Link Search Menu Expand Document

DATA RETENTION AND BACKUP POLICY

Equiptal seeks to ensure that it retains only data necessary to effectively conduct its program activities and work in fulfilment of its mission, and to ensure that that data is protected from loss, corruption, or otherwise being tampered with. The need to retain data varies widely with the type of data and the purpose for which it was collected. Equiptal strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth Equiptal’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by Equiptal and stored on Equiptal owned or leased systems and media, regardless of location. It applies to both data collected and held electronically (including photographs, video and audio recordings) and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR). Reasons for Data Retention Equiptal retains only that data that is necessary to effectively conduct its program activities, fulfill its mission and comply with applicable laws and regulations. Reasons for data retention include:

  • Providing an ongoing service to the data subject (e.g. sending a newsletter, publication or ongoing program updates to an individual, ongoing training or participation in Equiptal’s programs, processing of employee payroll and other benefits)
  • Compliance with applicable laws and regulations associated with financial and programmatic reporting by Equiptal to its funding agencies and other donors
  • Compliance with applicable labor, tax and immigration laws
  • Other regulatory requirements
  • Security incident or other investigation
  • Intellectual property preservation
  • Platform Transactions and Operations
  • Litigation

Data Duplication

Equiptal seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in Equiptal’s possession, including duplicate copies of data.

Retention Requirements

Equiptal has set the following guidelines for retaining all personal or personally identifiable data

  • Platform and Operational data will be retained as long as the Contributor maintains an active account on Equiptal’s platform. Such data includes audit logs, messages, transactions, reports, telematics data, and user interaction. Payment Data will not be retained longer than is necessary to process a single transaction.
  • Personal data of users, subgrantees, subcontractors and vendors will be kept for the duration of their respective activity in Equiptal’s platforms.
  • Consultant (both paid and pro bono) data will be held for the duration of the consulting contract plus 7 years after the end of the consultancy.
  • Board member data will be held for the duration of service on the Board plus for 7 years after the end of the member’s term.
  • Employee data will be held for the duration of their employment at Equiptal plus for 5 years after the end of the member’s term.
  • Data associated with tax payments (including payroll, corporate and VAT) will be held for 7 years.

Data Destruction

Data destruction ensures that Equiptal manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, Equiptal will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his/her supervisor and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by Equiptal’s data protection offer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Data Backup

Data backup ensures that Equiptal guards any data it controls and processes in a safe and responsible manner. For the Duration of the retention period for the data as outlined above, Equiptal actively maintains replica sets of the data in a secure and encrypted warm-site away from the primary data store. This warm-site is backed into physical cold-storage mediums every 30 days, and stored in a safe location away from both the warm-site and the primary data store on encrypted media. Data on cold-storage mediums is kept for 90 days, after which that data is destroyed.