RETENTION NOTICE

Last updated May 21, 2026

This notice explains GPR Business Services' retention approach for website, customer, platform, support, and provider-connected data. It does not state that all retention is automated. Where tooling is not available, retention and deletion may be handled manually or through available service tools.

1. Retention principle

GPR retains personal data only for as long as needed for the purpose for which it was collected or processed, unless a longer period is required or permitted for legal, tax, accounting, audit, security, fraud prevention, dispute resolution, backup, provider compliance, service continuity, or contractual purposes.

2. Customer-controlled data

Where GPR processes personal data on behalf of a customer, retention is handled according to the customer agreement, customer instructions, service configuration, applicable law, and available service tools. Requests for deletion or return may be submitted to contact@gpr.sa.

3. Operational and audit records

GPR may retain operational records such as logs, audit events, request records, provider status records, security records, billing records, support records, and incident records where needed for service integrity, security, compliance, legal, accounting, dispute, or audit purposes.

4. Backups and provider systems

Deletion from active systems may not immediately delete data from backups, archives, logs, or third-party provider systems. Such data may remain until overwritten, expired, or deleted according to the applicable backup, provider, or operational process.

5. Contact

Retention and deletion questions may be sent to contact@gpr.sa.