Data Retention Policy

Introduction This Data Retention Policy outlines the principles and procedures for retaining and managing customer data, transaction records, and other related information within [Goingdigitally] ("Company", "We", or "Us"). This policy is designed to ensure compliance with applicable data protection laws, optimize data storage, and safeguard customer privacy.

Purpose of Data Retention GoingDigitally retains data to:
Provide recharge services (e.g., mobile, utilities). Maintain accurate records for billing, customer support, and transaction history. Comply with legal and regulatory requirements. Improve service quality and support internal business operations (e.g., analytics, fraud detection).

Types of Data Collected Going Digitally collect and process the following types of data:
Personal Information: Name, contact details, payment methods, address, etc.
Transaction Data: Recharge amounts, time, method, transaction ID and service details.
Usage Data: Account activity, recharge history, device information, IP addresses.
Payment Data: Credit card details, payment processor data (stored in compliance with PCI DSS if applicable).
Support Data: Correspondence with customer service, dispute records, and feedback.

Retention Periods Data retention periods are defined based on the type of data, legal requirements, and business needs:
Personal Information: Retained for a maximum of 1 year after the last transaction or customer activity. Data will be anonymized or deleted upon request, subject to applicable legal requirements.
Transaction Data: Retained for a minimum of 1 year to comply with financial and taxation regulations. This may vary depending on jurisdiction (e.g., 5-7 years in most regions).
Payment Data: Retained only as long as necessary for processing payments or resolving disputes, but not exceeding 1 year. Data is stored securely in compliance with PCI DSS (if applicable).
Customer Support Data: Retained for 1 year following the closure of the support case or dispute resolution.
Usage Data: Retained for a period of 1 months to help with service improvements, fraud prevention, and analytics.
Marketing Data: Retained only if the customer has opted in to receive marketing communications. This data will be retained until the customer opts out or withdraws consent.

Data Disposal When data reaches its retention period or is no longer needed for business purposes, the Company will securely dispose of the data by: Deletion: Permanently removing data from all systems. Anonymization: If data needs to be kept for analytical purposes, it will be anonymized to remove personally identifiable information. Destruction: If data is stored physically (e.g., backup tapes, paper records), the data will be securely shredded or destroyed.

Legal Compliance GoingDigitallywill ensure that all data retention practices comply with relevant local and international laws, including:

• General Data Protection Regulation (GDPR) (for EU customers).
• California Consumer Privacy Act (CCPA) (for California residents).
• Payment Card Industry Data Security Standard (PCI DSS) (for payment data).
• Data Protection Act 2018 and other applicable laws based on jurisdiction.
• Where data retention requirements are influenced by legal or regulatory obligations, the Company will prioritize compliance over business needs. For example, certain data may need to be retained for longer periods for tax, audit, or legal investigation purposes.

Data Subject Rights Customers have the right to:

• Request access to their data.
• Request correction or updating of their personal information.
• Request the deletion or anonymization of their data when it is no longer required for the purposes for which it was collected.
• Withdraw consent to process personal data at any time (if applicable).
• Requests to exercise these rights will be addressed in compliance with applicable privacy laws.

Security Measures GoingDigitally employs industry-standard security measures to protect retained data, including:
Encryption: Data is encrypted at rest and during transmission.
Access Controls: Only authorized personnel have access to sensitive data.
Regular Audits: Periodic security audits to detect vulnerabilities and ensure compliance.

Retention and Disposal Process:- Data is regularly reviewed for relevance and necessity. When data reaches the end of its retention period, it is flagged for deletion or anonymization. The Company keeps a log of data disposal activities for audit purposes.

Review and Updates:- This policy will be reviewed annually and updated as necessary to ensure continued compliance with legal requirements and business needs.

Contact Information For any questions or concerns regarding this policy, or if you wish to exercise your data rights, please contact:
Data Protection Officer (DPO): +91 89827 38844
Customer Support: helpgodigi51@gmail.com
Key Considerations: Jurisdictional Requirements: The retention periods and practices should be customized according to the relevant legal requirements based on the company's geographic location and customer base.
Security: Emphasis on encryption and access control is crucial given the sensitivity of financial and personal data.
Transparency: Be clear with customers about how their data will be used, retained, and disposed of.
Auditability: Establish a process to ensure that data retention and disposal are regularly reviewed and auditable.

This policy will help ensure your company meets compliance requirements while maintaining the privacy and security of your customers' data.