Applies To: All Bizoso Consulta employees, systems, and partners handling digital records or client communications.
Effective Date: May 27, 2025
Policy Owner: Bizoso Consulta Pakistan
Contact: karachi@bizoso.ca | +92-21-3264-0293
1. Introduction & Purpose
Bizoso Consulta is dedicated to ensuring the lawful, secure, and transparent handling of personal and business data. This Data Retention Policy outlines how we collect, retain, store, protect, and securely dispose of client data. The policy ensures compliance with:
-
Pakistani laws including PECA 2016 (Pakistan Electronic Crimes Act), the QSO 1984 (Qanun-e-Shahadat Order), and applicable data directives;
-
International standards including PIPEDA (Canada) and GDPR (where applicable).
Our commitment extends to protecting clients from data misuse and safeguarding Bizoso Consulta from civil or regulatory liabilities.
2. Scope of Application
This policy applies to:
-
All employees, contractors, consultants, and agents of Bizoso Consulta;
-
All platforms and mediums through which client data is collected (mobile apps, website, email, paper forms, etc.);
-
All types of client data, including but not limited to:
-
Personally Identifiable Information (PII)
-
Financial and transaction records
-
Application forms, travel records, documents
-
Communication history and support tickets
-
Copies of identification or legal documentation
-
3. Categories of Data & Retention Periods
| Data Type | Examples | Retention Duration | Justification |
|---|---|---|---|
| Personal Information | Full name, CNIC, passport, contact details | 5 years from the end of the client relationship | To allow for legal inquiries, repeat applications, or audits |
| Application Documents | Visa forms, travel records, proof of funds, affidavits | 7 years | Required by law in case of fraud investigations or immigration authority follow-ups |
| Financial Records | Invoices, receipts, bank details | 7 years | In accordance with FBR and international tax compliance standards |
| Communication History | Emails, messages, client support records | 3 years | For dispute resolution, record-keeping, or complaint handling |
| Marketing Consent Data | Newsletter sign-ups, ad interactions | 2 years or until opt-out | Consent tracking and business intelligence |
| Deleted or Withdrawn Client Data | Removed upon request | Deleted within 30 days unless legal retention applies | PECA compliance and client privacy rights |
Note: If required under a legal, judicial, or national security obligation (e.g., FIA, Cyber Crime Wing, Immigration authorities), data may be retained longer than specified.
4. Secure Storage & Protection of Data
All data is stored using robust security practices, including:
-
Encryption: End-to-end encryption in transit (HTTPS) and at rest (AES-256).
-
Access Controls: Role-based access; only authorized personnel can view/edit sensitive records.
-
Physical Storage: If paper documents are used, they are stored in locked and access-controlled environments.
-
Cloud & Local Servers: Data hosted on secure servers compliant with Canadian and Pakistani privacy laws.
Regular security audits, penetration tests, and staff training are conducted to ensure full data integrity and prevent unauthorized disclosures.
5. Data Deletion & Disposal
Upon expiration of the retention period, data is destroyed as follows:
-
Digital Records: Permanently erased using secure deletion software (DoD 5220.22-M standards).
-
Physical Records: Shredded or incinerated under supervision or by certified disposal partners.
-
Client Request-Based Deletion: Processed within 30 days after identity verification, unless prohibited by ongoing legal obligations.
6. Client Rights & Data Control
Clients have the following rights concerning their personal data:
-
Access: Request a copy of the data held about them.
-
Correction: Request rectification of incorrect or outdated data.
-
Deletion: Request erasure of their data, subject to legal exceptions.
-
Data Portability: Request their data in a machine-readable format for transfer to another provider.
-
Objection: Withdraw consent for processing or object to specific uses.
Requests must be submitted to: 📧 karachi@bizoso.ca 📞 +92-21-3264-0293
7. Compliance with Pakistani Law & Legal Protections
Bizoso Consulta affirms its compliance with:
-
PECA 2016 – Protection against unauthorized access, misuse, and cyber offenses.
-
QSO 1984 – Admissibility and chain of custody for data in legal matters.
-
FBR tax requirements – Accurate and complete record-keeping for 7 years.
-
Immigration Agency Oversight – Retention of supporting documents for visa matters upon government or embassy inquiries.
In the event of any civil investigation, audit, or court matter in Pakistan, this policy and Bizoso’s controlled handling of records will serve as proof of due diligence and compliance, protecting the company from data mishandling penalties.
8. Policy Review & Amendments
This policy will be reviewed annually or earlier if there are changes in legal requirements, operational practices, or industry standards.
Any major updates will be published on our website and emailed to active clients.
9. Acknowledgment & Acceptance
By using Bizoso Consulta’s services, clients agree to the terms of this Data Retention Policy. Clients are encouraged to contact us for any clarifications or to exercise their rights.