Last Updated: June 2024
This policy relates to data processed and retained by Layer Systems in connection with its direct contractual relationship with its customers.
It applies to data that customers store or process within The Layer platform and to data generated by Layer Systems for the purpose of operating, supporting, and securing the platform.
This policy does not govern how customers manage, retain, or process data relating to their own end customers, suppliers, or third parties.
1. Purpose
This policy explains how Layer Systems retains and deletes customer data in line with applicable data protection laws, including the UK GDPR, and the contractual terms governing use of The Layer platform.
Our aim is to ensure customer data is:
- Retained only for as long as necessary
- Available for legitimate operational, billing, and legal purposes
- Securely deleted once it is no longer required
2. Scope
This policy applies to:
- Customer data processed within The Layer platform
- Backup and recovery data
- Operational and system data associated with customer accounts
3. Legal & Contractual Basis
Layer Systems retains customer data in accordance with:
- UK GDPR principles, including data minimisation and storage limitation
- Contractual obligations set out in The Layer Terms & Conditions
- Legitimate business requirements such as billing, audit, and dispute resolution
4. Retention During an Active Contract
While a customer account is active:
- Customer data is retained and processed to deliver the contracted service
- Backup copies are maintained to support availability and disaster recovery
- Access is limited to authorised systems and personnel
5. Retention After Contract Termination
When a customer contract ends (including cancellation or non-renewal):
- Customer data may be retained for a limited post-termination period
- This period allows for:
- Final billing and reconciliation
- Handling support queries or disputes
- Meeting legal or regulatory obligations
Standard post-termination retention period:
Up to 6 months from the contract end date
This retention period is considered reasonable and proportionate under GDPR.
6. Data Access After Termination
- Customers may request access to or export of their data during the retention period
- Requests made after this period cannot be fulfilled once data has been deleted
- Layer Systems is not obligated to retain or reconstruct data beyond the defined retention window
7. Data Deletion
Once the post-termination retention period has elapsed:
- Customer data is securely deleted from production systems
- Backup data is deleted in line with backup retention schedules
- Deletion is irreversible
Layer Systems does not guarantee the availability of customer data beyond this point.
8. Exceptions
In limited circumstances, data may be retained for longer where:
- Required by law or regulatory obligation
- Needed to resolve ongoing legal disputes
- Explicitly agreed in writing with the customer
Any such exception is reviewed on a case-by-case basis and documented internally.
9. Backups & Recovery Data
- Backups are retained in line with operational recovery requirements
- Backup retention does not extend the availability of customer data for normal access or export
- Backup data is used solely for disaster recovery and system integrity purposes
10. GDPR Rights
Customers may exercise their data protection rights under GDPR, including:
- The right of access
- The right to erasure (where applicable)
- The right to restriction of processing
Requests are assessed in line with this policy and applicable law.
11. Policy Review
This policy is reviewed periodically to ensure it remains accurate and appropriate as legal, contractual, and operational requirements evolve.
12. Contact
For questions relating to data retention or data protection, please contact:
Layer Systems Ltd
Email: support@layersystems.com
