This policy describes organizational practices related to managing the lifecycle of customer data as it relates to privacy – that is, the retention and deleting of customer’s personal data. The content of the policy will vary depending on the applicable legal framework, which in turn will vary depending on factors such as industry and geography.
Data Retention Policy
Lanetix has standard retention policies or deletion rules for the processing that we provide to our customers. That policy states that, for the avoidance of doubt, Lanetix may retain a copy of all Client Data i) in its then current state and solely to the extent and for so long as required by applicable Law and ii) in its backups, archives, and disaster recovery systems until such Client Data is deleted in the ordinary course of business operations.
The scope of this policy does not apply to Lanetix (and its subsidiary’s) employee data, or the data that we receive directly through Lanetix’s publicly accessible websites. Lanetix processes data our customers enter into our products or instruct us to process on their behalf. Lanetix’s customers decide what to enter. Lanetix generally has no knowledge about what is being stored.
The archiving process for the Lanetix data and the length of time that the data will be retained is based on the terms described in the Master Subscription Agreement (MSA) that Lanetix signs with each customer.
Lanetix may be required to preserve data and personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Customer’s Data Retention Policy
Lanetix has a defined process for deleting our customer’s personal data in accordance with retention policies or rules where these are provided by our customer.
1. Our customer engages the Lanetix Professional Services team to delete our customer’s personal data in accordance with retention policies or rules.
2. Our customer engages the Lanetix Professional Services team for the development and of use a purpose-built Lanetix service or facility for deleting data.
Purging Customer Data
Lanetix has defined a process for ensuring that once the contractual relationship with our customer has terminated that all our customer’s personal data is purged from all our systems.
This process begins if and when our customer terminates the contractual relationship with Lanetix, or vice versa.
As part of this process, Lanetix will identify where, and notifying the customer about, any statutory or regulatory obligation we are subject to which require us to retain our customer’s personal data post termination of the contract.
1. Conclusion of Contractual Relationship - Once the contractual relationship with our customer has terminated, either receive or initiate a request that our customer’s personal data ought to be purged from Lanetix systems. Based on the circumstances, and using an empirical process, start a Data Purge project.
2. Statutory or Regulatory Requirements - Review any applicable statutory or regulatory requirements. Identify where, and notifying the customer about, any statutory or regulatory obligation we are subject to which require us to retain our customer’s personal data post termination of the contract.
3. Purge Data - Once authorized, a Lanetix Professional Services or Engineering team will purge the data of the customer.