Nauman Hanif

Data Retention & Deletion Policy

Effective Date: March 01, 2026.

1. Introduction

This Data Retention & Deletion Policy (“Policy”) describes how NaumanHanif.com (“Website,” “we,” “us,” or “our”) collects, stores, retains, manages, and deletes personal data in accordance with applicable data protection and privacy laws.

This Policy applies to all stakeholders including, but not limited to:

  • Website visitors
  • Newsletter subscribers
  • Individuals submitting Contact Forms
  • Individuals submitting Collaboration Forms
  • Research collaborators
  • Assistants and administrators
  • Any other individual whose personal data is processed through our systems

This Policy should be read in conjunction with our Privacy Policy, Terms & Conditions, Data Protection & Security Policy, and other related governance documents.

2. Scope of Application

This Policy applies to personal data collected through:

  1. NaumanHanif.com
  2. Nexus Newsletter System (nexus2.naumanhanif.com)
  3. Newsletter Form
  4. Contact Form
  5. Collaboration Form
  6. Website analytics tools (including but not limited to Google Analytics)
  7. Email communications
  8. Uploaded files and attachments
  9. Server logs and security logs

Our VPS server is located in Los Angeles, United States, and all data processing activities are conducted in accordance with applicable laws governing cross-border data processing.

3. Categories of Data Retained

Depending on the type of interaction, we may retain the following categories of data:

3.1 Newsletter Subscribers

  • Name
  • Email address
  • Subscription timestamp
  • IP address (if logged)
  • Consent records

3.2 Contact Form Submissions

  • Name
  • Email
  • Subject
  • Organization
  • Website/Social URLs
  • Reason
  • Message content
  • Associated metadata

3.3 Collaboration Form Submissions

  • Title
  • Name
  • Designation
  • Email
  • Organization/University/Company details
  • Website URLs
  • Country
  • Professional profile URLs
  • Research-related information
  • Phone number
  • WhatsApp number
  • Uploaded files
  • Any voluntarily submitted personal or professional information

3.4 Technical & Analytical Data

  • IP address
  • Browser information
  • Device information
  • Usage statistics
  • Cookies and tracking identifiers

3.5 Administrative & Security Logs

  • Login records
  • 2FA authentication logs
  • System security logs
  • Backup logs

4. Data Retention Periods

We retain personal data only for as long as necessary to fulfill legitimate purposes, including:

  • Communication
  • Research collaboration
  • Legal compliance
  • Security
  • Record-keeping
  • Protection of legal rights

Retention periods are determined based on the nature of the data and purpose of processing.

4.1 Newsletter Data

Retained until:

  • The subscriber unsubscribes; or
  • The data subject requests deletion; or
  • The system identifies prolonged inactivity (as determined by administrative review).

Unsubscribe links are included in all subsequent newsletter communications.

4.2 Contact & Collaboration Data

Retained for as long as necessary to:

  • Respond to inquiries
  • Maintain professional records
  • Preserve research collaboration history
  • Protect against potential legal claims

Unless a deletion request is submitted, such records may be retained for up to 5 years, or longer if legally required or necessary to protect legitimate interests.

4.3 Uploaded Files

Uploaded documents are retained only:

  • For review and collaboration purposes
  • For legal documentation if necessary

Files may be deleted once the purpose of submission is fulfilled unless legally required to retain.

4.4 Analytics Data

Analytics data is retained according to the configuration of Google Analytics or similar services and may be anonymized or aggregated where applicable.

4.5 Server & Security Logs

Security logs and authentication records may be retained for up to 24 months for cybersecurity, fraud prevention, and system integrity purposes.

5. Lawful Basis for Retention

We retain personal data under one or more of the following lawful bases:

  • Consent
  • Legitimate interests
  • Contractual necessity
  • Legal obligation
  • Protection against legal claims
  • Security and fraud prevention

Where consent is withdrawn, we will cease processing unless another lawful basis applies.

6. Data Deletion & Erasure Requests

Individuals may request deletion of their personal data by contacting us through the official contact method provided on the Website.

Upon receiving a valid request:

  1. Identity verification may be required.
  2. Data will be reviewed for legal or legitimate retention grounds.
  3. If no overriding legal basis exists, deletion will occur within a reasonable timeframe (typically within 30–45 days).

We reserve the right to retain certain information where:

  • Required by law
  • Necessary for legal claims or dispute resolution
  • Required for security, fraud detection, or compliance
  • Required to maintain records of consent withdrawal

7. Automatic Deletion & System Controls

The Nexus Newsletter System is secured with Two-Factor Authentication (2FA) and controlled access.

Only the Website Owner has full administrative authority over stored data. Assistants operate under limited access permissions.

Where feasible, technical and administrative measures are implemented to:

  • Prevent unauthorized access
  • Limit unnecessary retention
  • Allow secure deletion
  • Protect system integrity

8. Backup & Archival Data

Data may be stored in encrypted system backups for disaster recovery and security continuity purposes.

Backup data:

  • Is protected by security protocols
  • Is not actively processed
  • May not be immediately deleted from archived backups
  • Will be overwritten in accordance with standard backup lifecycle policies

9. Cross-Border Data Considerations

As our VPS server is located in Los Angeles, United States, personal data may be processed and stored in the United States.

By using this Website or submitting forms, users acknowledge and consent to such international data transfers in accordance with our International Data Transfer Statement.

10. Data Minimization Principle

We collect and retain only the data that is:

  • Adequate
  • Relevant
  • Necessary

for the intended purposes described in our policies.

We do not sell, rent, or trade personal data.

11. Legal Protection & Limitation of Liability

While we implement appropriate technical and organizational safeguards, no system can be guaranteed to be completely secure.

To the maximum extent permitted by applicable law:

  • We shall not be liable for data loss resulting from force majeure events, cyberattacks beyond reasonable control, or third-party service disruptions.
  • Retention decisions are made in good faith and based on legitimate business and legal requirements.

12. Policy Updates

We reserve the right to modify this Data Retention & Deletion Policy at any time.

Updates will be posted on this page with a revised “Last Updated” date. Continued use of the Website constitutes acceptance of the updated Policy.