1. Purpose This policy establishes guidelines for the retention, storage, and disposal of business records to ensure compliance with regulatory requirements, protect sensitive data, and support operational needs.
2. Scope This policy applies to all records, whether physical or digital, created or received by CrediSure Financial Technologies Ltd, including: Credit Rating and Risk Assessment Reports Loan and Debt Reports Compliance and Regulatory Documents Internal Business and Financial Records
3. Retention Periods Records will be retained based on regulatory requirements, business needs, and industry best practices. Record Type Retention Period Reason Credit Rating & Risk Assessments 6 years Compliance & audit requirements Loan & Debt Reports 7 years Legal compliance & dispute resolution Regulatory Compliance Records 7 years Compliance with data protection laws Internal Business Records 5 years Operational efficiency Employee Records 6 years after termination Employment laws & legal claims protection.
4. Data Protection & Security Confidentiality: All records must be stored securely, whether in physical or electronic format. Access Control: Only authorized personnel may access sensitive records. Encryption & Backups: Digital records must be encrypted and backed up regularly.
5. Disposal of Records Physical Records: Secure shredding or incineration. Digital Records: Permanent deletion following data erasure standards.
6. Legal & Regulatory Compliance This policy complies with: GDPR & Nigeria Data Protection Act 2023
7. Review & Amendments This policy will be reviewed annually and updated as necessary to reflect regulatory changes and business needs.