Overview and scope
This policy covers the retention of data relating to Hedgebook’s customers and their users. A separate policy covers Hedgebook’s retention of other data.
This policy covers data held in the Hedgebook Software Platform as well as paper records, emails (held on both server or devices) and in other electronic data storage systems.
General Retention Policy
Hedgebook Software Platform
Data inside the Hedgebook Software Platform, including deals, client information, user details (including limited Personally Identifiable Information) will be held for the duration that the client maintains a Hedgebook Subscription.
When a user is removed from the system, but the client has retained a subscription, Hedgebook will maintain the users details as they provide an important part of the audit record from the clients account perspective.
At termination of a subscription all data will be either anonymised or deleted. Anonymised data will not contain Personally Identifiable Information (PII) or information to link data with the client.
Email communications will be retained as business communications for up to seven years. Where the content of the email still has a relevant business purpose (e.g. provides details of an ongoing customer engagement) it may be kept longer. Email with little or no enduring information value may be deleted earlier.
Paper records relating to client data
Paper records should in general be kept to a minimum and securely destroyed. Paper records should be scanned or converted by other means and stored with other electronic data if longer term storage is required. E.g. where a deal confirmation is supplied to Hedgebook as a paper record it should be entered into Hedgebook Software Platform and the paper record destroyed.
Other electronic data storage systems
Where customer data is stored in another storage system, e.g. as part of processing instructions in the company wiki, this data should be removed once the client ends their subscription with Hedgebook.
The Hedgebook system generates log files which may contain customer information. These files should be purged either by automatic process or by regular manual process. Unless the information is required to support an investigation of an incident then log files should not be kept for more than six months.