Selfbest Inc

United States

We retain your data/information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting, or reporting requirements. In general, the following table describes our retention policy for specific types of information. For any other information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information, and the applicable legal and regulatory requirements. In certain circumstances, we may be required to hold information for a period of time longer than is set forth herein, for example, due to a regulatory audit or investigation. Upon completion of such proceedings, we will destroy any applicable information that was retained for a period exceeding the period set forth below: 1) Your Personal Information (i.e., name, email address, phone number, IP address, user location, user passwords) a.Kept for a minimum of 2 years, or until expiration or termination of the relevant agreement, whichever is later. b.This period may be extended for a reasonable time afterwards as might be required: (1) to determine and settle any related obligations and/or claims under the agreements, and (2) for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any applicable legal, accounting, or reporting requirements. 2) Your Data in our Product (any data provided, uploaded, or submitted by/from you to the product in the course of using the product, and data processed, stored, and presented in the product as a derivative of the transmitted data for your use). a.Kept for a minimum of the duration of the relevant agreement plus the time specified in the agreement for data retention. b.If no retention period is stated in the relevant agreement, we will retain the data for a period of 30 days after the expiration or termination of the agreement. 3) Your Transactional Data (including addresses and phone numbers, usage history, rates, approved contractors/customers as applicable based on type of user, and your bank account information). a.Kept for a minimum of 6 years after the expiration or termination of the relevant agreement. 4) Data Rights Requests a.Kept for a minimum of 2 years and a maximum of 6 years after the applicable data rights request is fulfilled. 5) Customer Support Data a.Kept for 2 years after your customer account is deleted. 6) Marketing Data a.Kept for 2 years after your customer account is deleted if you have an account with us. b.Kept for 2 years after our last interaction with you if you do not have an account with us. 7) Analytics Data a.We do not limit the duration that we keep this information. 8) Anonymized Customer Data a.We do not limit the duration that we keep this information.

1. Purpose The purpose of this policy is to ensure retention of data is defined as per business requirement and protection of sensitive information of SelfBest by setting up requirements for data disposal to comply with various businesses, contractual and legal requirements of the organization. 2. Scope This policy applies to all sensitive information such as cardholder data, user data stored in all format i.e electronic (system / media) and physical paper documents of SelfBest 3. Policy The entire SelfBest records, either physical or digital, are subject to the retention requirements based on business, legal and regulatory requirements. The SelfBest requires that all removable storage media are clean (which means: it is not possible to read or re-constitute the information that was stored on the device or document) prior to disposal. Specifically: 3.1 No storage of sensitive authentication data i.e. CVV, CID, CAV2, CVV2, CVC2, PIN, PIN block and Track 1/2 data to be retained locally post authorization and under any circumstances except for issuing services with documented business justification 3.2 Each data item that is stored should be marked with the name of the record, the record type, the original owner of the data, the information classification, the required retention period with business need, and any special information (e.g. in relation to cryptographic keys). 3.3 The required retention periods, by record type, should be in compliance with business, legal and regulatory requirements. Secure deletion of cardholder data shall be performed when no longer needed for legal, regulatory, or business reasons. The records both physical and electronic should have secure storage location and offsite backups at physically secured location (if applicable) 3.4 A quarterly review (automated or manual) shall be performed for identifying and securely deleting stored cardholder data that exceeds defined retention requirements 3.5 The data records / media both physical and digital should be retrieved and reviewed at least annually for proper inventory or based on the criticality of the information of the records. 3.6 Data should be disposed using industry accepted secure disposal guidelines (to ensure deleted data is unrecoverable) as soon as the specified retention period completes it retention period. 3.7 Devices containing confidential information are dependent on a risk assessment physically destroyed prior to disposal and are never to be re-used. 3.8 Damaged devices containing sensitive information shall not be sent out to vendors for repair. All sensitive data on the asset shall be destroyed by means of low level formatting / degaussing prior or any other standard data deletion method. 3.9 Documents, CDs, etc containing confidential and restricted information which are to be destroyed are shredded by their owners, using a cross cut shredder. These shredders are located in the secure area and the containers are under lock and key. 3.10 Portable or removable storage media of any description are physically destroyed prior to disposal. 3.11 The data owner along with support from the custodian is responsible for destroying data once it has reached the end of the retention period. Destruction must be completed within 30 days of the planned retention period. Destruction is handled as follows: · Papers to be shredded. · CDs to be shredded. · Backup tapes to be burnt. · Sensitive data to be deleted through a program. 3.12 Procedure should be defined for authorization process which ensures that Sensitive authentication data (Track2, CVV and PIN) data must be removed after Post-authorization

1) Scope This policy applies to SelfBest employees, contractors, consultants, temporary workers and all other individuals storing, using or accessing SelfBest data and information, whether in electronic or hard copy formats. This policy applies to data storage activities that are on premises, as well as remotely managed using cloud-based or company-managed storage technology. 2) Purpose SelfBest purpose for data storage is to ensure that all data and information – in electronic or hard-copy form – needed by SelfBest in the performance of its work are stored in a secure repository when not in current use or when archived for future use, such that they are available when needed, are accessible and usable by SelfBest staff, and are maintained in secure, protected environments until they are retrieved for use, archived or destroyed. The focus of data storage management is to meet the legal requirements for record retention and privacy protection, optimize the use of space, minimize the cost of record retention, and destroy outdated records 3) Policy SelfBest requires that its data and information – whether in electronic or hard-copy formats – are stored in a secure manner and be managed so that the company: a. Meets legal standards for data storage, retrieval and protection b. Establishes procedures for data storage activities, delivers them to all employees, provides training on the policy as part of the new employee onboarding, provides refresher training as needed, and reviews and updates the procedures as needed c. Protects the data privacy of employees, customers and others as required by law d. Optimizes the use of primary data storage facilities to facilitate the timely and secure retrieval of data from storage when needed e. Establishes rules for the use of employee-owned storage devices and monitors that usage f. Addresses security issues associated with data storage on company-owned facilities and third-party managed storage services, as well as employee-owned storage devices, to minimize the potential for unauthorized access to company data and information g. Plans for and budgets for data storage technology, whether on site or remote h. Regularly reviews and adjusts its data storage facilities – both on site and remote – to promptly accommodate changes in storage requirements SelfBest may designate an employee to serve as data storage manager; this employee is most likely to be part of the IT department. SelfBest departments that generate data and information are responsible for establishing appropriate data storage requirements in coordination with the SelfBest data storage manager. 4) Confidentiality Requirement Some SelfBest data and information may contain nonpublic confidential data. Such data and information are protected by federal, state and local statutes. 5)Electronically Stored Information SelfBest depends on the use and availability of electronically stored information (ESI). The ease with which ESI may be created, the technology where ESI may be stored, and rules regarding the use of ESI in litigation all require that SelfBest manages its data storage activities efficiently and consistent with its legal obligations. Accordingly, all departments must include ESI in the development of their data storage requirements. 6) Non-Electronic Information Storage SelfBest stores important hard-copy documents in secure, fire-protected storage containers, whether located on site or in secure remote storage facilities. The point at which such information is to be placed into storage and the type of storage to be used are determined by the document's user(s), in collaboration with the data storage manager and/or records manager.

United States

On cloud

AWS

no

The user can directly delete his/her account from the platform and it will result the deletion of his details from the Slack app also. The user can verify it by adding the Slack app again and the app will send a welcome message again. And if user has lost the access to his account he/she can email info@self.best to delete all the details related to him/her.

no

no

yes

shreya@self.best

no

no

no

no