DATA RETENTION POLICY

1. ABOUT THIS POLICY

   1. The corporate information, records and data of Feed The Beast Limited ("FTB") is important to how we conduct business and manage employees.
   2. There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our business operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our business.
   3. This Data Retention Policy explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.
   4. Failure to comply with this policy can expose us to fines and penalties, adverse publicity, difficulties in providing evidence when we need it and in running our business.
   5. This policy does not form part of any employee's contract of employment and we may amend it at any time.

2. SCOPE OF POLICY

   1. This policy covers all data that we hold or have control over. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as "data".
   2. This policy covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. It also covers data that belongs to us but is held by employees on personal devices.
   3. This policy explains the differences between our formal or official records, disposable information, confidential information belonging to others, personal data and non-personal data. It also gives guidance on how we classify our data.
   4. This policy applies to all business units and functions of FTB in all territories.

3. GUIDING PRINCIPLES

Through this policy, and our data retention practices, we aim to meet the following commitments:

• We comply with legal and regulatory requirements to retain data.
• We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).
• We handle, store and dispose of data responsibly and securely.
• We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.
• We allocate appropriate resources, roles and responsibilities to data retention.
• We regularly remind employees of their data retention responsibilities.
• We regularly monitor and audit compliance with this policy and update this policy when required.

4. ROLES AND RESPONSIBILITIES
   1. Responsibility of all employees and volunteers. We aim to comply with the laws, rules, and regulations that govern our organisation and with recognised compliance good practices. All employees and volunteers must comply with this policy, the Record Retention Schedule, any communications suspending data disposal and any specific instructions from the DPO. Failure to do so may subject us, our employees, volunteers and contractors to serious civil and/or criminal liability. An employee's failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. In the case of volunteers, it may result in the termination of your participation in the FTB community. It is therefore the responsibility of everyone to understand and comply with this policy.
   2. The Data Protection Officer ("DPO"). The DPO is responsible for identifying the data that we must or should retain, and determining the proper period of retention. The officer also arranges for the proper storage and retrieval of data, co-ordinating with outside vendors where appropriate. The DPO is also responsible for advising on and monitoring our compliance with data protection laws which regulate personal data.
   3. We have designated Kevin Moloney as the DPO. Among other responsibilities, the DPO is responsible for:

• Planning, developing, and prescribing data disposal policies, systems, standards, and procedures; and
• Providing guidance, training, monitoring and updating in relation to this policy.

5. TYPES OF DATA AND DATA CLASSIFICATIONS

   1. Formal or official records. Certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our company. Please see paragraph 6.1 below for more information on retention periods for this type of data.
   2. Disposable information. Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule. Examples may include:
      • Duplicates of originals that have not been annotated.
      • Preliminary drafts of letters, memoranda, reports, worksheets, and informal notes that do not represent significant steps or decisions in the preparation of an official record.
      • Books, periodicals, manuals, training binders, and other printed materials obtained from sources outside of FTB and retained primarily for reference purposes.
      • Spam and junk mail.

   Please see paragraph 6.2 below for more information on how to determine retention periods for this type of data.

   3. Personal data. Both formal or official records and disposable information may contain personal data; that is, data that identifies living individuals. Data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). See paragraph 6.3 below for more information on this.
   4. Confidential information belonging to others. Any confidential information that an employee may have obtained from a source outside of FTB, such as a previous employer, must not, so long as such information remains confidential, be disclosed to or used by us. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted, if received via the internet.

6. RETENTION PERIODS

   1. Formal or official records. Any data that is part of any of the categories listed in the Record Retention Schedule contained in the Annex to this policy, must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact the DPO.
   2. Disposable information. The Record Retention Schedule will not set out retention periods for disposable information. This type of data should only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it should be securely disposed of.
   3. Personal data. As explained above, data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). Where data is listed in the Record Retention Schedule, we have taken into account the principle of storage limitation and balanced this against our requirements to retain the data. Where data is disposable information, you must take into account the principle of storage limitation when deciding whether to retain this data.
   4. What to do if data is not listed in the Record Retention Schedule. If data is not listed in the Record Retention Schedule, it is likely that it should be classed as disposable information. However, if you consider that there is an omission in the Record Retention Schedule, or if you are unsure, please contact the DPO.

