Retention of Personal Data
The Compliance Institute is obliged to retain certain information to ensure accuracy, to help maintain quality of service and for legal, regulatory, fraud prevention and legitimate business purposes.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and the sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general, we hold Personal Data of our members for as long as are members are a member of the Compliance Institute unless you tell us your data is out of date or the purposes for which it is processed have ceased or where the Compliance Institute is subject to legislation and regulatory rules which we must follow. Other information will be retained for no longer than is necessary for the purpose for which it was obtained or as required. In general, the Compliance Institute will hold this information for a period of up to seven years after termination of the relevant agreement between you and us.
We will review your Personal Data regularly to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your Personal Data except that we will retain your Personal Data in an archived form in order to be able to comply with future legal obligations eg, compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
When it is no longer necessary for us to hold your Personal Data, we will securely destroy it in accordance with applicable laws and regulations.