Noteable Service Retention Policy

Purpose and overview

The Noteable service will comply with data protection legislation by regularly deleting personal data it no longer requires, in accordance with the UK Information Commissioner's Office: Right to erasure under UK GDPR. This relates to personal data held about users of the service and user activity.

This policy will reflect the subscriber’s user account expiry policy and records retention schedule. "Subscriber" and "user" will be differentiated as follows:

"Subscriber" is the customer, which is the organisation that has subscribed to the service

"User" is a login [taken to imply both a person, and singular] that originates through a Subscriber.

User account retention

The infrastructure that Noteable is built upon takes daily backups of the virtual machines running the Noteable service. The backups are retained for 4 weeks.

The Noteable user account archival and deletion policy will be based upon the directives and guidance of the Noteable service team in agreement with a service subscriber. A default 5 year account expiry period is set from the last user access login date. The last login date is calculated individually for each subscribed user. At the end of this time period all user data is deleted from the Noteable service.

Access to Noteable is usually maintained throughout an account expiry period.

System Data Retention for Service Operations

Any assignment data in the individual directories of users is deleted when the user's account expires. Any generated or submitted assignments in a course with an LTI connection to Noteable will be deleted 5 years after the last access to Noteable by an instructor or student on that course.

This policy was approved on April 2022 by EDINA management and is effective from 8th April 2022.

Amendments:

Next review due: September 2022

If you require this document in an alternative format, please email edina@ed.ac.uk or telephone +44 (0)131 650 3302