1. Scope
1.1. This policy is to be consulted when data retention or disposal of personal information is being
considered or conducted. All Aspirant’s records as they relate to the Bright Sky application and
website, whether paper or digital are subject to the retention and disposal requirements of this
policy.
1.2. Data Privacy Laws provide that personal data cannot be retained longer than is reasonably
necessary to fulfil the purpose that such data was originally collected. It is Aspirant’s intention to
retain little to no personal data about the users of the Bright Sky application.
1.3. There are also circumstances in which personal data must be destroyed at the request of the
persons to whom such personal data relates.
1.4. This policy may be updated from time-to-time at Aspirant’s discretion.
2. Responsibilities
2.1. The following roles are responsible for retention of these records because they are the information
asset owners.
2.2. Asset owners are responsible for ensuring that all personal data is collected, retained and
destroyed in line with the requirements of the Data Privacy Laws.
2.3. The IT Manager is responsible for managing the secure disposal of all storage media.
2.4. The Privacy Officer is responsible for oversight of storage of data in line with this procedure.
2.5. The Privacy Officer is responsible for oversight of disposal of data.
3. Retention of Data
3.1. Records includes both operational data or historical data which are in electronic or non-electronic
formats, for example emails, hard copy documents, soft copy documents, video and audio and
data generated by physical access control systems
3.2. The required record type, retention periods and responsibility of all personal data is recorded in
the Retention and Disposal Schedule under the following categories:
(a) Personal Data Record Category
(b) Retention period required by law
(c) Aspirant’s retention period
(d) Retention period to start from (at creation, submission, payment, etc.)
(e) Retention period justification
(f) Format of Retention
(g) Record Owner
(h) Disposal method
(i) Comments
3.3. Any personal data that Aspirant gathers will be retained only for as long as is necessary for us to
carry out the particular purpose of the processing set out in the privacy notice or privacy policy
associated with the particular personal data being gathered.
3.4. Each data asset that is stored is marked programmatically with the name of the record, the record
type, the date of storage, the required retention period, the planned date of destruction, and any
special information unique to that data asset.
4. Disposal of Data
4.1. Data cannot be kept in a form which permits the identification of any person for longer than
needed for the legitimate business purpose or purposes for which Aspirant originally collected it
including for the purpose of satisfying any legal, accounting or reporting requirements.
4.2. On at least an annual basis, the Privacy Officer and the IT Manager will review the retention
periods of all personal data, and will identify any data that is no longer required in the context of
the registered purpose.
4.3. The Privacy Officer is responsible for oversight of the disposal of data once it has reached the
end of the retention period.
4.4. Destruction must be completed within 30 days of the planned retention period. Destruction is
handled as follows:
(a) Disposal of personal information must be by a method that ensures no possibility of
reconstructing the contents.
(b) Documents containing confidential and restricted information that are to be destroyed are
shredded, using a shredder with an appropriate security classification. The waste is
removed by the approved contractor.
(c) Physical records should be disposed of in-house by cross-cut shredding with an
appropriate security classification and placed into locked rubbish bins for collection by an
approved disposal firm. In some instances, a professional shredding service may need to
be employed to ensure the security of personal information.
(d) Simply deleting electronic records does not satisfy destruction.
(e) Emails are deleted within 24 hours of being sent from the mailbox, according to system
retention settings. These emails are permanently deleted at that time. The system will be
reviewed manually by Bright Sky support on a monthly basis to ensure the deletion
schedule is being followed.
(f) All virtual machine and database backups will be reviewed quarterly to ensure that the
deletion schedule is being followed.4.5. The retention period may be prolonged where:
(a) Aspirant must retain the record under applicable law;
(b) Aspirant is being investigated on an ongoing basis by authorities to prove compliance with
any legal requirements;
(c) Aspirant is exercising legal rights in cases of law suits or similar court proceedings; or
(d) The date is required for archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes.
Where personal data is retained beyond the intended processing period, such processing must
be justified, minimised, encrypted and/or pseudonymised in order to protect the identity of the
individuals in the event of a personal data breach.
4.6. If a valid subject erasure request is received by Aspirant and no exemption applies then Aspirant
will have to take steps to ensure erasure from back-up systems as well as live systems is
conducted.
5. Record
A Retention and Disposal Schedule is retained showing what records or media were destroyed
and/or disposed of, and when. The Retention and Disposal Schedule is adjusted once the records
or storage media have been disposed of.
Last Updated June 2020
Personal Data Record Category |
Retention Period Required By Law |
Aspirant's Retention Period |
Retention period to start from (at creation, submission, payment, etc) |
Retention Justification |
Format of Retention and Location |
Record Owner |
Disposal Method |
Comments |
Anonymized Customer ID Setting |
n/a |
Perm |
n/a |
Required to facilitate certain settings being retained between uses of the app |
Database |
Bright Sky Support |
n/a |
|
Customer Language Settings |
n/a |
Perm |
n/a |
Required to facilitate certain settings being retained between uses of the app |
Database |
Bright Sky Support |
n/a |
|
Covert Setting |
n/a |
Perm |
n/a |
Required to facilitate certain settings being retained between uses of the app |
Database |
Bright Sky Support |
n/a |
|
Bright Sky Mailbox Contents |
n/a |
1 hour |
Submission |
Reasonable length of time to ensure proper deletion of private emails |
Email |
Bright Sky Support |
Permanently deleted email |
|
Media taken through the app and email send through the app |
n/a |
5 minutes |
submission |
Reasonable length of time to ensure proper deletion of media taken through the app and emails sent through the app |
Email |
Bright Sky Support |
Permanently deleted |
The type of phone and user settings may make programmatic deletion of media impossible through the Bright Sky. Further, Media taken outside of the app are not able to be programmatically deleted from the app. For this reason, Users are strongly encouraged to ensure that the media hasn’t been added to the camera roll through user action |
Customer Actions |
n/a |
1 year |
When action taken |
For analytics |
Database |
Bright Sky Support |
Programmatically Deleted |
|
Backup of Databases |
n/a |
1 year |
At creation of the backup |
Business Continuity |
Azure cloud, in West Europe |
IT Manager |
Programmatically Deleted |
|
Backup of Virtual Machine |
n/a |
1 year |
At the creation of the backup |
Business Continuity |
Azure cloud, in West Europe |
IT Manager |
Programmatically Deleted |
|