Data Retention & Archiving Policy
Issued by: Clinicians Check Limited Title: Data Retention and Archiving Policy Version 1.2 | Last Updated: 29 May 2025
1. Introduction
1.1 This Data Retention and Archiving Policy outlines how CliniciansCheck manages the lifecycle of data, including retention, archiving, and secure disposal, in accordance with global legal obligations and best practices. 1.2 This policy ensures compliance with applicable data protection and clinical governance regulations, while maintaining operational efficiency and safeguarding individual rights.
2. Scope
2.1 This policy applies to all data processed by CliniciansCheck, excluding clinical or sensitive records voluntarily submitted by users via third-party channels, which are managed externally and not stored on our platform. 2.2 It covers user account information, professional listings, transactional data, operational communications, and support records across all jurisdictions where the platform is accessible.
3. Record Classification
3.1 Records are classified into the following operational categories: 3.1.1 Account and Identity Verification Records 3.1.2 Communication and Support Logs 3.1.3 Marketplace and Transaction Data 3.1.4 Credentialing and Clinician Validation Records 3.1.5 Audit, Analytics, and Compliance Data 3.2 Patient medical information or mental health disclosures entered into free-text fields are not actively monitored or flagged by CliniciansCheck. Users are explicitly directed to use external, secure channels for personal medical documentation and are advised that such content is not subject to internal clinical review or triage.
4. Retention Periods
4.1 Unless required by law or justified by legitimate business interest, data will not be kept longer than necessary. 4.2 Retention periods are as follows: 4.2.1 User account and activity data: 7 years post-account closure 4.2.2 Professional credentialing records: 10 years post-verification 4.2.3 Transactional records and service history: 7 years 4.2.4 Legal dispute data: Retained for duration of the dispute plus 6 years 4.2.5 Security logs and forensic data: 2 years unless under investigation
5. Archiving and Secure Storage
5.1 Archived data is encrypted and stored in a secure environment with access limited to authorised personnel only. 5.2 Data marked for archival undergoes review to ensure relevance, legal defensibility, and ongoing value. 5.3 Any content containing personally identifiable information (PII) is handled in accordance with the Global Privacy Policy and jurisdiction-specific requirements.
6. External Platforms and Record Storage
6.1 CliniciansCheck does not store sensitive patient health data or attachments containing protected health information (PHI) directly on the platform. 6.2 Users requiring long-term storage of medical records or psychological information are directed to external, encrypted, HIPAA-compliant platforms through which consented records may be managed. 6.3 This ensures that CliniciansCheck remains legally and operationally distinct from any third-party clinical document handling process.
7. Secure Disposal
7.1 Records that exceed their legally mandated or business-critical retention period will be deleted securely using certified erasure protocols. 7.2 Disposal is logged, auditable, and compliant with ISO 27001 and GDPR/UK GDPR standards. 7.3 Where physical documents are involved, cross-cut shredding or certified destruction services are used.
8. Compliance and Oversight
8.1 This policy is reviewed annually by the Compliance and Governance team and adjusted in line with evolving laws, risk assessments, and operational needs. 8.2 Questions regarding this policy should be directed to: operationsteam@clinicianscheck.com