Data retention policy
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data can be requested via our Data Privacy Officer.
Data archiving and removal policy
With Darktrace, all data is stored locally, whether in an organization’s cloud or on site at their offices. Data can be retained for
a maximum of 4 weeks, and by being stored on a rolling buffer, the data is automatically deleted as space requires. However,
storage length can be decreased, and the data viewed can be anonymized if required. This maximizes the control each company
has over its own data. If this data needs to be stored for longer, an organization can choose to export it.
Data storage policy
Your personal data is securely stored by Darktrace on the Darktrace servers located in Cambridge, United Kingdom. Darktrace has set up systems and processes to prevent unauthorized access or disclosure of your personal data. Slack data will remain local to each client with a Darktrace appliance.
As a global company, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. Darktrace places substantial importance on protecting the confidentiality of personal information and seeks the cooperation of all its suppliers in furthering this goal. Darktrace will only transfer personal information to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy. Where Darktrace has knowledge that a supplier is using or sharing personal information in a way that is contrary to this policy, Darktrace will take reasonable steps to prevent or stop such processing.
App/service has sub-processors