Terms of Service
Data Compliance & Retention Policy
1. Overview of the Data Retention Policy
This section provides a high-level summary of the Data Retention Policy, explaining its purpose, importance, and the key objectives it aims to achieve. It serves as an introduction to the principles and practices that JASCI Software follows in managing data retention for its SaaS platform. JASCI reserves the right to modify or update this Data Retention Policy at any time as necessary to ensure optimal performance of its services, compliance with applicable regulations, and to address evolving business needs.
This Data Retention Policy is in addition to and should be read in conjunction with the Customer's agreed upon Master Subscription Agreement (MSA), Professional Services Agreement (PSA), and Support Agreement (SA). It outlines the standards and guidelines for data retention, archiving, and disposal within JASCI Software's SaaS platform.
1.1. Purpose: The purpose of this policy is to define the standards and guidelines for the retention, archiving, and disposal of data managed by JASCI Software's SaaS platform. It ensures that data is retained for appropriate periods to meet legal, regulatory, and business requirements while also addressing the need for data security and privacy. Additionally, by managing data retention effectively, particularly in a highly transactional environment, JASCI Software ensures that the platform can maintain fast transactional response times.
1.2. Objectives: Enhancing platform performance by managing data retention effectively, particularly in a highly transactional environment, JASCI Software ensures that the platform can maintain fast transactional response times. Efficient data retention practices reduce database load and improve update and query performance, enabling quick access to current data, which is essential for operational efficiency and customer satisfaction.
1.3. Applicability: This policy applies to all data collected, stored, processed, and managed within JASCI Software’s SaaS platform, including but not limited any data provided by customers, operational data generated through the use of the platform, and data stored in the JASCI Software cloud-based data warehouse.
2. