Thank you, Mr. Chair.
For data that are not particularly useful, the retention period is a maximum of one year. That is for sure. Furthermore, when working with organizations that report incidents, we have agreements with them on how long we can retain their information.
If a product is created by a cybersecurity incident, we have to retain the information from that product as long as it's useful. As I said, if the product is useful, we retain the data. If the analysis is complete or the incident is over, we stop and destroy all the data related to the incident.