1. Purpose
This policy outlines how Digital Media Partner manages the retention, storage, and disposal of records to ensure compliance, operational efficiency, and data security. It aligns with GDPR, UK Data Protection Act 2018, and industry best practices.
2. Scope
Applies to all physical and digital records created, received, or maintained by the business, including:
- Client & Project Data
- Marketing & Performance Records
- Financial & Legal Documents
- Internal Operational Documents
3. Retention Periods
Records are categorised based on their type, usage, and legal requirements.
| Record Type | Retention Period | Reason for Retention | Disposal Method |
|---|---|---|---|
| Client Contracts & Agreements | 6 years from contract end | Legal & compliance | Secure deletion/shredding |
| Project Files (Creative & Content Assets) | 3 years after project completion | Reference & portfolio use | Archive or delete |
| Marketing Performance Data (SEO, PPC, Social, Analytics Reports) | 2 years | Trend analysis & reporting | Automatic deletion |
| Client Communications (Emails, Proposals, Briefs) | 3 years | Reference for future projects | Archive then delete |
| Financial Records (Invoices, Tax, Payroll) | 6 years | HMRC compliance | Secure deletion |
| Employee Records (HR Files, Payroll, Contracts) | 6 years post-employment | Legal & payroll compliance | Secure deletion |
| Internal Documents (Policies, SOPs, Strategy Docs) | Until superseded | Operational efficiency | Archive old versions |
| Leads & Prospect Data (CRM & Outreach Lists) | 12 months (if no engagement) | GDPR compliance | Automatic deletion |
| Website & CRM Data (User Registrations, Contact Forms) | 12 months | GDPR compliance | Anonymisation or deletion |
4. Storage & Security
- Records are stored in Microsoft Cloud, Monday.com project management systems, WhatConverts Lead Management, DocuSign Contract Dashboard and Quickbooks financial platform.
- Access is restricted based on roles to prevent unauthorised access.
- Sensitive data is encrypted and backed up regularly.
5. Disposal & Deletion
- Physical records: Shredding for confidential documents. (DMP adopts a digital-only policy)
- Digital records: Secure deletion and, where applicable, anonymisation to retain analytical value without personal data.
- Automated deletion workflows will be configured in CRM, Micorsoft Cloud, and financial systems to comply with retention periods.
6. Compliance & Auditing
- Annual retention reviews ensure data is managed efficiently.
- All employees handling records receive GDPR and data handling training.
7. Exceptions
Any exceptions to this policy must be approved by management and justified based on legal or operational requirements.
