On this page
1. Purpose
This policy explains how long AAA i Services (UK) Limited (trading as iSolutionhub) keeps different categories of personal data and the processes we use to securely delete or anonymise data in line with the UK GDPR and the Data Protection Act 2018.
2. Scope & Principles
- Data minimisation: we only keep what we need.
- Storage limitation: we retain data no longer than necessary for stated purposes.
- Security: we protect retained data with appropriate technical and organisational measures.
3. Legal Basis
Retention is based on one or more of: contract, legal obligation (e.g., tax law), legitimate interests (e.g., fraud prevention), and consent (e.g., marketing — which you can withdraw at any time).
4. Retention Schedule
| Data Category | Examples | Purpose | Typical Retention | Deletion Method |
|---|---|---|---|---|
| Account & Profile | Name, email, phone, login history | Provide services; security; support | For life of account + 24 months | Secure delete or anonymise |
| Billing & Transactions | Invoices, payments, refunds | Accounting; tax; fraud prevention | 6 years (UK tax) | Secure delete post-retention |
| Support Tickets | Email threads, attachments, logs | Resolve issues; audit trail | 36 months | Secure delete or redact |
| Marketing & Comms | Newsletter lists, preferences | Send updates with consent/soft opt-in | Until opt-out + 24 months suppression | Remove from lists; keep suppression list |
| Web & App Logs | IP, user agent, API logs | Security, debugging, uptime | 12–24 months | Log rotation & deletion |
| KYC/Compliance (if applicable) | ID docs, checks | AML/KYC obligations | 5 years from end of relationship | Secure delete |
| Contracts & Legal | Agreements, addenda | Contract management; defence of claims | Term + 6 years | Secure delete |
| Recruitment | CVs, interview notes | Hiring; future opportunities | 12 months (or consent for longer) | Secure delete or anonymise |
| Cookies | Analytics IDs, preferences | Site functionality & analytics | Per Cookie Policy | Expiry-based deletion |
Note: Periods may vary by jurisdiction, product, or regulatory changes. Where multiple obligations apply, we keep data for the longest required period.
5. Backups & Archives
- Encrypted backups are retained on rolling schedules (e.g., daily, weekly, monthly).
- When production data is deleted, it will phase out of backups during the normal rotation window.
- We do not restore backups for individual deletion requests except where required by law.
6. Deletion & Anonymisation
- We follow documented procedures to securely delete or irreversibly anonymise personal data once the retention period expires.
- Anonymised data may be retained for analytics or service improvement.
- Deletion propagates to relevant systems and sub-processors where applicable.
7. Your Rights & Requests
You can request access, correction, deletion, restriction, or portability of your personal data. For deletion (“right to be forgotten”), we will remove personal data unless we must retain it for legal obligations or legitimate interests (e.g., accounting records, fraud prevention).
Contact: info@leap-tel..co.uk. We aim to respond within one month as required by UK GDPR.
8. Legal Holds
If data is subject to a legal hold (e.g., litigation, regulator request), deletion will be paused until the hold is lifted.
9. Sub-processors
Where third parties process data for us, they follow our retention instructions under the DPA. See our current Sub-processor List.
10. Review
This policy is reviewed at least annually and updated to reflect regulatory or operational changes.
11. Contact
AAA i Services (UK) LimitedTrading as: iSolutionhub
Email: info@leap-tel..co.uk
Website: www.leap-tel.co.uk