QEOPS Personal Data Retention Policy

1. Data Controller
Company EOPS Solutions SRL (hereinafter “QEOPS” or “the company”)
Registered office: Adriana 11 building C6 (BUCH11) CTPark, Dragomirești-Deal, Ilfov 077096.
Contact:
Email: dpo@qeops.ro
Post office: at the address above.

2. General
The need to retain personal data varies depending on the type of data processed within the company. Some data can be deleted immediately, while others must be retained until they are no longer useful. In some cases, the retention period is legally defined at national or EU level.

In other cases, organizations must set their own retention periods based on activity, aligned with principles in EU Regulation 679/2016 (GDPR).

Because defining retention terms may be subjective, QEOPS enforces a Retention Policy to ensure consistent rules for data retention across the organization.

QEOPS complies with the GDPR and Law 190/2018 regarding implementation of the GDPR in all data retention activities.

3. Retention Policy Scope
This policy covers all company data: digital systems, media, rentals, collaborations, and partnerships, regardless of location (headquarters or branch).

QEOPS’ Retention Policy ensures GDPR compliance and defines the principle of storage limitation: data should only be retained as long as needed for processing. It supports structured and consistent data deletion across departments.

4. Retention Requests
This Policy applies to individual and corporate clients, and representatives of QEOPS’ partners, whether they act as data controllers or processors.

We only retain personal data provided voluntarily via communication channels, contact forms, newsletter sign-up, or purchasing from QEOPS (online or in stores).

For any questions or requests related to retention periods, contact QEOPS using the details above.

5. Reasons for Long-Term Data Retention
QEOPS does not follow a “save everything” approach, as it would be inefficient and burdensome, especially for IT. Some data must be kept long-term to:
• Respond to product/service quality complaints;
• Address litigation;
• Investigate workplace accidents;
• Handle security incidents;
• Comply with legal regulations;
• Protect intellectual property.

6. Retention Periods (Examples)
| DEPARTMENT         | ACTIVITY                                             | RETENTION PERIOD                           |
|——————–|——————————————————|——————————————–|
| COMMERCIAL         | Phone calls for remote order recording               | Not currently stored                       |
| CUSTOMER RELATIONS | Complaint emails from clients                        | 3 years (physical and electronic format)   |
| CUSTOMER RELATIONS | General inquiries about business activity            | 3 years unless otherwise justified         |
| CUSTOMER RELATIONS | Data subject access requests                         | 3 years (electronic)                       |
| CUSTOMER RELATIONS | Delivery address and contact details                 | Until shipment or deletion is requested    |
| LOGISTICS          | Shipping documents (AWB, receipts, invoices)         | 5 years                                    |
| LOGISTICS          | Delivery notes (NIR)                                 | 5 years                                    |
| BUSINESS RELATIONS | Supplier contracts                                   | 10 years after contract termination        |
| BUSINESS RELATIONS | Accounting documents (e.g., invoices)               | 5–10 years                                 |
| BUSINESS RELATIONS | Event partnership contracts                          | 10 years after contract termination        |
| BUSINESS RELATIONS | Business cards from meetings                         | 1 year from last contact                   |
| BUSINESS RELATIONS (B2B) | Representative data (name, role, contact)     | Until deletion request or inactivity       |

For retention periods not listed, contact dpo@qeops.ro.

7. Retention Plan
The retention schedule outlines default retention times for each data type. Exceptions can be made based on specific needs upon request.

8. Data Destruction
When the retention period expires, data is actively destroyed. If an employee believes data should not be deleted, they must escalate the issue to their supervisor, the DPO, or company management. Only management can grant exceptions.

Staff are prohibited from deleting data to conceal violations or damaging events.

9. Data Deletion Requests
Requests must be emailed to dpo@qeops.ro and include:
– Contact details;
– Full name;
– Context of data collection (campaigns, purchases, etc.);
– Type of data to be deleted;
– Number of records.

Response time is 15 business days, extendable to 30 for complex requests. QEOPS will issue a written decision including:
– Purpose of processing;
– Deleted data and associated activities;
– Total records deleted.

Documents are retained 3 years (physical or email) before being destroyed.

Note: Due to ongoing processing and retention routines, your data may be modified or deleted after a request. QEOPS will provide data available at the time of receipt.

10. Continuous Improvement
QEOPS regularly updates this policy based on legal, regulatory, or organizational changes.

11. Updates
This Retention Policy is under regular review and may be updated to reflect GDPR and industry practices. Updated versions will be posted on the website.

© QEOPS – Last updated: June 2025