Neusort Data Retention Policy

1. Purpose

The purpose of this Data Retention Policy is to ensure that Neusort manages its data in a way that complies with applicable legal and regulatory requirements, reduces risk, and ensures that data is available when needed.

2. Scope

This policy applies to all data collected, processed, stored, and disposed of by Neusort, including electronic and paper records.

3. Definitions

  • Data: All information, in any form, that is created or received by Neusort.
  • Retention Period: The length of time data must be kept before it is eligible for destruction.
  • Destruction: The process of permanently deleting or destroying data.

4. Data Classification

Data shall be classified into the following categories:

  • Confidential: Data that must be protected from unauthorized access and disclosure.
  • Internal: Data intended for internal use only.
  • Public: Data that can be freely disclosed to the public.

5. Retention Periods

Different types of data have different retention periods based on legal, regulatory, and business requirements. The following are the standard retention periods for various data categories:

  • Financial Records: 7 years
  • Employee Records: 6 years after termination
  • Customer Data: 6 months after the end of the customer relationship
  • Contracts and Agreements: 3 years after expiration
  • Email Correspondence: 2 years
  • Marketing Data: 3 years

6. Data Storage

All data must be stored securely to prevent unauthorized access, alteration, or destruction. Access to data should be restricted based on the classification of the data.

7. Data Destruction

Once the retention period for data has expired, the data must be securely destroyed. The following methods should be used:

  • Electronic Data: Permanently deleted using data-wiping software.
  • Paper Records: Shredded or incinerated.

8. Exceptions

Any exceptions to this policy must be documented and approved by Brij Vaid.

9. Roles and Responsibilities

  • CTO: Oversees the implementation of this policy and ensures compliance.
  • Department Heads: Ensure that their teams comply with the policy.
  • Employees: Responsible for managing data in accordance with this policy.

10. Compliance

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.

11. Review and Update

This policy shall be reviewed annually and updated as necessary to reflect changes in legal, regulatory, and business requirements.

Effective Date: 9 April 2024

Review Date: 6 August 2024