Legal Resources

RETENTION AND DISPOSAL OF PERSONAL DATA POLICY – Global EdgeUno Inc

Policies and Guidelines

Object

EdgeUno has the responsibility to ensure compliance with the applicable country legislations of Personal Data protection and their requirements relating to the processing, collection, storage, retrieval, and destruction of records of personal data and/or sensitive data. This policy complements, and does not replace, EdgeUno’s Privacy Policy in force.

EdgeUno keeps sets of Personal Data stored in accordance with contractual, regulatory, and other legal data bases applicable to the modalities of processing of Personal Data. It is important that these Records are protected from loss, destruction, forgery, unauthorized access, and unauthorized release. For this, a variety of controls are used, such as backups, access control, and encryption.

TEMPORALITY OF RECORD RETENTION

All Personal Data will be retained for the necessary term to fulfill the objective for which they were collected, for lawful, specific, and informed purposes. The storage time of the Records shall comply with the prescribed period provided by law, when applicable, and the best industry practices if there is no specific requirement by the Regulatory Authority.

Record Type	Description of the Data	Retention Period	Discard Format
People Hiring Information, Employees	Name, identification number, gender, date and place of birth, address, family data, bank details, salary.	Up to 5 years after termination of the employment contract.	Data is removed using industry best practices.
People Information related to employee’s medical records required by law or for health insurance purposes and work safety information.	Name, identification number, gender, date and place of birth, address, health data from the employee and/or family.	Up to 20 years after termination of the employment contract.	Data is removed using industry best practices.
People Candidates for open job positions	Name, identification number, date of birth, address, e-mail, gender, education information and previous occupations.	Pre-interview disapproval: 30 days Post-interview disapproval: 1 year. Candidate Approval: up to 6 years after termination of the employment contract.	Data is removed using industry best practices.
People Payroll and Individual Employment Contract	Name, identification number, address, bank account and details, salary and labor duties and taxes, job functions.	Payroll: Up to 10 years after termination of the employment contract. Individual Employment Contract: Up to 10 years after termination of the employment contract.	Data is removed using industry best practices.
People Contractors and/or Remote Hands	Name, identification number, gender, date and place of birth, address, bank account and details, salary.	Up to 10 years after the end of the Consulting Agreement.	Data is removed using industry best practices.
People Leaves and Absenteeism information	Name, identification number, gender, date of birth, health information.	Up to 20 years after termination of the employment contract.	Data is removed using industry best practices.
Marketing Website Leads	Email, location, IP Address, Company, Name.	2 years after the last activity or within 1 month after revocation of consent.	Data is removed using industry best practices.
Marketing Employees images	Name, position, image (photos and videos) for campaigns and posts on social networks of the company.	For the duration of the employment contract or up to 1 month after the withdrawal of consent.	Data is removed using industry best practices.
Marketing Event Leads	Email, Location, Company, Name.	For 2 years or up to 1 month after withdrawal of consent.	Data is removed using industry best practices.
Legal Sales Procurement Contracts of Customers, Suppliers and Partners	Name, identification number, telephone number, IP address, address and e-mail of legal representatives and witnesses.	For 10 years after the end of the Contract.	Data is removed using industry best practices.
Legal Bylaws	Name, identification number, nationality, address, marital status, age, date of birth, place of birth of the legal representatives, shareholders, and directors of the Company.	For the period of existence of the company and for the period required by law after this period.	Data is removed using industry best practices.
Sales Leads	Name, title, identification number, phone, email.	2 years after initial contact without response or without closed sale. Up to 10 years after the end of the employment contract. For up to one month after withdrawal of consent.	Data is removed using industry best practices.
PMO Network Personal Data used for the regular execution of Providers and Customers’ Contract.	Name, email and telephone number of representatives and technical contacts appointed by the Company’s Customers and/or Suppliers .	For the duration of the Service Agreement.	Data is removed using industry best practices.
Finance Payroll Receipt, proof of salary payment and tax collection	Payroll personal information: name, job title, identification number, tax identification number, address, and banking information.	Up to 10 years after the end of the employment/consultan t contract.	Data is removed using industry best practices.
Security Access to physical facilities	Biometric data	Up to 1 month after the end of the employment/consultin g agreement.	Data is removed using industry best practices.
Security Video monitoring system	Video monitoring images/or video.	Up to 2 months from the collection of images/videos.	Data is removed using industry best practices.
Security Access to company systems	Login, password, name, personal email, phone number.	Up to 5 years after the end of the employment/consultan cy contract.	Data is removed using industry best practices.

REFERENCES

The Personal Data Temporality Table described above is complemented by EdgeUno’s Policies, Standards, and Internal Procedures, as well as applicable law and should be interpreted according to the referred documents.

CONTACT

To exercise the rights set forth above, the holders of personal data may send their requests to the email address dpo@edgeuno.com with documents that allow to confirm their identity, or other written document that meets the requirements of the relevant legislation. After sending a request in writing, the necessary processes will be carried out to ensure that the request is finalized as soon as possible and within a maximum of thirty (30) days.

In order to ensure the security of the data, EdgeUno may request information to determine whether the applicant is the holder of the personal data subject to the request. EdgeUno may also ask questions about the request to ensure that the request is completed in accordance with the purpose of the data subject’s request. For all data processing purposes, EdgeUno has the figure of the Data Protection Officer to act as a communication channel between the company, data subjects and the Data Protection Authority.