SmartED-i® Data Storage Policy

Secure, compliant data management for our platform

This Data Storage Policy outlines how SmartED-i® stores, manages, and protects data collected from our users and partners. We are committed to handling data responsibly, securely, and in compliance with applicable data protection laws.

1. Purpose

2. Types of Data Stored

We store the following types of data on our secure systems:

User Account Data

Name, email address, contact details, and login credentials (hashed/encrypted)

Organisation Data

Company name, registration details, department profiles, and platform usage settings

Platform Activity Data

Asset listings, audit logs, tracking records, item exchanges, and reuse actions

Uploaded Content

Photos, documents, floor plans, and metadata relating to equipment and materials

Communication Data

Messages exchanged between users, support requests, and system notifications

Payment Data

We do not store payment card data. Payments are handled by PCI-DSS compliant third-party providers.

3. Storage Location and Infrastructure

All data is stored on secure cloud servers located in the United Kingdom or the European Economic Area (EEA), using providers who comply with ISO 27001 or equivalent security standards.
Backups are encrypted and stored in geographically separate locations to ensure disaster recovery and business continuity.

All our data storage providers undergo rigorous security assessments and maintain industry-leading certifications.

4. Data Retention

We retain data only for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period
User and account data	Retained for the life of the account and for up to 6 years after closure (for compliance and audit)
Transaction records	Retained for a minimum of 6 years in line with HMRC and financial recordkeeping rules
System logs and metadata	Retained for up to 24 months to support analytics and service improvement
Uploaded files	Retained for as long as they are relevant to ongoing platform use or project history, unless otherwise requested

You may request deletion of certain data (see section 6, below).

5. Security Measures

SmartED-i® uses industry-standard security protocols to protect your data:

Encryption

All data in transit is encrypted using HTTPS/TLS
All stored data is encrypted at rest

Access Controls

Access to systems is role-based and monitored
Multi-factor authentication (MFA) is used where appropriate

Monitoring & Maintenance

Regular vulnerability assessments and patching
Continuous security monitoring
Annual penetration testing

6. User Rights and Requests

Under UK GDPR, users have rights over their personal data. These include:

The right to access the data we hold
The right to correct or update inaccurate data
The right to request deletion (subject to legal and contractual requirements)
The right to object to processing or request data portability

To exercise your rights, email us at: privacy@smarted-i.com

7. Third-Party Services

We may use trusted third-party services (such as analytics tools or integrations) that process data on our behalf.
All third parties are subject to data processing agreements and are required to comply with applicable data protection laws.

We do not sell or share user data with third parties for advertising purposes.

8. Policy Updates

This policy may be updated from time to time. Users will be notified of material changes. Continued use of the platform after updates constitutes acceptance of the revised policy.

9. Contact

For questions or concerns about how we store or process your data, please contact:

Data Protection Officer
GreenED Group Limited
Registered Address: Unit G, Stafford Park 15, Telford, Shropshire, TF3 3BB
Email: admin@greenedgroup.com