7. STORAGE, BACK-UP AND DISPOSAL OF DATA

   1. Storage. Our data must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency must be duplicated and/or backed up at least once per week and maintained off site.
   2. Destruction. Our DPO is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible. Non-confidential data may be destroyed by recycling. The destruction of electronic data must be co-ordinated with the DPO.
   3. The destruction of data must stop immediately upon notification from any director that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation (see next paragraph). Destruction may begin again once directors lift the requirement for preservation.

8. SPECIAL CIRCUMSTANCES

   1. Preservation of documents for contemplated litigation and other special situations. We require all employees to comply fully with our Record Retention Schedule and procedures as provided in this policy. All employees should note the following general exception to any stated destruction schedule: If you believe, or a director informs you, that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, you must preserve and not delete, dispose, destroy, or change those records, including emails and other electronic documents, until directors determine those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.
   2. If you believe this exception may apply, or have any questions regarding whether it may apply, please contact the DPO.
   3. In addition, you may be asked to suspend any routine data disposal procedures in connection with certain other types of events, such as our merger with another organisation or the replacement of our information technology systems.

9. WHERE TO GO FOR ADVICE AND QUESTIONS

   Questions about the policy. Any questions about retention periods and any questions about this policy should be raised with the DPO.

10. BREACH REPORTING AND AUDIT

    1. Reporting policy breaches. We are committed to enforcing this policy as it applies to all forms of data. The effectiveness of our efforts, however, depend largely on employees and volunteers. If you feel that you or someone else may have breached this policy, you should report the incident immediately to the DPO. If employees or volunteers do not report inappropriate conduct, we may not become aware of a possible breach of this policy and may not be able to take appropriate corrective action.
    2. No one will be subject to and we do not allow, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or co-operating in related investigations.
    3. Audits. We will periodically review this policy and its procedures to ensure we are in compliance with relevant new or amended laws, regulations or guidance. Additionally, we will regularly monitor compliance with this policy, including by carrying out audits.

GLOSSARY

Data: all data that we hold or have control over and therefore to which this policy applies. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as "data".

DPO: our Data Protection Officer who is responsible for advising on and monitoring compliance with data protection laws.

Data Retention Policy: this policy, which explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.

Disposable information: disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule.

Formal or official record: certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. We refer to this as formal or official records or data.

Non-personal data: data which does not identify living individuals, either because it is not about living individuals (for example financial records) or because it has been fully anonymised.

Personal data: any information identifying a living individual or information relating to a living individual that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. This includes special categories of personal data such as health data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.

Record Retention Schedule: the schedule attached to this policy which sets out retention periods for our formal or official records.

Storage limitation principle: data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed. This is referred to in the UK GDPR as the principle of storage limitation.

RECORD RETENTION SCHEDULE

FTB establishes retention or destruction schedules or procedures for specific categories of data. This is done to ensure legal compliance (for example with our data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs.

Employees should comply with the retention periods listed in the record retention schedule below, in accordance with FTB's Data Retention Policy.

If you hold data not listed below, please refer to the FTB Data Retention Policy_._ If you still consider your data should be listed, if you become aware of any changes that may affect the periods listed below or if you have any other questions about this record retention schedule, please contact the DPO.

![LogoDescription automatically generated][image1]

DATA RETENTION POLICY

1. ABOUT THIS POLICY

   1. The corporate information, records and data of Feed The Beast Limited ("FTB") is important to how we conduct business and manage employees.

   2. There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our business operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our business.

   3. This Data Retention Policy explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.

   4. Failure to comply with this policy can expose us to fines and penalties, adverse publicity, difficulties in providing evidence when we need it and in running our business.

   5. This policy does not form part of any employee's contract of employment and we may amend it at any time.

2. SCOPE OF POLICY

   1. This policy covers all data that we hold or have control over. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as "data".

   2. This policy covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. It also covers data that belongs to us but is held by employees on personal devices.

