Data Retention Policy
1. Purpose
This Data Retention Policy explains how GISS retains, stores, archives, reviews, and disposes of records, documents, personal data, certification information, audit materials, training records, and service-related information.
2. Scope
This Policy applies to records held in physical or electronic form, including client records, certification files, audit reports, contracts, invoices, communications, complaints, appeals, training records, website data, and governance documents.
3. Retention Principles
GISS retains information only for as long as necessary for lawful, contractual, operational, certification, audit, accounting, regulatory, dispute resolution, or legitimate business purposes.
4. Retention Periods
Retention periods may vary depending on the nature of the record, applicable law, accreditation or certification requirements, contractual obligations, limitation periods, and operational needs.
5. Security and Access
Records must be stored securely with access limited to authorized personnel. Sensitive records should be protected against unauthorized access, loss, alteration, disclosure, or misuse.
6. Disposal
When records are no longer required, GISS will securely delete, destroy, anonymize, or archive them in accordance with applicable requirements and internal procedures.
7. Review
This Policy will be reviewed periodically to ensure retention practices remain lawful, proportionate, secure, and aligned with GISS operational needs.
Contact Information
Global Institute for Sustainability Standards Pvt. Ltd. (GISS)
Website: www.gisstandards.com
Email: info@gisstandrads.com
Last Updated: 11 June 2026