POLICY Remote Asset Management implemented an information retention policy to ensure that all information kept for legal, regulatory and business requirements is limited. Remote Asset Management ensures that data will be:

• Processed fairly and lawfully.

• Adequate, relevant and not excessive.

• Kept secure and be accurate.

• Kept no longer than is necessary.

• Processed in-line with the client’s or employee’s rights.

• Not transferred to other countries that do not comply with the Data Protection Act 2018 and General Data Protection Regulation (GDPR).

Furthermore, processes are in place for secure disposal when data no longer needs to be retained for legal, regulatory and business requirements. An automatic or manual executed process is to be in place for identifying and ensuring secure Classification:

Please also refer to the Data Destruction Policy in relation to the secure destruction of data held on removable media or in paper format.

The Data Retention policy contains a comprehensive list of information items held by Remote Asset Management, which must be retained for specified periods of time for legal, compliance or operational reasons.