   3. This policy explains the differences between our formal or official records, disposable information, confidential information belonging to others, personal data and non-personal data. It also gives guidance on how we classify our data.

   4. This policy applies to all business units and functions of FTB in all territories.

3. GUIDING PRINCIPLES

Through this policy, and our data retention practices, we aim to meet the following commitments:

• We comply with legal and regulatory requirements to retain data.

• We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).

• We handle, store and dispose of data responsibly and securely.

• We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.

• We allocate appropriate resources, roles and responsibilities to data retention.

• We regularly remind employees of their data retention responsibilities.

• We regularly monitor and audit compliance with this policy and update this policy when required.

4. ROLES AND RESPONSIBILITIES

   1. Responsibility of all employees and volunteers. We aim to comply with the laws, rules, and regulations that govern our organisation and with recognised compliance good practices. All employees and volunteers must comply with this policy, the Record Retention Schedule, any communications suspending data disposal and any specific instructions from the DPO. Failure to do so may subject us, our employees, volunteers and contractors to serious civil and/or criminal liability. An employee's failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. In the case of volunteers, it may result in the termination of your participation in the FTB community. It is therefore the responsibility of everyone to understand and comply with this policy.

   2. The Data Protection Officer ("DPO"). The DPO is responsible for identifying the data that we must or should retain, and determining the proper period of retention. The officer also arranges for the proper storage and retrieval of data, co-ordinating with outside vendors where appropriate. The DPO is also responsible for advising on and monitoring our compliance with data protection laws which regulate personal data.

   3. We have designated Kevin Moloney as the DPO. Among other responsibilities, the DPO is responsible for:

• Planning, developing, and prescribing data disposal policies, systems, standards, and procedures; and

• Providing guidance, training, monitoring and updating in relation to this policy.

5. TYPES OF DATA AND DATA CLASSIFICATIONS

   1. Formal or official records. Certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our company. Please see paragraph 6.1 below for more information on retention periods for this type of data.

   2. Disposable information. Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule. Examples may include:

• Duplicates of originals that have not been annotated.

• Preliminary drafts of letters, memoranda, reports, worksheets, and informal notes that do not represent significant steps or decisions in the preparation of an official record.

• Books, periodicals, manuals, training binders, and other printed materials obtained from sources outside of FTB and retained primarily for reference purposes.

• Spam and junk mail.

Please see paragraph 6.2 below for more information on how to determine retention periods for this type of data.

3. Personal data. Both formal or official records and disposable information may contain personal data; that is, data that identifies living individuals. Data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). See paragraph 6.3 below for more information on this.

   4. Confidential information belonging to others. Any confidential information that an employee may have obtained from a source outside of FTB, such as a previous employer, must not, so long as such information remains confidential, be disclosed to or used by us. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted, if received via the internet.

4. RETENTION PERIODS

   1. Formal or official records. Any data that is part of any of the categories listed in the Record Retention Schedule contained in the Annex to this policy, must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact the DPO.

   2. Disposable information. The Record Retention Schedule will not set out retention periods for disposable information. This type of data should only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it should be securely disposed of.

   3. Personal data. As explained above, data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). Where data is listed in the Record Retention Schedule, we have taken into account the principle of storage limitation and balanced this against our requirements to retain the data. Where data is disposable information, you must take into account the principle of storage limitation when deciding whether to retain this data.

   4. What to do if data is not listed in the Record Retention Schedule. If data is not listed in the Record Retention Schedule, it is likely that it should be classed as disposable information. However, if you consider that there is an omission in the Record Retention Schedule, or if you are unsure, please contact the DPO.

5. STORAGE, BACK-UP AND DISPOSAL OF DATA

   1. Storage. Our data must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency must be duplicated and/or backed up at least once per week and maintained off site.

   2. Destruction. Our DPO is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible. Non-confidential data may be destroyed by recycling. The destruction of electronic data must be co-ordinated with the DPO.

   3. The destruction of data must stop immediately upon notification from any director that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation (see next paragraph). Destruction may begin again once directors lift the requirement for preservation.

