1 Purpose and Scope
1.1 Purpose
The objective of the Data Retention Policy is to provide guidance on the retention of the
various types of data 3 Dimensional Insurance Brokers India Pvt. Ltd. (Referred to as 3DI
hereafter) and its subsidiaries hold. This document strives to balance the need to store
information with legal obligations to destroy the data safely when it is no longer required.
Data retention policy is an established protocol for retaining information for operational,
regulatory compliance data in electronic format (soft copy). The purpose of this policy is to
ensure all 3DI’s data, managed by IT team are retained and disposed in compliance with legal,
compliance and business regulations
1.2 Scope
● This policy covers all data pertaining to 3DI product and operational data. The customer
provided data would be governed by the contractual norms agreed upon with the customer
● It applies throughout the lifecycle of the information from creation through storage and
utilization to disposal. Appropriate protection is required for all forms of information to
ensure business continuity and to avoid breaches of the law and statutory, regulatory or
contractual obligations.
● The policy applies to all staff of 3DI and to other users associated with the Company.
2 Policy Standards
2.1 Retention
● The policy is outlined to aid departments by understanding their obligations towards internal
and external requirements in retaining data including electronic documents
● 3DI shall archive, retain, and dispose data either owned or managed by IT team
● Archived data shall be retained as per applicable legal, compliance and 3DI policies and
procedures. Proper management of archived data is ensured to enable easy retrieval.
● The legal and regulatory records of Flutura shall be retained with appropriate protection as
per the requirements of the law
● Any information containing the customer information is considered Sensitive Data. Sensitive
or the customer data is only allowed to store in the protected containers like centralized File
Services, SFTP & application Database
2.1.1 Customer data & records
Customer data and records shall be retained as per customer’s requirement outlined in the
signed contract (MSA and/or SOW) or as per any specific requests from the customer
In case of requests from the customer, data shall be retained till such time the customer
receives them and acknowledges the receipt of the same.
2.1.2 Company data
Internal Company data shall be retained and protected if they are needed for collection of
evidence or statutory and regulatory requirements and functioning of businesses.
Such data shall be treated for disposal or retention under approval from the process owner
and top management of 3DI.
Any changes to the retention period should be enforced post the approval of the CEO or the
one of the directors.
| Type of Data | Retention Period |
|---|---|
| Client Contracts and Agreements | 3 years from expiry of contract |
| Client Data in Applications | As per client contracts |
| Personal / PII Data | As long as necessary for intended purpose of processing |
| Employee Data | As per statutory limits |
| Accounting and Finance Related Data | As per statutory limits |
| Application Source Code | As long as necessary & as per client contracts |
2.2 Destruction and Data Disposal
● Proper destruction of data is essential to creating a credible data management program.
Data containing restricted/sensitive information shall only be destroyed in the ordinary
course of business
● The IT department is responsible for deleting or destroying electronic records. This includes
ensuring that the data or information is permanently removed and from company system
and destroyed
● Destruction shall commence as soon as reasonably possible once a document or data has
expired. Managers are responsible for executing their document and data destruction plans
on an annual basis
● No data that are currently involved in, or have open investigations, audits, or litigation
pending shall be destroyed or otherwise discarded.
● When retention requirements have been met, data shall be either immediately destroyed or
placed in secure locations in a controlled manner.
● The authorized methods of destruction for non-electronic data are shredding.
2.3 Destruction Log
A destruction log shall be maintained to identify the destroyed records. The destruction log
shall capture the following information.
● The date of destruction.
● The name of the individual responsible for destroying the records.
● The name of the person who witnessed the destruction.
● The method used to destroy the records.
3 Dimensional Insurance Brokers India Pvt. Ltd
606, DLF Place Saket,
Mall Office Block,
District Center Saket,
New Delhi 110017
606, DLF Place Saket,
Mall Office Block,
District Center Saket,
New Delhi 110017
Follow Us
© 2024 3 Dimensional Insurance Brokers India Pvt. Ltd.