MyIT Core Ltd Data Storage and Hosted GDPR Policy 
How long do we keep Your data?
Personal and Organisational data may be retained for the duration of the business relationship and retained or removed as required by law.  Granular control of retention and deletion is available, where you wish to create policies to control the retention and deletion of data for each item.  
As the controller, we will receive and process all requests, Clients will on request have access to their own data, and users can access and update their own information as required via the normal remote access and security levels given by the authorised client, manager or owner Of the company.  In addition, the reporting capabilities can be used to retrieve more comprehensive reports in the event of a formal access request. 
 Data can be managed at a granular level in the event of a rectification or erasure request. Should the client require a separate backup prior to erasure this can be arranged on request at our normal terms of business.
How is your data kept securely?
We operate appropriate security including combinations of physical, organizational and technical controls.  The model used for all information is a hosted  MyIT Ltd platform in a self-contained access controlled virtually separated “org”.  All access requests are separated with clear role-based access and transactions accompanied by “Org ID” that prevents access to other company’s information. 


Our backup services ensure that any backup files at rest or in transit are encrypted to government grade standards using AES-256 cryptographic algorithm.
What Country is your Data held?
All Data is securely stored within the UK to comply with GDPR rulings utilising constantly updated Antivirus, Firewalls, IP security watch controls and encryption. As with all data controls and protection there is always a small risk of unforeseen Viruses which when first released are undetected in the first hours prior to Antivirus companies being made aware and updating the protection for that instance. If such an instance does occur, we cannot be held accountable for any loss of data during the period of recovery. We would in these rare instances go back to a prior backup to recover the situation if unable to remove the virus or repair damaged files.
How is your information used?
We won't share your information or data with anyone else without your consent.