STACK Service Retention Policy

Purpose and overview

The STACK service will comply with data protection legislation by regularly deleting personal data it no longer requires, in accordance with the right to erasure under GDPR. This mainly relates to personal data held about users of the service and user activity.

This policy will reflect the subscriber’s user account expiry policy and records retention schedule. "Subscriber" and "user" will be differentiated as follows:

"Subscriber" is the customer, which is the organisation that has subscribed to the service

"User" is a login [taken to imply both a person, and singular] that originates through a Subscriber.

User account retention

The infrastructure that STACK is built upon takes nightly backups of the virtual machines running the STACK service. The backups are retained for 4 weeks.

The STACK user account archival and deletion policy will be based upon the directives and guidance of the STACK service team in agreement with the individual subscriber.

System Data Retention

Logs which contain user activity will be anonymised or purged one year after creation in line with the structures explained above.

System Data Retention for Service Operations

All elements of submission and assignment activity (including feedback) held by STACK will be kept for 5 years then anonymised or purged.

This policy was approved on April 2022 by EDINA management and is effective from 8th April 2022.


Next review due: September 2022

If you require this document in an alternative format, please email or telephone +44 (0)131 650 3302