Legal Resources


RETENTION AND DISPOSAL OF PERSONAL DATA POLICY – Global EdgeUno Inc

Policies and Guidelines

Object

EdgeUno has the responsibility to ensure compliance with the applicable country legislations of Personal Data protection and their requirements relating to the processing, collection, storage, retrieval, and destruction of records of personal data and/or sensitive data. This policy complements, and does not replace, EdgeUno’s Privacy Policy in force.

EdgeUno keeps sets of Personal Data stored in accordance with contractual, regulatory, and other legal data bases applicable to the modalities of processing of Personal Data. It is important that these Records are protected from loss, destruction, forgery, unauthorized access, and unauthorized release. For this, a variety of controls are used, such as backups, access control, and encryption.

TEMPORALITY OF RECORD RETENTION

All Personal Data will be retained for the necessary term to fulfill the objective for which they were collected, for lawful, specific, and informed purposes. The storage time of the Records shall comply with the prescribed period provided by law, when applicable, and the best industry practices if there is no specific requirement by the Regulatory Authority.

 
Record Type Description of the Data Retention Period Discard Format
People
Hiring Information, Employees
Name, identification number, gender, date and place of birth, address, family data, bank details, salary. Up to 5 years after termination of the employment contract. Data is removed using industry best practices.
People
Information related to employee’s medical records required by law or for health insurance purposes and work safety information.
Name, identification number, gender, date and place of birth, address, health data from the employee and/or family. Up to 20 years after termination of the employment contract. Data is removed using industry best practices.
People
Candidates for open job positions
Name, identification number, date of birth, address, e-mail, gender, education information and previous occupations. Pre-interview disapproval: 30 days Post-interview disapproval: 1 year. Candidate Approval: up to 6 years after termination of the employment contract. Data is removed using industry best practices.
People
Payroll and Individual Employment Contract
Name, identification number, address, bank account and details, salary and labor duties and taxes, job functions. Payroll: Up to 10 years after termination of the employment contract. Individual Employment Contract: Up to 10 years after termination of the employment contract. Data is removed using industry best practices.
People
Contractors and/or Remote Hands
Name, identification number, gender, date and place of birth, address, bank account and details, salary. Up to 10 years after the end of the Consulting Agreement. Data is removed using industry best practices.
People
Leaves and Absenteeism information
Name, identification number, gender, date of birth, health information. Up to 20 years after termination of the employment contract. Data is removed using industry best practices.
Marketing
Website Leads
Email, location, IP Address, Company, Name. 2 years after the last activity or within 1 month after revocation of consent. Data is removed using industry best practices.
Marketing
Employees images
Name, position, image (photos and videos) for campaigns and posts on social networks of the company. For the duration of the employment contract or up to 1 month after the withdrawal of consent. Data is removed using industry best practices.
Marketing
Event Leads
Email, Location, Company, Name. For 2 years or up to 1 month after withdrawal of consent. Data is removed using industry best practices.
Legal Sales Procurement
Contracts of Customers, Suppliers and Partners
Name, identification number, telephone number, IP address, address and e-mail of legal representatives and witnesses. For 10 years after the end of the Contract. Data is removed using industry best practices.
Legal
Bylaws
Name, identification number, nationality, address, marital status, age, date of birth, place of birth of the legal representatives, shareholders, and directors of the Company. For the period of existence of the company and for the period required by law after this period. Data is removed using industry best practices.
Sales
Leads
Name, title, identification number, phone, email. 2 years after initial contact without response or without closed sale. Up to 10 years after the end of the employment contract. For up to one month after withdrawal of consent. Data is removed using industry best practices.
PMO Network
Personal Data used for the regular execution of Providers and Customers’ Contract.
Name, email and telephone number of representatives and technical contacts appointed by the Company’s Customers and/or Suppliers . For the duration of the Service Agreement. Data is removed using industry best practices.
Finance Payroll
Receipt, proof of salary payment and tax collection
Payroll personal information: name, job title, identification number, tax identification number, address, and banking information. Up to 10 years after the end of the employment/consultan t contract. Data is removed using industry best practices.
Security
Access to physical facilities
Biometric data Up to 1 month after the end of the employment/consultin g agreement. Data is removed using industry best practices.
Security
Video monitoring system
Video monitoring images/or video. Up to 2 months from the collection of images/videos. Data is removed using industry best practices.
Security
Access to company systems
Login, password, name, personal email, phone number. Up to 5 years after the end of the employment/consultan cy contract. Data is removed using industry best practices.
 

REFERENCES

The Personal Data Temporality Table described above is complemented by EdgeUno's Policies, Standards, and Internal Procedures, as well as applicable law and should be interpreted according to the referred documents.

 

CONTACT

To exercise the rights set forth above, the holders of personal data may send their requests to the email address dpo@edgeuno.com with documents that allow to confirm their identity, or other written document that meets the requirements of the relevant legislation. After sending a request in writing, the necessary processes will be carried out to ensure that the request is finalized as soon as possible and within a maximum of thirty (30) days.

In order to ensure the security of the data, EdgeUno may request information to determine whether the applicant is the holder of the personal data subject to the request. EdgeUno may also ask questions about the request to ensure that the request is completed in accordance with the purpose of the data subject's request. For all data processing purposes, EdgeUno has the figure of the Data Protection Officer to act as a communication channel between the company, data subjects and the Data Protection Authority.