Data Retention Policy - May 25th, 2018 In accordance with the GDPR as of May 25th, 2018. Recovery Emporium, Inc.DATA RETENTION POLICY
1.) Introduction
This Policy is intended to be used to strictly maintain a set of up-to-date and legitimate data that is accepted to be stored according to the GDPR Directive. The need to retain data varies widely with the type of data. Some data can be immediately deleted, and some must be retained until the reasonable potential for future need no longer exists. Since this can be somewhat subjective, a retention policy is important to ensure that the Recovery Emporium’s guidelines on retention are consistently applied throughout the organization. This policy is intended to protect the security and integrity of Recovery Emporium’s data and technology infrastructure. An international organization is defined by the GDPR as “an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries” (GDPR Article 4). The penalties for contravening the GDPR are significant and care must be taken by Recovery Emporium to ensure that we remain within the law at all times. This Policy should be considered in conjunction with other Personal Data Policy documents, such as the following: Amy M Hoffman, Data Protection Officer Recovery Emporium - 1-888-798-3496
2.) Scope, Purpose, and Users
3.) Policy Information
a.) Reasons for Data Retention• Litigation • Accident investigation • Security incident investigation • Regulatory requirements • Intellectual property preservation b.) Data DuplicationAs data storage increases in size and decreases in cost, companies often err on the side of storing data in several places on the network. A common example of this is where a single file may be stored on a local user's machine, on a central file server, and again on a backup system. When identifying and classifying the Recovery Emporium's data, it is important to also understand where that data may be stored, particularly for duplicate copies, so that this policy may be applied to all duplicates of the information.c.) Retention RequirementsThis section sets guidelines for retaining the different types of Recovery Emporium data.• Personal customer data: Personal data will be held for as long as the individual is a customer of the Recovery Emporium plus 6 years.• Personal employee data: General employee data will be held for the duration of employment and then for 6 year after the last day of contractual employment. Employee contracts will be held for 6 years after last day of contractual employment. • Tax payments will be held for six years. • Records of leave will be held for three years. • Recruitment details: Interview notes of unsuccessful applicants will be held for 1 year after interview. • Planning data: 7 years. |
Record name |
Storage location |
Person responsible for storage |
Controls for record protection |
Retention time |
Call lists & substitution |
Google drive of Data breach response team leader |
Data Breach response team leader |
Only authorized persons can edit the files |
Permanently |
Contact details |
Google drive of Data breach response team leader |
Data breach response team leader |
Only authorized persons can edit the files |
Permanently |
Documented decisions of the Data Breach Response Team |
Google drive of Data breach response team leader |
Data breach response team leader |
Only Data Breach Response Team leader can edit the files |
5 years |
Data breach notifications |
Google drive of Data breach response team leader |
[Data breach response team leader |
Only Data Breach Response Team leader can edit the files |
5 years |
Data Breach Register |
Google drive of Data breach response team leader |
Data Protection Officer |
Only Data Protection Officer can edit the files |
Permanently |
Data Collected |
Purpose |
Preferences |
To help us remember your settings and preferences, like your preferred language or the country you are in, so that we can provide you with a more personalized experience. |
Authentication and Security |
To log you into the Services; enable us to show you your account data; and help us keep your data and the Services safe and secure. |
Service Features and Performance |
To provide you with functionality and optimize the performance of the Services. |
Analytics and Research |
To help us understand how you are using the Services so that we can make them better, faster, and safer. |
Advertising |
To enable our partners to serve ads for our products and services; deliver relevant ads to people who may be interested in them on other services; measure the performance of ads; and opt you out of receiving interest-based ads if that is your choice. |
7.) To Opt-Out, Remove, or Modify Information Collected
How can you opt-out, remove or modify information you have provided to us? To modify your e-mail subscriptions, please let us know by modifying your preferences in the "My Account" section. Please note that due to email production schedules you may receive any emails already in production. To delete all of your online account information from our database, sign into the "My Account" section of our site and remove your shipping addresses, billing addresses & payment information. Please note that we may maintain information about an individual sales transaction in order to service that transaction and for record keeping.
8.) Third Party Links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).
9.) Changes to our Policy
If we decide to change our privacy policy, we will post those changes on this page. Policy changes will apply only to information collected after the date of the change.
This policy was last modified on August 6, 2017.
Please contact us for a copy of a previous policy. Ask for Data Protection Officer.
10.) Validity and Document Management
The owner of this document is the Data Protection Officer who must check and, if necessary, update the document at least once a year.
Data Protection Officer
Matthew James
05/25/2018