Data Retention & User Rights
We are committed to collecting and retaining personal data only for as long as
it is needed for the purposes described in this Privacy Policy, or as required
by applicable laws and regulations. When personal data is no longer required,
we will delete, anonymize, or securely archive it in line with our internal
retention schedule.
How Long We Keep Your Data
The table below outlines our standard retention periods. Actual retention may
vary if a longer period is required by law, for the establishment, exercise or
defence of legal claims, or to meet contractual or accounting obligations.
| Data Category | Typical Retention Period* | Purpose |
|---|---|---|
| Contact & enquiry details (name, email, phone, company, message) |
12–24 months from last interaction | Respond to enquiries, provide proposals, track communications. |
| Client account & project records | Up to 7 years after contract end | Contract performance, billing, tax/audit obligations, dispute handling. |
| Marketing & newsletter subscriptions | Until you withdraw consent or object | Send updates about our services and content that you have opted in to. |
| Technical logs & security data (IP, device, access logs) |
6–24 months | Security monitoring, troubleshooting, fraud detection and abuse prevention. |
| Training, events & webinar registrations | Up to 3 years after the event | Manage attendance, issue certificates, support follow-up and compliance. |
| Job applications & careers data | Up to 12 months after process end | Evaluate candidates and keep a talent pool where permitted. |
*These periods are indicative and subject to validation against our internal
retention policy and applicable local regulations. Where laws require longer
retention (for example, tax or accounting records), we will comply with those
requirements.
Your Data Protection Rights
Depending on your location and applicable data-protection laws (including, where
applicable, the EU/EEA GDPR or UK GDPR), you may have the following rights in
relation to your personal data:
- Right of access – to obtain confirmation whether we process your
personal data and receive a copy of that data. - Right to rectification – to have inaccurate or incomplete personal
data corrected. - Right to erasure (“right to be forgotten”) – to request deletion of your
personal data in specific circumstances. - Right to restriction of processing – to request that we limit how we use
your data in certain cases. - Right to object – to object at any time to processing based on our
legitimate interests, and to object to direct marketing. - Right to data portability – to receive certain personal data in a structured,
commonly used and machine-readable format and to transmit it to another
controller where technically feasible. - Right not to be subject to automated decision-making – to request human
review where decisions are made solely by automated means that produce legal or
similarly significant effects. - Right to lodge a complaint – to file a complaint with your local data
protection authority if you believe your rights have been infringed.
How to Exercise Your Rights
You can submit any request regarding your data (access, correction, deletion,
objection, restriction, portability, or complaints) using one of the channels
below. We will verify your identity where necessary and respond without undue
delay, and in any event within the timeframe required by applicable law.
- Email:
privacy@digisoul.io
- Data Subject Request Form:
Please use the secure form below to submit your request.
We aim to acknowledge your request promptly and provide a substantive response
within one (1) month, or as otherwise permitted or required by applicable
data-protection laws. If your request is complex or numerous, we may extend the
response period in line with those laws and will inform you of any extension.
