• Website Analytics Data (e.g., IP addresses, usage statistics): Retained for six months to assess website performance and user engagement, after which it will be anonymised or securely deleted.
4. Data Security and Storage
We take reasonable measures to protect personal information, including:
• Encryption: Where possible, sensitive data (such as payment information) is encrypted.
• Access Control: Only authorised personnel have access to personal data stored in our systems.
• Secure Storage: Data is stored on secure servers and/or secure cloud platforms, with measures in place to protect against unauthorised access.
5. Data Disposal and Deletion
Once personal data reaches the end of its retention period, it will be deleted or anonymised in a secure manner. We follow these methods to ensure safe data disposal:
• Automated Deletion: Data stored in electronic formats will be deleted automatically where possible.
• Manual Review and Deletion: If data cannot be automatically deleted, it will be reviewed and securely erased by authorized staff.
6. Data Subject Rights
In accordance with data protection regulations, individuals have certain rights regarding their personal data, including the right to request deletion or correction. Requests can be made by contacting us at <contact email>. We will respond to data subject requests within a reasonable timeframe.
7. Policy Review and Updates
This policy will be reviewed periodically to ensure compliance with legal requirements and best practices. Changes to the policy will be posted on our website, and the “Last Updated” date will reflect any revisions.