This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
wiki:policies:document_retention [2023/06/15 21:21] kevinkallmes [(B) Data Retention by Data Class] |
wiki:policies:document_retention [2023/12/18 14:16] katcow |
||
---|---|---|---|
Line 11: | Line 11: | ||
Digital records include contracts, operating agreements, tax returns, emails, chats, voice messages, invoices, meeting notes, presentations, | Digital records include contracts, operating agreements, tax returns, emails, chats, voice messages, invoices, meeting notes, presentations, | ||
- | Physical records may include | + | Nested Knowledge does not process any physical documents, such as contracts and tax forms, with the exception of checks and remittance notices. Nested Knowledge processes checks for existing enterprise customers. Checks and remittance notices are to be shredded 90 days after deposit. |
===== III. Policy ===== | ===== III. Policy ===== | ||
Line 23: | Line 23: | ||
Nested Knowledge will keep payroll records for** three years**, or until acquired. | Nested Knowledge will keep payroll records for** three years**, or until acquired. | ||
+ | |||
+ | **Ethical Conduct** | ||
+ | |||
+ | Nested Knowledge will keep records demonstrating adherence to Ethics Code of Conduct–including compliance with regulations for data protection, cybersecruity, | ||
+ | |||
=== Retirement Plans === | === Retirement Plans === | ||
Line 52: | Line 57: | ||
|Public Data|Data that may be disclosed to anyone, regardless of their affiliation with Nested Knowledge.|Public data will be reviewed at least annually for relevance and accuracy and may be deleted at will.|No specific retention period is mandated.| | |Public Data|Data that may be disclosed to anyone, regardless of their affiliation with Nested Knowledge.|Public data will be reviewed at least annually for relevance and accuracy and may be deleted at will.|No specific retention period is mandated.| | ||
|Internal Company Data|Potentially sensitive information not intended for public sharing.|Internal data shall be retained according the guidance in Part A of this policy.|Internal documents may be subject to requirements from ERISA, HIPAA, and the Internal Revenue Code.| | |Internal Company Data|Potentially sensitive information not intended for public sharing.|Internal data shall be retained according the guidance in Part A of this policy.|Internal documents may be subject to requirements from ERISA, HIPAA, and the Internal Revenue Code.| | ||
- | |Confidential Data|Information that, if made available to unauthorized parties, may adversely affect individuals, | + | |Confidential Data|Information that, if made available to unauthorized parties, may adversely affect individuals, |
|Restricted Use Data: Emails, Filesystems, | |Restricted Use Data: Emails, Filesystems, | ||
- | |Restricted Use Data: Customer Personal Data|This includes personally identifiable information collected from Nested Knowledge customers. We collect name, email address, and (optionally) organization name from customers. |Personal data are stored in our production database, within a VPC. All communication with the database is encrypted and behind authorization. **Upon user action through the application initiating deletion of the user's account, all user data is hard deleted.** Database backups, which include customer personal data (names and email addresses), are retained for 60 days.|GDPR data retention rules require personal data that is collected or processed to be kept only for as long as data are required to achieve the purpose for which the information was collected, with the exception of data for scientific research.| | + | |Restricted Use Data: Customer Personal Data|This includes personally identifiable information collected from Nested Knowledge customers. We collect name, email address, and (optionally) organization name from customers.|Personal data are stored in our production database, within a VPC. All communication with the database is encrypted and behind authorization. **Upon user action through the application initiating deletion of the user's account, all user data is hard deleted.** Database backups, which include customer personal data (names and email addresses), are retained for 60 days.|GDPR data retention rules require personal data that is collected or processed to be kept only for as long as data are required to achieve the purpose for which the information was collected, with the exception of data for scientific research.| |
+ | |||
+ | ==== Data Destruction ==== | ||
+ | |||
+ | Data records will be retained only as necessary for the performance of services, honoring of a contract, or legal obligations. Data that is no longer needed will be destroyed. As described in the [[: | ||
+ | |||
+ | Upon voluntary or involuntary termination, | ||
+ | |||
+ | Nested Knowledge prohibits the use of removable media and paper for storing confidential or personal data. Employees and contractor may not print out documents contacting clients' | ||
==== Communication and Compliance ==== | ==== Communication and Compliance ==== |