Data retention policy
Rolling 13-month retention period, then deleted within 90 days upon agreement termination or expiration, or upon customer request.
Personal Data and Affiliated Files shall only be retained as long as is necessary for each specific purpose for which it was collected.
Personal Data and Affiliated Files shall be kept up-to-date and accurate.
Accurate and up-to-date the records of Data Processing activities (“Asset Register”) shall be maintained.
The protection of Personal Data and Affiliated Files, in terms of their confidentiality, integrity, and availability, shall be in accordance with their sensitivity and relevant business objectives and requirements (and in accordance with Contentsquare’s legal obligations).
Personal Data and Affiliated Files shall be retained in accordance with applicable laws and regulations, regulatory guidelines and recommendations, industry standards and agreements with our employees, customers, service providers and partners.
Please see the following URL for more information: security.contentsquare.com
Data archiving and removal policy
Personal Data and Affiliated Files shall be archived in accordance with data categories.
An archiving period different to this period may be granted by exception.
All archived Personal Data and Affiliated Files shall be encrypted or kept under lock and key and continuously safeguarded to avoid data breaches.
Electronic Personal Data and Affiliated Files shall be archived in accordance with a specific policy - Access Management Policy and in a format which is appropriate to secure the confidentiality, integrity and accessibility of Personal Data and Affiliated Files.
After the archival period has expired, Personal Data and Affiliated Files shall be destroyed.
If archival is outsourced, the vendor shall first be assessed to ensure they comply with our Data Protection and Security Standards and appropriate Data Processing Agreement shall be implemented.
Any document relating to security and privacy, including policies and processes (“Documentation”) will be kept until the Expiration Date. Once the Expiration Date has been reached, Documentation will be archived for a minimum of 5 years.
Published ISMS and PIMS Policies are to be kept for the same amount of time. Working versions are living documents and can be changing anytime and can be deleted if the policy is dropped in favor of another one.
Please see the following URL for more information: security.contentsquare.com
Data storage policy
Data are stored in either Microsoft Azure or AWS data centers with a dedicated back-up.
Please see the following URL for more information: security.contentsquare.com
App/service has sub-processors
yes
Guidelines for sub-processors