Document Retention and Destruction Policy
This Retention and Destruction Policy (Policy) provides for the systematic review, retention and destruction of documents received, modified or created by GC Ventures SAS in connection with the transaction of GC Research business in a B2C and B2B schemes. This Policy covers all records and documents, regardless of physical form (including electronic documents), contains guidelines for how long certain documents should be kept and how records should be destroyed. The Policy is designed to ensure compliance with the Colombian Law.
II. Data Retention B2C / B2B
We shall not keep personal data for any longer than is necessary for the purposes which that personal data was originally collected, held, updated and/or processed.
When establishing and reviewing retention periods, we take into account the type of data and the purpose(s) for which it is collected, held, modified and processed. Different types of personal and business data, used for different purposes, will be retained for different periods, as set out below. Documents that are not listed but are substantially similar to those listed in the schedule will be retained for the appropriate length of time.
Client-provided customer records (typically including name, contact information and transaction details)
|Provided by clients with the purpose of contacting relevant customers to take part in market research
4 weeks after completion of project
Respondent profile details (typically including name, contact information, demographics such as age and gender)
|To ensure respondent profile fits purpose of the research, and to allow tailoring of questions to respondent
||3 months after completion of project
|Static, video and audio recordings that include personally identifiable information
||To support analysis of the research
12 months after completion of project
Static, video and audio recordings that include personally identifiable information
|Use as part of a presentation, report or edited video (e.g. to bring the findings to life, or share with client)
12 months after completion of project – unless otherwise agreed
Consumer-provided photos, videos and audio files that include personally identifiable information
|To support analysis of the research
||12 months after completion of project
|Consumer provided photos, videos and audio files (anonymized)
||Use as part of a presentation, report or edited video (e.g. to bring the findings to life, or share with client)
Indefinitely held by client
Banking information (e.g. account number, sort-code)
|To pay incentives for taking part in market research
||Immediately after payment is made
|Personal information about prospective employees or independent contractos (e.g. CVs, demographic information, etc.)
||As part of the interviewing process
6 months after application is rejected
Personal information about employees (e.g. CV, demographic information, payroll details, etc.)
|As a standard part of the employment process
5 years after termination of employment
Data subjects will not be notified if data is deleted before the retention period ends.
In limited circumstances, it may also be necessary to retain personal data for longer periods, including for archiving purposes that are in the public interest, for scientific or historical research purposes, or for statistical purposes.
According to Law 1581 of the year 2012, under the right to erasure (or “right to be forgotten”), data subjects have the right to have their personal data erased (and to prevent the processing of that personal data) when:
- Personal data is no longer required for the purpose for which it was originally collected and processed;
- They withdraw their consent;
- They object to the processing of their personal data, and we have no overriding legitimate interest;
- Personal data is processed unlawfully
- Personal data must be erased to comply with a legal obligation.
IV. Data disposal
Upon the expiry of the data retention periods set out below, or when a data subject exercises their right to have their personal data erased, personal data shall be deleted, destroyed or otherwise disposed of as follows:
- Personal data stored electronically shall be deleted, including all backups (both physical and held in the Cloud).
- Personal data stored in hard copy form shall be shredded and recycled.
- All third-party data processors (such as fieldwork partners), who process personal data on our behalf, or third-party data users (such as our end clients) will be prompted to delete all personal data and special category personal data as above. We will request written confirmation in all cases.
Electronic Documents and Records
Electronic documents will be retained as if they were paper documents. Therefore, any electronic files that fall into one of the document types on the above schedule will be maintained for the appropriate amount of time.
V. Emergency Planning
The company’s records will be stored in a safe, secure and accessible manner. Documents and electronic files that are essential to keeping the company operating in an emergency will be duplicated or backed up at least every week and maintained off site.
VI. Document Destruction
The company’s legal representative & director is responsible for the ongoing process of identifying its records, which have met the required retention period and overseeing their destruction. Destruction of financial and personnel-related documents will be accomplished by shredding.
Document destruction will be suspended immediately, upon any indication of an official investigation or when a lawsuit is filed or appears imminent. Destruction will be reinstated upon conclusion of the investigation.
Failure on the part of employees or contract staff to follow this policy can result in possible civil and criminal sanctions against the company and its employees or contract staff and possible disciplinary action against responsible individuals. The Treasurer will periodically review these procedures with legal counsel or the company’s certified public accountant to ensure that they are in compliance with new or revised regulations.
VIII. Implementation of policy
This policy is effect as of May 10, 2019. No part of this Policy shall have a retroactive effect and shall thus apply only to matters occurring on or after this date.
We are GC Ventures SAS, a .
Other Important Policies
==> Privacy & Data Protection Policy