Skip to main content
Skip table of contents

Data retention policy

Retention policy legislation

To summarise the legal requirements, Article 5 (e) of the GDPR states that personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. There are some circumstances where personal data may be stored for longer periods (e.g., archiving purposes in the public interest, scientific or historical research purposes).

Recital 39 of the GDPR states that the period for which the personal data is stored should be limited to a strict minimum and that time limits should be established by the data controller for deletion of the records (referred to as erasure in the GDPR) or for a periodic review.

Organisations must therefore ensure that personal data is securely disposed of when no longer needed. This will reduce the risk that it will become inaccurate, out of date, or irrelevant.

NAGRAVISION data retention policy

Policy statement  

1.1          NAGRAVISION is responsible for implementing retention criteria for its own information records and those of its customers and ensuring compliance with the General Data Protection Regulation (GDPR) as a data processor.

1.2          NAGRAVISION assumes the responsibilities of a Data Processor. Operators of the system are data controllers and as such assume the data controller responsibilities.

1.3          This document sets out the NAGRAVISION policy for the disposal and retention of records. It applies to all records, both in paper and electronic form.

Scope

2.1      This policy is intended for both NAGRAVISION customers and staff and aims to provide an overview of the NAGRAVISION data retention policy.    

2.2      Relevant provisions in the GDPR – see Articles 5(1)(e), 17(1)(a), 30(1)(f) and 89, and Recital 39: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

Principles

3.1      One of the main aims of successful record management is to be able to find, quickly and readily, any information requested. The FOI Act in January 2005 reinforced the need to know what information we hold and to be able to locate it promptly and in compliance with GDPR.

3.2   NAGRAVISION will review information regularly to ensure that it is:

  • Necessary – the information must hold some value for NAGRAVISION to carry out its functions.

  • Proportionate – in order to justify the retention of the information, it must be proportionate to retain the information against the impact on an individual’s rights.

  • Adequate – in order to justify the retention of information, it must be as complete as possible.

  • Relevant – information must be fit for the purpose for which it is held.

  • Accurate and up-to-date – all record details must be accurate and records must be updated with any new information.

  • Of historical value – it may also be necessary to retain information of particular legal or historical significance. This relates to past-periods data used usually as a basis for supporting financial transactions or contractual terms and conditions.

3.3    Factors that may impact on the retention of information are:

  • The age of the information – as time progresses, information can become increasingly inaccurate.

  • The reliability of the information – may be questioned/unreliable where the information is unproven,

  • The reliability of the source of the information – sources of information may prove to be unreliable or false,

  • Legal requirement – there may be a legal requirement to retain information for a specified period of time,

What it means in practice

4.1      The relevant data owners are responsible for its review, in line with this policy and further detailed schedules. This applies to both electronic and paper records.  

4.2      When the retention target is reached, the information will be reviewed to confirm that the information is to be further retained or destroyed. It will be destroyed if there is no further business, statutory, or historical reason to keep it or to select it for rereview at a later date; either because the business need is ongoing or because of potential historical value.

Data

N.B. Definition of activity

An activity is any change to the account resulting from a end user action, i.e., a log on to the system, a purchase, processing a payment, or an active subscription. 

Consumer data

Data category

Retention period

Retention basis

Data 

 Consumer data

Date of last activity on system + 6 months
or 30 days from receipt of Right to be Forgotten request.  


 

Legitimate interest

Name

Email

Authentication credentials

Parental control preferences

Contact details (email, address, social media)

IP address

Location

Devices

Purchase history

Recording requests and recordings

DRM licenses

Marketing consent

Customer support notes

Consumer analytics

Detailed data for 13 months or 30 days from receipt of right to be forgotten request

Aggregate data for 37 months. Anonymised in event of right to be forgotten request.

Legitimate interest

Active data collectors by proxy, e.g., when you watch something

Bookmarks

Favourites

Events

Access

Viewing history

Demographic data

App navigation flow

Recommendation preferences and profile

Consumer payment and transaction data

Date of last activity on system + 6 months
or 30 days from receipt of right to be Forgotten request.  

Legitimate interest

Payment transaction details as held by third party

 

Operator admins data

Data category

Retention period

Retention basis

Data 

Operator staff data

Date of last activity on system + 12 months

Deletion on request.

Contract between operator and their staff, legitimate interest

Staff details provided by the operator

Name

Email

Usage of platform

Viewing history

Demographic data

App navigation flow

Customer support notes

Recommendation preferences and profile

Marketing consent

Changing retention periods

If you require a change to any of these retention periods, you can do so by submitting a support ticket in the usual way.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.