Data Retention Policy

This Data Retntion Policy is effective dated: June 01, 2024

Control Document: GEF-PP-008, Ver. 1.0

Purpose

The purpose of this Data Retention Policy is to outline the guidelines and procedures for the retention, storage, and disposal of data collected and processed by galaxefi. This policy ensures that data is retained for the appropriate period to meet legal, regulatory, and business requirements while protecting the privacy and confidentiality of customer information.

This policy is used in conjunction with the Data Secrecy and Privacy Policy

Scope

This policy applies to all data collected, processed, and stored by the Company, including but not limited to:

  • Customer data
  • Employee data
  • Business records
  • Financial records
  • Operational data

Definitions

  • Data: Any information collected, processed, stored, or transmitted by the Company, including electronic and physical records.
  • Retention Period: The duration for which data is stored before it is deleted or destroyed.
  • Personal Data: Any information relating to an identified or identifiable natural person.

Data Classification

Data will be classified into the following categories, each with its own retention requirements:

  • Customer Data: Includes personal information, transaction history, and communications.
  • Employee Data: Includes personal information, employment records, and payroll information.
  • Business Records: Includes contracts, agreements, and corporate documents.
  • Financial Records: Includes invoices, receipts, and accounting records.
  • Operational Data: Includes system logs, performance data, and audit trails.

Retention Periods

Data will be retained for the following periods, unless otherwise required by law or business needs:

  • Customer Data: Retained for the duration of the customer relationship and for 2 years after the end of the relationship.
  • Employee Data: Retained for the duration of employment and for 2 years after termination.
  • Business Records: Retained for 5 years from the date of creation.
  • Financial Records: Retained for 5 years from the end of the fiscal year.
  • Operational Data: Retained for 5 years from the date of creation.

Data Storage and Security

  • Data will be stored in secure environments with appropriate access controls to protect against unauthorized access, alteration, or deletion.
  • Encryption will be used for sensitive data both in transit and at rest.
  • Regular backups will be performed to ensure data integrity and availability.

Data Disposal

  • Data that has reached the end of its retention period will be securely disposed of to prevent unauthorized access or disclosure.
  • Electronic data will be deleted in a manner that ensures it cannot be recovered.
  • Physical records will be shredded or incinerated.

Legal and Regulatory Compliance

  • The Company will comply with all applicable laws and regulations regarding data retention and disposal.
  • Data subject to legal holds or ongoing investigations will be retained until the hold is lifted or the investigation is concluded.

Roles and Responsibilities

  • Data Owners: Responsible for classifying data and ensuring it is retained and disposed of according to this policy.
  • IT Department: Responsible for implementing and maintaining technical controls to enforce this policy.
  • Compliance Officer: Responsible for monitoring compliance with this policy and conducting periodic reviews.

Policy Review and Updates

  • This policy will be reviewed annually and updated as necessary to ensure compliance with legal and regulatory requirements and to address new business needs.
  • Changes to this policy will be communicated to all employees and stakeholders.

Quick Contact

By adhering to this Data Retention Policy, galaxefi commits to managing data responsibly, ensuring data privacy, and complying with legal and regulatory obligations. For questions or concerns about this Policy, please use the following form: