KonnectWI — Book anything, anytime

KonnectWI: Data Retention and Compliance Policy

Effective Date: 06/01/2026

1. Introduction and Purpose

This policy sets out KonnectWI's approach to the retention and secure management of personal data collected from its users (both individual and business Service Providers). Our aim is to ensure compliance with the Data Protection Act, 2023 of Grenada, and to uphold the principles of data minimization, accuracy, and storage limitation. We commit to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

2. Legal Basis

This policy is primarily governed by the Data Protection Act, 2023 of Grenada. Where applicable, we also consider best practices aligned with international data protection frameworks, including those generally adopted within the CARICOM region.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (data subject). This includes, but is not limited to, name, email address, phone number, physical address, financial information (tokenized), IP address, and unique identifiers.
  • Sensitive Personal Data: Information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, criminal convictions, or biometric data. (KonnectWI generally does not collect sensitive personal data).
  • Processing: Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: KonnectWI(Procurement & Logistics Services Grenada Ltd.), which determines the purposes and means of processing personal data.
  • Storage Limitation: The principle that personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

4. Data Protection Principles

KonnectWI adheres to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data Minimization: Data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Data is accurate and, where necessary, kept up to date.
  • Storage Limitation: Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Accountability: KonnectWI is responsible for, and able to demonstrate compliance with, the above principles.

5. Data Retention Periods

KonnectWI retains personal data for varying periods depending on the type of data and the purpose for which it was collected, always adhering to the principle of storage limitation.

1. General Transactional and Financial Data (Orders, Payments, Revenue Analytics)

Recommendation: 7 years.

Reasoning: This period aligns with common regulatory requirements for financial records and tax purposes in many jurisdictions. Retaining detailed order information, payment statuses, total amounts, discounts, transaction IDs, and currency for 7 years ensures KonnectWI can:

  • Fulfill tax obligations and undergo audits.
  • Manage returns and process refunds effectively.
  • Resolve payment disputes.
  • Provide historical data for revenue analytics and performance tracking, including total revenue, revenue trends, average order value, commission earned, and promotion performance. This long-term data is crucial for identifying peak periods, seasonal variations, and overall business growth.

2. User Account Data (Customer and Service Provider Profiles)

Recommendation: As long as the account is active, plus 5 years post-deactivation/cancellation.

Reasoning:

  • Active Accounts: Full user profiles (names, contact information, addresses, payment methods, notification preferences, subscription status) are necessary for continuous service delivery and account management.
  • Deactivated/Canceled Accounts: Retaining data for a period after account closure allows for:
    • Addressing any post-cancellation disputes or legal claims.
    • Ensuring linkage to financial transactions that may still require a 7-year retention.

    This applies to Basic accounts and Subscribed Service Providers.

3. Product Listing Data (Active & Historical)

Recommendation: As long as the listing is active, plus 3 years after deactivation.

Reasoning:

  • Active Listings: Required for display and booking.
  • Deactivated Listings: Retaining historical product data (title, description, category, images, features, booking period, condition, delivery/pickup options) is useful for:
    • Historical analytics (e.g., popular past products).
    • Resolving past disputes related to the item's condition or specifications.
    • Potentially allowing Service Providers to easily reactivate listings.

4. Verification Documents

Recommendation: As long as the verification status is active, plus 1–2 years post-deactivation of verification or account closure.

Reasoning: Documents like business licenses or identity verification are sensitive. Once verification is confirmed, the specific documents might not need to be retained as long as the record of verification. However, a short retention period beyond immediate verification can help with any immediate post-verification challenges. The administrator retains the ability to revoke verification status.

5. Messaging Data

Recommendation: 7 years or as long as related orders/accounts are active.

Reasoning: Messages are often directly linked to transactions, disputes, and customer support. Retaining conversation history helps in resolving issues, understanding user interactions, and maintaining a record of communications.

6. Terms & Conditions (Versions and User Agreement Records)

Recommendation: Indefinitely.

Reasoning:It's crucial to maintain a historical record of all versions of the platform's general terms and conditions, as well as records of when specific users agreed to which version. This is vital for legal defense and demonstrating compliance.

7. Analytics Data (Aggregated/Anonymized)

Recommendation: Indefinitely.

Reasoning: Once personal identifiers are removed, aggregated data (e.g., overall revenue trends, geographical revenue, number of successful transactions) loses its sensitive nature and becomes invaluable for long-term business intelligence, market analysis, and strategic planning.