Purpose and Scope
This Data Retention and Disposal Policy addresses how a customer’s data is retained and disposed of and to ensure this is carried out in a consistent manner. From time to time, Planet B2B may update this policy. This policy is guided by security requirements specific to Planet B2B including compliance with applicable laws and regulations.
This policy applies to all Planet B2B assets utilized by personnel acting on behalf of Planet B2B or accessing its applications, infrastructure, systems, or data. All personnel are required to read, accept, and follow all Planet B2B policies and plans.
The time period for which Planet B2B must retain customer data depends on the purpose for which it is used. Planet B2B must retain customer data for as long as an account is active or in accordance with the agreement(s) between Planet B2B and the customer, unless Planet B2B is required by law or regulation to dispose of data earlier or retain data longer.
Planet B2B must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Planet B2B. Planet B2B may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. Planet B2B hosting and service providers are responsible for ensuring the removal of data from disks allocated to Planet B2B use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Planet B2B employees should have access to delete customer data.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device re-issuance in accordance with NIST Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1).
Planet B2B business needs, local situations, laws and regulations may occasionally call for an exception to this policy or any other Planet B2B policy. If an exception is needed, Planet B2B management will determine an acceptable alternative approach.
Any violation of this policy or any other Planet B2B policy or procedure may result in disciplinary action, up to and including termination of employment. Planet B2B reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Planet B2B does not consider conduct in violation of this policy to be within an employee’s or contractor’s course and scope of work.
Any employee or contractor who is requested to undertake an activity that he or she believes is in violation of this policy must provide a written or verbal complaint to his or her manager or any other manager of Planet B2B as soon as possible.
The disciplinary process should also be used as a deterrent to prevent employees and contractors from violating organizational security policies and procedures, and any other security breaches.
Responsibility, Review, and Audit
Planet B2B reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually.
This document is maintained by CTO.
This document was last updated on 12/19/2021.