Data Disposal Policy
Last updated on 2 May 2023
1.1 There are requirements for Rosterfy Pty Ltd, Rosterfy Ltd and Event Workforce Group (USA) Inc (together “us”, “we”, “our”), to retain data for a specified amount of time. This document provides guidance on appropriate storage, exportation and disposal of this data.
2.1 This document only covers data that we hold under the Software as a Service Agreement (the “Agreement”) we have entered into with you, our Customer. It applies to both personal data and non-personal data, which includes “Your Content” and “Customer Personal Data” as defined in the Agreement. In this policy we refer to this information collectively as "Data". This policy applies to our obligations under applicable data protection legislation and the Agreement.
3.1 Through this document, we aim to meet the following commitments:
to comply with legal and regulatory requirements.
to comply with our obligations as a data processor.
to comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed.
to store and dispose of Data responsibly and securely.
to allocate appropriate resources, roles and responsibilities to Data retention, exploration and disposal.
to regularly remind employees of their responsibilities.
to regularly monitor and audit compliance with this policy and update this policy when required.
4. Retention Periods
4.1 We will store the Data for the duration of the Agreement.
4.2 Where we store personal data, this is done as our role as a data processor.
4.3 Upon termination or expiry of the Agreement, for whatever reason, you shall have one hundred and eighty days (180) days to request:
(a) an export of Customer Personal Data; and/or
(b) an export of Your Content,
after which period we shall destroy all Customer Personal Data and/or Your Content in our possession in line with our documented processes, see 5.3 below (unless we are required to retain such Data under applicable laws).
4.4 Your request to export Customer Personal Data and/or Your Content should be made in writing to firstname.lastname@example.org.
5. Storage, Exportation and Disposal of Data
5.1 Storage. The Data is stored in a safe, secure, and accessible manner.
5.2 Exportation. After receiving a request to export the Data, we will schedule a time to create an impact assessment, detailing that the Data that should be exported and subsequently deleted, and provide these statistics for independent verification. The CTO, and a Lead Developer will both independently verify that these statistics are correct, before instructing a nominated individual that a data export is to be completed. The Data will be provided to the Customer in an encrypted format. Once the Data has been exported to the Customer, the Data will be deleted in line with 5.3 below.
5.3 Disposal. If we do not receive a request to export the Data within one hundred and eighty days (180) days from the date of termination or expiration of the Agreement, we shall schedule the Data to be deleted.
Our team will schedule a time to create an impact assessment, detailing the Data that should be deleted, and provide these statistics for independent verification. The CTO, and a Lead Developer will both independently verify that these statistics are correct, before instructing a nominated individual to delete the Data, regularly testing and ensuring that the number of records deleted matches statistics originally recorded.
Once the Data has been removed from the platform, it will remain part of our automated backup process for no more than 30 (thirty) days dependent on contractual obligations.
Once this period has passed, we will upon your written request, prepare a certificate confirming the deletion of the Data.
6. Updates to this Policy
6.1 This policy may be updated by us at time to time. Please check this page to inform yourself of any changes.