Data retention policy
It is Genuity policy to limit data storage amount and retention time to that which is required for legal, regulatory, and business requirements. Furthermore, processes are to be in place for the secure disposal of data when no longer needed for legal, regulatory, and business requirements. This in turn mandates retention requirements to be in place and documented accordingly for all legal, regulatory, and business requirements. Additionally, an automatic or manually executed process is to be in place for identifying and securely removing data that exceeds the defined legal, regulatory, and business requirements.
Data archiving and removal policy
In accordance with Genuity's commitment to updated GDPR regulations, we can process personal data for archiving purposes beyond the stated retention period if doing so is in the public interest, or for historical, scientific, or statistical purposes. We ensure that archiving does not contravene the rights and freedoms of data subjects and that appropriate technical and organisational safeguards are in place, such as data minimisation, pseudonymisation, or encryption. The information Retention Policy oversees and documents the destruction of personal data in accordance with the Retention Schedule. The Information Security Policy & Procedures enforce a list of approved destruction methods.
Data storage policy
Genuity stores all customer data in accordance with GDPR regulations. All data storage is located in US based AWS data centers. Customer data that is stored includes:
- Files uploaded by customers to the Genuity platform
- Application generated messages and files
- Email messages and customer driven posts
- Indexed customer data
- Genuity data backup storage
App/service has sub-processors