Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:document_retention

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:document_retention [2023/09/07 21:49]
katcow 		wiki:policies:document_retention [2023/12/18 14:19] (current)
katcow
Line 11: Line 11:
 Digital records include contracts, operating agreements, tax returns, emails, chats, voice messages, invoices, meeting notes, presentations, scanned documents submitted by employees or external sources, and social media posts. Digital records include contracts, operating agreements, tax returns, emails, chats, voice messages, invoices, meeting notes, presentations, scanned documents submitted by employees or external sources, and social media posts.
  
-Physical records may include contracts and completed tax forms.+Nested Knowledge does not process any physical documents except for checks and remittance notices. Nested Knowledge processes checks for existing enterprise customers. Checks and remittance notices are to be shredded 90 days after deposit. If document processing activities change, Nested Knowledge will revise this policy based upon the risk of the data contained in the new documents.
  
 ===== III. Policy ===== ===== III. Policy =====
  
-==== (A) Document Retention - Internal Company Documents ==== <font inherit/inherit;;inherit;;inherit font-weight: bold;>Tax Returns</font>+==== (A) Document Retention - Internal Company Documents ==== 
 + 
 +=== Tax Returns ===
  
 Nested Knowledge will keep tax-related records for at least **eight years,** or until acquired. Nested Knowledge will keep tax-related records for at least **eight years,** or until acquired.
Line 22: Line 24:
 Nested Knowledge will keep payroll records for** three years**, or until acquired. Nested Knowledge will keep payroll records for** three years**, or until acquired.
  
-** <font inherit/inherit;;inherit;;inherit>Ethical Conduct</font> **+**Ethical Conduct**
  
-Nested Knowledge will keep records demonstrating adherence to ethical Code of Conduct for seven years.+Nested Knowledge will keep records demonstrating adherence to Ethics Code of Conduct–including compliance with regulations for data protection, cybersecruity, anti-bribery, anti-corruption, intellectual property, and human rights– for seven years.
  
 === Retirement Plans === === Retirement Plans ===
Line 58: Line 60:
 |Restricted Use Data: Emails, Filesystems, and Support Applications|Information that Nested Knowledge has a contractual, legal, or regulatory obligation to safeguard stringently. This includes Personally Identifiable Information and Unencrypted data used to authenticate or authorize individuals|Restricted use data shall be retained for a period of** 3 years, **or as required by applicable contractual and regulatory requirements, whichever is longer.| | |Restricted Use Data: Emails, Filesystems, and Support Applications|Information that Nested Knowledge has a contractual, legal, or regulatory obligation to safeguard stringently. This includes Personally Identifiable Information and Unencrypted data used to authenticate or authorize individuals|Restricted use data shall be retained for a period of** 3 years, **or as required by applicable contractual and regulatory requirements, whichever is longer.| |
 |Restricted Use Data: Customer Personal Data|This includes personally identifiable information collected from Nested Knowledge customers. We collect name, email address, and (optionally) organization name from customers.|Personal data are stored in our production database, within a VPC. All communication with the database is encrypted and behind authorization. **Upon user action through the application initiating deletion of the user's account, all user data is hard deleted.** Database backups, which include customer personal data (names and email addresses), are retained for 60 days.|GDPR data retention rules require personal data that is collected or processed to be kept only for as long as data are required to achieve the purpose for which the information was collected, with the exception of data for scientific research.| |Restricted Use Data: Customer Personal Data|This includes personally identifiable information collected from Nested Knowledge customers. We collect name, email address, and (optionally) organization name from customers.|Personal data are stored in our production database, within a VPC. All communication with the database is encrypted and behind authorization. **Upon user action through the application initiating deletion of the user's account, all user data is hard deleted.** Database backups, which include customer personal data (names and email addresses), are retained for 60 days.|GDPR data retention rules require personal data that is collected or processed to be kept only for as long as data are required to achieve the purpose for which the information was collected, with the exception of data for scientific research.|
 +
 +==== Data Destruction ====
 +
 +Data records will be retained only as necessary for the performance of services, honoring of a contract, or legal obligations. Data that is no longer needed will be destroyed. As described in the [[:wiki:policies:infosec#backup_plan|Backup Policy]], we permanently delete user data 60 days after account deletion.
 +
 +Upon voluntary or involuntary termination, confidential data and personal data located on physical devices, such as employee laptops, must be deleted within 48 hours. Terminated Employees keep the computer after the computer has been** remotely wiped **using our Mobile Device Management platform, Mosyle. Mosyle's erase function acts when the device is on and connected to Wi-Fi. To ensure compliance, we do not grant severance pay until the laptop has been wiped.
 +
 +Nested Knowledge prohibits the use of removable media and paper for storing confidential or personal data. Employees and contractor may not print out documents contacting clients' confidential information.
  
 ==== Communication and Compliance ==== ==== Communication and Compliance ====
wiki/policies/document_retention.1694123354.txt.gz · Last modified: 2023/09/07 21:49 by katcow

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki