Data Retention Policy

This Data Retention Policy defines processes and standards for the secure retention and disposal of personal information, ensuring compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It focuses on maintaining data only as long as necessary for business, legal, and regulatory purposes while safeguarding consumer rights.

• Scope: Covers consumer personal information, sensitive personal information (SPI), employee and contractor data, and vendor data.
• Retention Guidelines: Establishes general and category-specific retention periods to meet legal and operational needs.
• Secure Disposal: Implements secure destruction methods for physical and electronic data when retention periods expire.
• Consumer Rights: Supports transparency by providing retention information and facilitating deletion requests in accordance with CCPA/CPRA.

This policy enhances data management practices and ensures adherence to legal obligations while minimizing risks of unauthorized access or breaches.