Data Retention Policy
Effective Date: 01/03/2025
Last Updated: 01/03/2025
1. Introduction
Tasty Treats & Sweets (www.tastytreatsandsweets.co.uk) (“we,” “our,” “us”) maintains this Data Retention Policy to outline the retention, storage, and disposal of personal data collected via our website. This policy operates separately from our Privacy Policy and ensures compliance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.
2. Retention Principles
We follow these key principles when managing data retention
- Purpose Limitation: Data is only kept for as long as necessary for legitimate business or legal purposes.
- Storage Limitation: We do not retain personal data beyond what is required.
- Security: Safeguards are in place to protect retained data from unauthorized access, loss, or misuse.
3. Retention Periods
We retain various categories of data based on legal and operational requirements:
| Data Type | Retention Period | Purpose |
| Website Analytics Data (e.g., Google Analytics) | 14-26 months | Website performance monitoring & user experience improvements |
| Contact Form Submissions | 6 months | Responding to inquiries & customer service records |
| User Account Data (Inactive Accounts) | 1 year | Account management & security |
| Customer Order Data (E-commerce) | 6 years | Compliance with tax & accounting laws (Not electronically after 1 year) |
| Marketing & Newsletter Data | Until user unsubscribes (or after 12 months of inactivity) | Marketing communications |
| Cookies & Tracking Data | As specified in the Cookie Policy | Website functionality & user preferences |
4. Data Disposal and Anonymization
Once data is no longer required, we will:
- Securely delete or anonymize personal data.
- Ensure that backups and archives are also purged where applicable.
- Use secure disposal methods, such as encryption-based erasure or physical destruction, for sensitive data.
5. Data Subject Rights
Users have the right to:
- Request access, correction, or deletion of their personal data.
- Withdraw consent for data processing where applicable.
- Object to retention where no overriding legal obligation applies.
To exercise these rights, please contact via the Contact Us page.
6. Legal and Regulatory Compliance
We comply with the UK GDPR, Data Protection Act 2018, and Investigatory Powers Act 2016 where applicable. Retention periods may be extended if required by legal or regulatory authorities.
7. Updates to This Policy
This Data Retention Policy may be updated periodically. Changes will be reflected on this page with an updated effective date.
For any questions, please contact us via the Contact page.