RC: 1758373

RemitPro Ltd – Information Deletion Policy

(Aligned with ISO 27001:2022 Control 8.10)

1. Purpose

This Information Deletion Policy outlines how RemitPro Ltd securely and permanently deletes personal, financial, and business data in compliance with applicable laws, industry regulations, and ISO 27001:2022 Control 8.10 requirements. The policy ensures that data no longer required for operational, legal, or regulatory purposes is destroyed in a way that prevents unauthorized recovery or misuse.

2. Scope

This policy applies to:

  • All customer, merchant, and partner data stored or processed by RemitPro Ltd.
  • All storage locations, including internal systems, cloud services, and third-party processors.
  • All employees, contractors, and service providers with access to RemitPro’s systems.

3. Data Deletion Principles

  1. Lawful Retention and Timely Disposal
    • Data is retained only for as long as necessary to meet legal, contractual, and business requirements.
    • Upon expiry of retention periods, data is securely deleted in accordance with this policy.
  2. Secure Deletion Methods
    • Digital Data: Secure wiping methods (e.g., cryptographic erasure, multi-pass overwrite) are used to ensure data cannot be reconstructed.
    • Physical Media: Hard drives, USBs, and other physical storage devices are destroyed through approved shredding or degaussing methods before disposal.
  3. Third-Party Deletion
    • All third-party service providers handling RemitPro data are contractually required to follow equivalent secure deletion standards.
    • Proof of deletion must be provided upon request.
  4. Customer Data Deletion Requests
    • Customers can request deletion of their personal information by contacting privacy@remitpro.io.
    • Requests will be verified, processed, and confirmed within 30 days unless retention is required by law.

4. Exceptions

Data may be retained beyond the usual retention period in the following circumstances:

  • Compliance with applicable laws and regulations.
  • Legal proceedings or investigations.
  • Enforcement of contractual agreements.

5. Documentation and Audit Trail

  • All deletion activities are logged, including date, method, and personnel responsible.
  • Records of deletion are maintained for audit and compliance verification.

6. Roles and Responsibilities

  • Data Protection Officer (DPO): Oversees implementation and compliance with this policy.
  • IT Security Team: Executes secure deletion procedures and maintains deletion records.
  • Employees: Follow secure deletion processes and report any non-compliance.

7. Policy Review

This policy is reviewed annually or upon significant changes to legal, regulatory, or operational requirements.

Effective Date: 11 August 2025
Last Review Date: 11 August 2025
Next Review Date: 11 August 2026

Contact:
For inquiries regarding this policy or data deletion requests, contact:
info@remitpro.io