Legal
Data Retention Policy
Last updated: 11 July 2026
1. Introduction and Purpose
This Data Retention Policy (the "Policy") explains how [LEGAL ENTITY NAME] ("we", "us", or "our"), operating the website godoscertificationinfo.com from [JURISDICTION], collects, stores, retains, and disposes of personal and business data relating to individuals and organisations who contact us or use our consulting services.
We provide independent consulting services to advertisers worldwide seeking Google Government Documents and Services (GODOS) certification and related advertising compliance support. We are not affiliated with, endorsed by, or acting on behalf of Google or any government body.
The purpose of this Policy is to ensure that we retain data only for as long as necessary, comply with applicable data protection laws, and dispose of data securely once it is no longer required. This Policy should be read together with our Privacy Policy.
- Define the categories of data we retain.
- Establish clear retention periods for each category.
- Explain how individuals may request deletion of their data.
- Describe our secure disposal practices.
2. Scope
This Policy applies to all personal data and business information processed by [LEGAL ENTITY NAME] in the course of operating godoscertificationinfo.com, regardless of the format in which it is held or the location from which it is accessed.
It applies to all employees, contractors, and third-party service providers who handle data on our behalf. Any such parties are required to comply with the retention and disposal standards set out in this Policy.
- Data submitted through website enquiry and contact forms.
- Email correspondence and attachments.
- Records created during the delivery of consulting services.
- Data held by our authorised third-party processors.
3. Categories of Data We Retain
We retain different categories of data depending on how you interact with us. We aim to collect and keep only the information that is relevant and necessary for our legitimate business purposes.
- Enquiry data: name, email address, phone number, company name, and the content of messages submitted through contact or enquiry forms.
- Email correspondence: emails you send to or receive from us, including attachments and thread history.
- Client engagement records: information relating to policy audits, ad-copy compliance reviews, landing-page optimisation, and verification assistance.
- Billing and transactional records: invoices, payment confirmations, and related financial documentation (where applicable).
- Technical data: limited website analytics and log data collected in accordance with our Privacy Policy.
- Consultation notes: records created during ongoing compliance consulting and suspension appeal work.
4. Purposes of Retention
We retain data to enable us to respond to enquiries, deliver our consulting services effectively, maintain accurate business records, and comply with legal and regulatory obligations.
We do not retain data indefinitely and do not use retained data for purposes incompatible with those for which it was originally collected.
- Responding to and following up on enquiries.
- Providing and administering consulting services.
- Meeting legal, tax, accounting, and regulatory requirements.
- Resolving disputes and defending legal claims.
- Improving the quality and security of our services.
5. Retention Periods
We retain each category of data for a defined period, after which it is securely deleted or anonymised unless a longer retention period is required by law or to protect our legitimate interests. The periods below are placeholders to be confirmed following legal review.
Where the same data serves multiple purposes with different retention requirements, we apply the longest applicable retention period.
- Enquiry data (non-converted enquiries): retained for [12 MONTHS] from last contact.
- Email correspondence: retained for [24 MONTHS] from the date of the last exchange.
- Client engagement and consultation records: retained for 24 months following the conclusion of the engagement.
- Billing and transactional records: retained for 24 months to satisfy tax and accounting obligations in [JURISDICTION].
- Website analytics and technical logs: retained for 24 months.
- Marketing consent records: retained for 24 months or until consent is withdrawn.
6. Legal Basis and Obligations
Our retention practices are guided by the principle of data minimisation and the requirement not to keep personal data longer than necessary. Retention periods may be extended where required to comply with statutory obligations in [JURISDICTION] or in other jurisdictions where our clients are located.
Where a legal, regulatory, or accounting obligation requires a specific minimum retention period, that obligation will take precedence over the standard periods set out in this Policy.
- Compliance with applicable tax and financial record-keeping laws.
- Compliance with applicable data protection and privacy laws.
- Preservation of records relevant to actual or anticipated legal proceedings.
7. Deletion on Request
Subject to applicable law, you have the right to request that we delete personal data we hold about you. We will assess each request and, where no overriding legal obligation or legitimate interest requires continued retention, we will delete the data within a reasonable timeframe.
To make a deletion request, please contact us at [CONTACT EMAIL]. We may ask you to verify your identity before actioning any request in order to protect against unauthorised disclosure or deletion.
- Submit your request in writing to [CONTACT EMAIL].
- Provide sufficient detail to allow us to identify the relevant data.
- We will confirm receipt and respond within [NUMBER] days, subject to identity verification.
- We will inform you if any data must be retained to meet a legal obligation, and explain the reason.
8. Data We May Be Unable to Delete
In certain circumstances we may be legally required or otherwise entitled to retain data even after a deletion request. In such cases, we will restrict processing of that data to the retention purpose only and delete it once that purpose has been fulfilled.
- Records required to comply with tax, accounting, or regulatory obligations.
- Data necessary to establish, exercise, or defend legal claims.
- Information contained in backups that will be overwritten in the ordinary course of our backup cycle.
9. Secure Storage During the Retention Period
Throughout the retention period, we store data securely and apply appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, loss, or destruction.
Access to retained data is limited to personnel and authorised processors who require it to perform their duties.
- Access controls and authentication for systems holding personal data.
- Encryption of data in transit and, where appropriate, at rest.
- Confidentiality obligations for staff and third-party processors.
- Regular review of stored data to identify records eligible for disposal.
10. Secure Disposal
When data reaches the end of its retention period or is subject to an approved deletion request, we dispose of it securely so that it cannot be reconstructed or recovered.
Disposal methods vary depending on the format of the data and the systems in which it is held.
- Permanent deletion of electronic records from active systems.
- Secure erasure or destruction of storage media where applicable.
- Removal of data from backups in accordance with our backup rotation schedule.
- Instructing third-party processors to delete or return data held on our behalf.
- Secure shredding of any physical documents containing personal data.
11. Third-Party Processors
We may use trusted third-party service providers, such as email, hosting, analytics, and payment providers, to help us operate our business. Where these providers process data on our behalf, we require them to apply retention and disposal standards consistent with this Policy.
We take reasonable steps to ensure that such providers have appropriate data protection safeguards in place and delete data when it is no longer required.
- Providers are bound by contractual data protection obligations.
- Providers are required to delete or return data on termination of services.
- We periodically review the retention practices of our key processors.
12. Review and Updates
We will review this Policy periodically and update it as necessary to reflect changes in our business practices, technology, or legal requirements. Material changes will be published on this page with a revised effective date.
This document is a template intended for review by a qualified legal adviser in [JURISDICTION] before publication. Placeholder values must be confirmed and finalised prior to launch.
- Policy effective date: 11 July 2026.
- Last reviewed: 11 July 2026.
- Scheduled for review: 11 July 2026.
13. Contact Us
If you have any questions about this Data Retention Policy, wish to exercise your data rights, or would like to request deletion of your data, please contact us using the details below.
- Legal entity: [LEGAL ENTITY NAME]
- Registered address: [REGISTERED ADDRESS]
- Jurisdiction: [JURISDICTION]
- Email: [CONTACT EMAIL]