JoveWhizz maintains data retention and deletion policies for market research data, governing data lifecycle management, records management, and compliance with GDPR storage limitation principle, CCPA/CPRA retention requirements, PIPEDA, HIPAA, and ISO 27001 information lifecycle management standards. Our approach ensures that data including survey response data, interview recordings, focus group transcripts, and panel member information is kept only as long as necessary for the research purpose and legal obligations.
Data retention forms part of JoveWhizz's broader data lifecycle management framework covering collection, storage, use, retention, archival, and deletion of research data. Our structured retention framework defines how long different categories of research data are retained, with retention schedules based on the research purpose, regulatory requirements including GDPR, CCPA, PIPEDA, and HIPAA, contractual obligations, and legitimate business needs. This approach supports effective records management across all research programmes.
The framework distinguishes between personal data, pseudonymised data, and anonymised data, with shorter storage periods for identifiable information. Retention schedules are documented and accessible to all relevant teams. For example, survey response data and panel member information typically have shorter retention timeframes than anonymised research outputs, and data archiving arrangements are specified at the project level.
Research participant personal data including survey responses, interview recordings, and focus group transcripts is retained only for the duration necessary to complete the research project and meet any applicable regulatory or contractual retention requirements. After this storage period, data is securely deleted or anonymised.
Client data, project records, and operational data are retained according to separate retention schedules that reflect their distinct purposes and legal retention obligations. Data archiving provisions are made for research outputs that require longer-term preservation. JoveWhizz maintains a centralised retention schedule that is reviewed and updated regularly.
When data reaches the end of its retention schedule, JoveWhizz ensures secure deletion and disposal using methods appropriate to the data format and sensitivity. Digital data is permanently erased using recognised data destruction standards as part of the overall data lifecycle management process.
Physical records containing personal data are shredded or incinerated through secure disposal processes. Deletion and disposal activities are documented, including the data involved, method used, and date of destruction.
JoveWhizz processes data subject deletion requests in accordance with applicable privacy regulations. Participants may request deletion of their personal data, and JoveWhizz evaluates each request against legal and contractual retention obligations. Where appropriate, data may be anonymised instead of deleted, allowing research integrity to be preserved while removing personal identifiers in line with the distinction between anonymisation and deletion.
Where data must be retained despite a deletion request due to legal or research requirements, JoveWhizz informs the data subject of the basis for retention and the expected retention period. Data that is not subject to retention obligations is deleted promptly.
JoveWhizz reviews its data retention and deletion policy annually or when there are significant changes to applicable regulations including GDPR, CCPA, PIPEDA, or HIPAA, or to business operations. Policy reviews ensure that retention schedules remain appropriate and deletion procedures are effective.
Compliance with the retention schedule and deletion policy is monitored through internal audits and data inventory assessments. Non-compliance is addressed through corrective action plans and process improvements.
How long does JoveWhizz retain research participant data?
Participant personal data is retained only as long as necessary for the research project and any applicable legal or contractual retention requirements.
What is the difference between anonymisation and deletion?
Anonymisation removes personal identifiers from data so it can no longer be linked to an individual. Deletion permanently erases the data. Anonymised data may be retained for research purposes while deleted data is completely removed from systems.
What happens when a research project ends?
When a project concludes, participant personal data enters its retention schedule based on the project's contractual and regulatory requirements. After this storage period, the data is securely deleted or anonymised.
Does JoveWhizz archive research data?
Yes. Research outputs that require longer-term preservation may be archived in accordance with client agreements and applicable regulatory requirements. Archived data is stored securely with restricted access.
Can participants request early deletion of their data?
Yes. Participants can request deletion of their personal data. JoveWhizz evaluates each request against legal, contractual, and research retention obligations.
What methods does JoveWhizz use for secure data deletion?
Digital data is permanently erased using recognised data destruction standards. Physical records are shredded or incinerated through secure disposal processes.
Does JoveWhizz anonymise data instead of deleting it?
Where appropriate and consistent with the research purpose, data may be anonymised rather than deleted. Anonymised data is not considered personal data and may be retained.
How does JoveWhizz track data retention periods?
Retention schedules are documented and managed centrally. JoveWhizz maintains data inventories to track retention periods and trigger deletion activities.
Is the retention policy reviewed regularly?
Yes. The policy is reviewed annually or when significant regulatory or operational changes occur to ensure continued appropriateness and compliance.
Questions about data retention and deletion policies? Contact JoveWhizz for more information.
Contact Us