Data Retention Policy

Purpose

The purpose of this Data Retention Policy is to establish guidelines for the retention and destruction of company data in order to ensure compliance with legal requirements, protect sensitive information, and manage storage costs effectively.

Scope

This policy applies to all employees, contractors, and third parties who have access to company data in any format, including electronic, paper, or verbal communication.

Policy

This defines the default policy for FreightWise.  Where there are variations in individual products, they will be at least as restrictive as the default policy.  Any variances are spelled out for each product below.

  1. Data Classification: All data shall be classified into one of the following categories based on its sensitivity and regulatory requirements:
    1. Public – Information that may be freely disclosed to the public without any risk of harm to the company.
    2. Internal – Information that is used for the day-to-day operations of the company and should not be disclosed to external parties.
    3. Confidential – Information that is sensitive and should only be accessed by authorized personnel.
    4. Personal – Information that pertains to individuals’ personal data and must be protected in accordance with applicable data protection laws.
  2. Data Retention Periods:
    1. Public and Internal data should be retained for a minimum of one year before being reviewed for deletion.
    2. Confidential data should be retained for the duration required by law or company policy, and then securely destroyed.
    3. Personal data should be retained in accordance with applicable data protection laws.
  3. Data Storage and Backup: All data should be stored in secure and compliant systems with appropriate access controls. Data is stored in multiple regions and replicated frequently. Regular backups should be performed to ensure data integrity and availability in case of system failures or data breaches.
  4. Data Destruction: At the end of the retention period, data that is no longer required should be securely destroyed using approved methods, such as shredding for paper documents or secure deletion for electronic files.
  5. Legal and Regulatory Compliance: The company shall comply with all applicable laws, regulations, and guidelines related to data retention, privacy, and security. Legal requirements for data retention periods should be reviewed regularly and updated as necessary.
  6. Monitoring and Enforcement: The company’s Information Security Officer is responsible for overseeing compliance with this policy and ensuring that employees are aware of their obligations regarding data retention. Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.
  7. Training and Awareness: All employees, contractors, and third parties with access to company data should receive training on this policy and their responsibilities regarding data retention. Regular reminders and updates should be provided to ensure ongoing compliance.

FreightWise

  1. Data Retention Periods:
    1. Public and Internal data should be retained for a minimum of one year before being reviewed for deletion.
    2. Confidential data should be retained for the duration required by law or company policy, and then securely destroyed.
    3. Personal data should be retained in accordance with applicable data protection laws.
    4. Freight Bills are stored forever while being an active client of FreightWise, LLC or any of its affiliates.
    5. Client Invoices are stored forever.
    6. BOLs and Shipments that are transmitted to a carrier or marked as complete are stored forever.
    7. Rate Requests are stored for 90 days, after which they are discarded.
    8. System Access data and log data are maintained for security audit purposes.

Kuebix

  1. Data Retention Periods:
    1. Public and Internal data should be retained for a minimum of one year before being reviewed for deletion.
    2. Confidential data should be retained for the duration required by law or company policy, and then securely destroyed.
    3. Personal data should be retained in accordance with applicable data protection laws.
    4. Client data is stored for a period of 2 years unless otherwise agreed upon in advance.  Upon termination, whether due to non-payment or end of agreement, data may be destroyed at any time.
  2. Data Storage and Backup: All data should be stored in secure and compliant systems with appropriate access controls and managed by Salesforce's force.com platform.

0 Comments

Article is closed for comments.