This policy outlines the obligations of MOBIETRAIN NV (βus/we/ourβ) regarding how we retain, review, and destroy data under our custody or control. It applies to everyone in our organization, including officers, employees, agents, and subcontractors.
We retain data in various places:
Our own servers
Third-party servers
Email accounts
Desktops and employee-owned devices (BYOD)
Backup storage
Paper files
This policy applies equally to paper and electronic media. The retention period begins once a record is closed.
βοΈ Compliance with Data Protection Regulations
We comply with the General Data Protection Regulation (GDPR), ensuring personal data is:
Processed lawfully, fairly, and transparently
Collected for specific and legitimate purposes only
Adequate, relevant, and limited to what is necessary
Accurate and kept up to date
Retained only as long as necessary
Secured against unauthorized access, loss, or damage
Personal data includes any information relating to an identified or identifiable person, such as names, ID numbers, location data, or online identifiers.
π Security and Storage
All personal data is securely stored to avoid misuse or loss, following our IT Security Policy. We use procedures and technologies to protect data from collection to destruction. Data processors must comply with these measures. For example, we use Google Cloud services to maintain confidentiality, integrity, and availability:
Confidentiality: Only authorized users access the data
Integrity: Data is accurate and suitable
Availability: Authorized users can access data when needed
β³ Retention Periods
We do not keep personal data longer than necessary. Our general retention period is 4 years, but specific data types have tailored periods:
Type of Data | Data Subject | Processing Purpose | Retention Period | Review Frequency |
Customers | Contract data | Legitimate | 4 years (minimum contract length) | Yearly |
Business Contacts | Sales data | Legitimate | 2 years | Yearly |
Employees | Contract data | Legitimate | 4 years (minimum contract length) | Yearly |
Contractors | Contract data | Legitimate | 4 years (minimum contract length) | Yearly |
Potential Employees | Recruiting data | Legitimate | 2 years | Yearly |
Occasionally, historic personal data may be retained longer due to contractual obligations, litigation, or disaster recovery.
ποΈ Destruction and Disposal
When retention periods expire, records are securely destroyed:
Confidential and sensitive records are deleted or shredded
Less critical records may be deleted or anonymized
Non-confidential records may be recycled
Our CEO and CTO oversee this process to ensure compliance and proper handling.