Data Retention Policy

UnHerd seeks to ensure that it retains only data necessary to effectively conduct its program activities and work in fulfilment of its mission.
The need to retain data varies widely with the type of data and the purpose for which it was collected. UnHerd strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth UnHerd’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by UnHerd and stored on UnHerd owned or leased systems and media, regardless of location. It applies to both data collected and held electronically and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by law and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention

UnHerd retains only that data that is necessary to effectively conduct its program activities, fulfil mission and comply with applicable laws and regulations.
Reasons for data retention include:
• Providing an ongoing service to the data subject (e.g. sending a newsletter, publication or ongoing program updates to an individual, ongoing training or participation in UnHerd’s programs, processing of employee payroll and other benefits)
• Compliance with applicable laws and regulations associated with financial and programmatic reporting by UnHerd to its funding agencies and other donors
• Compliance with applicable labour, tax and immigration laws
• Other regulatory requirements
• Security incident or other investigation
• Intellectual property preservation
• Litigation

Data Duplication

UnHerd seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in UnHerd’s possession, including duplicate copies of data.

Retention Requirements

UnHerd has set the following guidelines for retaining all personal data as defined in the Institute’s data privacy policy.

• Website visitor data will be retained as long as necessary to provide the service requested/initiated through the UnHerd website.
• Event participant data will be retained for the period of the event, including any follow up activities, such as the distribution of reports, plus a period of 12 months.
• Program participant data (including sign in sheets) will be retained for the duration of the grant agreement that financed the program plus any additional time required under the terms of the grant agreement.
• Recruitment data, including interview notes of unsuccessful applicants, will be held for 12 months after the closing of the position recruitment process.

Data Destruction

Data destruction ensures that UnHerd manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, UnHerd will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his/her supervisor and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by UnHerd’s data protection offer.