6. SPECIAL CIRCUMSTANCES

   1. Preservation of documents for contemplated litigation and other special situations. We require all employees to comply fully with our Record Retention Schedule and procedures as provided in this policy. All employees should note the following general exception to any stated destruction schedule: If you believe, or a director informs you, that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, you must preserve and not delete, dispose, destroy, or change those records, including emails and other electronic documents, until directors determine those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.

   2. If you believe this exception may apply, or have any questions regarding whether it may apply, please contact the DPO.

   3. In addition, you may be asked to suspend any routine data disposal procedures in connection with certain other types of events, such as our merger with another organisation or the replacement of our information technology systems.

7. WHERE TO GO FOR ADVICE AND QUESTIONS

Questions about the policy. Any questions about retention periods and any questions about this policy should be raised with the DPO.

10. BREACH REPORTING AND AUDIT

    1. Reporting policy breaches. We are committed to enforcing this policy as it applies to all forms of data. The effectiveness of our efforts, however, depend largely on employees and volunteers. If you feel that you or someone else may have breached this policy, you should report the incident immediately to the DPO. If employees or volunteers do not report inappropriate conduct, we may not become aware of a possible breach of this policy and may not be able to take appropriate corrective action.

    2. No one will be subject to and we do not allow, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or co-operating in related investigations.

    3. Audits. We will periodically review this policy and its procedures to ensure we are in compliance with relevant new or amended laws, regulations or guidance. Additionally, we will regularly monitor compliance with this policy, including by carrying out audits.

GLOSSARY

Data: all data that we hold or have control over and therefore to which this policy applies. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as "data".

DPO: our Data Protection Officer who is responsible for advising on and monitoring compliance with data protection laws.

Data Retention Policy: this policy, which explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.

Disposable information: disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule.

Formal or official record: certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. We refer to this as formal or official records or data.

Non-personal data: data which does not identify living individuals, either because it is not about living individuals (for example financial records) or because it has been fully anonymised.

Personal data: any information identifying a living individual or information relating to a living individual that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. This includes special categories of personal data such as health data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.

Record Retention Schedule: the schedule attached to this policy which sets out retention periods for our formal or official records.

Storage limitation principle: data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed. This is referred to in the UK GDPR as the principle of storage limitation.

RECORD RETENTION SCHEDULE

FTB establishes retention or destruction schedules or procedures for specific categories of data. This is done to ensure legal compliance (for example with our data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs.

Employees should comply with the retention periods listed in the record retention schedule below, in accordance with FTB's Data Retention Policy.

If you hold data not listed below, please refer to the FTB Data Retention Policy*.* If you still consider your data should be listed, if you become aware of any changes that may affect the periods listed below or if you have any other questions about this record retention schedule, please contact the DPO.

