1. Purpose
The purpose of this policy is to define how TheAgencyFounder collects, stores, retains, and securely destroys data to ensure compliance with applicable laws, contractual obligations (including Meta’s Third Party Assessment requirements), and industry best practices.
2. Scope
This policy applies to:
- All employees, contractors, partners, and third parties who handle data on behalf of TheAgencyFounder.
- All types of data including client data, business partner data, Meta-provided data, and internal operational data.
- All formats of data including electronic files, paper documents, emails, and backups.
3. Data Classification
Data handled by TheAgencyFounder is categorized as follows:
- Confidential Data – Sensitive client data, Meta-provided datasets, internal business information, personally identifiable information (PII).
- Internal Data – Company policies, training materials, internal project documentation.
- Public Data – Information already published on public platforms.
4. Data Retention Guidelines
TheAgencyFounder will retain data only for as long as it is needed for legitimate business purposes, contractual requirements, or legal compliance. Retention periods are as follows:
Data Type | Retention Period | Rationale |
Client project files & deliverables | 3 years from project closure | To support after-sales service, disputes, or audits |
Meta-provided datasets & reports | As per Meta’s contractual requirement or 12 months, whichever is shorter | Compliance with TPA |
Financial records & invoices | 7 years | As per tax & accounting laws |
Employee records | Duration of employment + 3 years | Legal & HR compliance |
Email communications related to client work | 2 years | Business continuity |
Backup data | 90 days | Disaster recovery needs |
5. Data Destruction Procedures
When data reaches the end of its retention period, it will be destroyed in a secure manner:
- Electronic Data – Permanently deleted from servers, devices, and backup systems using secure deletion methods (e.g., NIST 800-88 standard).
- Paper Records – Shredded using cross-cut shredders or destroyed by a certified destruction vendor.
- Third-Party Storage – Instruct vendors to permanently delete or return data, with written confirmation of destruction.
6. Exceptions
Data retention periods may be extended in the following cases:
- Ongoing legal proceedings or investigations.
- Specific contractual obligations with Meta or other partners.
- Regulatory requirements that mandate longer storage.
7. Roles & Responsibilities
- Data Protection Officer (DPO) – Oversees data retention schedules and destruction processes.
- IT Department – Implements secure deletion of electronic records and backup data.
- Department Heads – Ensure compliance with retention requirements in their teams.
8. Roles & Responsibilities
- Annual reviews of retention schedules and destruction logs.
- Internal audits to ensure policy adherence.
- Immediate corrective actions if non-compliance is found.
9. Policy Review
This policy will be reviewed at least once every 12 months or when there are significant changes in applicable laws, Meta’s requirements, or TheAgencyFounder’s operations.
10. Contact Information
For questions or clarifications regarding this policy, please contact:
Data Protection Officer (DPO)
TheAgencyFounder
Email: team@theagencyfounder.com
Phone: +919810058408