Data Deletion Policy

Periodic Review Procedure

1.1 Corporate Team conducts an annual assessment to determine if there are any conditions that require their deletion or destruction, in accordance with this policy, contracts and/or applicable laws.

1.2 The responsibility for carrying out this review process lies with the Compliance Team, which reports in written on the relevant GDPR Register.

Destruction

2.1 The Data Controller has established procedures and methods for the secure destruction of data to comply with applicable regulations:

• Personal data, confidential information, or other sensitive information stored in digital format undergo secure deletion or anonymization procedures.
• Personal data, confidential information, or other sensitive information stored on electronic and/or mobile devices undergo secure deletion procedures. If this is not possible, the Data Controller ensures the physical destruction of the device.
• Personal data, confidential information, or other sensitive information stored on paper undergoes a shredding procedure. The resulting waste is subsequently collected at regular intervals by authorized personnel for disposal.
• Prior to the termination of any employment or consultancy relationship, employees/contractors are required to surrender all devices and provide any accounts with passwords or storage media on which personal data may have been saved.

2.2 The internal IT department is responsible for implementing the deletion and destruction procedures.

2.3 Data subjects may request information regarding the completion of the deletion process. The Data Controller will respond in a timely manner, considering the relevant procedure and the specific circumstances of the case, through written communication.

2.4 Further information regarding these procedures can be requested by data subjects through written communication addressed to the Data Protection Officer (DPO).