Data Retention and Disposal Policy

Purpose

The purpose of this policy is to establish requirements surrounding the retention and eventual disposal of data, in order to ensure confidentiality of sensitive Zuar and customer information.

Scope

This policy applies to all data in systems classified as Customer Confidential.

Ownership

Engineering is responsible for implementing and maintaining this policy.

Policy Statement

Data Retention

Retention periods for customer data are specified in the company's Data Retention Procedure and adhere to compliance, regulatory, contractual, and organizational requirements.

As per Zuar's Data Classification Policy, data and systems are classified based on sensitivity and risk to the business. Systems and data are assigned owners who govern access and maintain safeguards designed to keep data confidential.

Each data owner establishes data retention schedules for information assets owned by them. Retention schedules adhere to any compliance, legal, contractual, and business requirements. Any conflict between these requirements are resolved by legal counsel and business leadership.

Data Disposal

Customer data is securely disposed of after its retention period passes, and any retained data is sanitized and anonymized.

Zuar maintains a Data Disposal Procedure which outlines the steps taken after a customer's contract or agreement has expired, or after the data's retention period has elapsed. In some situations, depending on the agreed-upon terms, data may be retained by Zuar for a period of time.

In all cases, data deletion is performed securely, such that the data cannot be recovered.

The specific deletion method may vary based on the storage medium used. Each data owner ensures that disposal methods adhere to any compliance, legal, contractual, and business requirements.

  • Data Disposal
  • Data Retention