<table> <tbody> <tr> <td class="c8 c20" colspan="1" rowspan="1"> <p> <span>TYPE OF DATA</span> </p> </td> <td class="c16 c20" colspan="1" rowspan="1"> <p> <span>RETENTION PERIOD</span> </p> </td> <td class="c0 c20" colspan="1" rowspan="1"> <p> <span>REASON / COMMENTS</span> </p> </td> </tr> <tr> <td class="c18 c15" colspan="3" rowspan="1"> <p> <span>FTB Website (other than support and forums)</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>IP addresses, including data of minors</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Refer to Cookie Policy</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Refer to Cookie Policy</span> </p> </td> </tr> <tr> <td class="c18 c15" colspan="3" rowspan="1"> <p> <span>FTB Support (providing user support for FTB mods, modpacks and the FTB App)</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Contact information, including data of minors</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Up to 3 months</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Support tickets are raised using this information and the information is retained to fulfil the ticket.  If multiple tickets are raised on the same issue within weeks of each other, it may indicate an underlying issue.  That information can be used to improve the service and user notified of steps taken.</span> </p> </td> </tr> <tr> <td class="c15 c18" colspan="3" rowspan="1"> <p> <span>FTB Forums</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>User login information, including data of minors </span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>[</span> <span>Two years after last date upon which account is active</span> <span>]</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>To allow time for a user to return to the forum as an active user.  Users may wish to retain their accounts which include information that they value.  We need to strike a balance between those who may wish to return to the forum with their pre-existing user profiles, and those who have abandoned their accounts altogether.</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Forum posts, including data of minors</span> </p> <p class="c4 c24"> <span></span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Any post which FTB discovers identifies a minor is deleted on discovery.  </span> </p> <p> <span>Any personal data which FTB discovers relates to the author of the post shall be retained indefinitely as part of the archive of forum posts provided:</span> </p> <ol class="c7 lst-kix_list_2-4 start" start="1"> <li class="c4 c17 li-bullet-1"> <span>it complies with the rules of the forum and is relevant to the purposes for which the forum is established; and</span> </li> <li class="c4 c17 li-bullet-2"> <span>no request is received for its removal from the data subject.  </span> </li> </ol> <p> <span>In all other circumstances the information shall be immediately deleted.  </span> </p> <p> <span>Any personal data which FTB discovers relates to an identifiable third party shall be retained indefinitely if:</span> </p> <ol class="c7 lst-kix_list_17-0 start" start="1"> <li class="c19 li-bullet-3"> <span>it complies with the rules of the forum and is relevant to the purposes for which the forum is established; </span> </li> <li class="c19 li-bullet-4"> <span>FTB has reasonable grounds to believe that the party identified consents to its publication; and</span> </li> <li class="c4 c21 li-bullet-4"> <span>no request is received for its removal from the data subject.</span> </li> </ol> <p> <span>In all other circumstances the information shall be immediately deleted.  </span> </p> <p> <span>FTB may request evidence of identity in satisfying itself of the request for removal of personal information and may in good faith decline to do so if it does not have reasonable grounds to believe that the request came from the data subject. </span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Information that is retained is kept to preserve the integrity of the forum as a source of information helpful to the FTB community.  Certain users promote their own content through the forum and certain users promote the content of third parties who themselves have requested the dissemination of their content.  Such information is part of the body of information which makes up the community for the mutual benefit of all members of the community.  It is inclusive, but respectful of the rights of data subjects.</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Direct messages, including data of minors</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Personal information sent by direct message to other users through the FTB forum is stored by FTB on both sender and recipient account profiles until such time as:</span> </p> <ol class="c7 lst-kix_list_19-4 start" start="1"> <li class="c4 c21 li-bullet-5"> <span>the sender and/or recipient (as applicable) ceases to be a user; or </span> </li> <li class="c4 c21 li-bullet-4"> <span>a request is received for its removal from the data subject identifying the date, time, recipient and subject of the message.  Upon receipt of such a request the personal information shall be removed from both the sender profile and the recipient profile.</span> </li> </ol> </td> <td colspan="1" rowspan="1"> <p> <span>A direct messaging facility ensures that users can message other users confidentially allowing more control over data and personal data.  To ensure that the facility remains private to the users, FTB has very strict rules prohibiting FTB employees from accessing direct message data, which will only be permitted under direct instruction from a director for a legitimate purpose.  The active policing of personal information exchanged in direct messages would undermine the principle of privacy which it promotes.</span> </p> </td> </tr> <tr> <td colspan="3" rowspan="1"> <p> <span>Employment and administration</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Application forms (unsuccessful candidates) </span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Six months after notifying candidates of the outcome of the recruitment exercise </span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>To preserve records to defend FTB in any litigation and to consider the candidate for alternative roles should they arise.</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Employee information (including signed contracts) and application forms (successful candidates)</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Six years after employment ends </span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>To preserve records to defend FTB in any litigation</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Payroll, PAYE and other tax records, expenses claims</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Six years after the end of the tax year to which it relates</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>To answer any tax investigation</span> </p> </td> </tr> <tr> <td colspan="1" rowspan="1"> <p> <span>Moderator information (including training information)</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>Six years after they cease to be a registered moderator</span> </p> </td> <td colspan="1" rowspan="1"> <p> <span>To preserve records to defend FTB in any litigation</span> </p> </td> </tr> </tbody> </table>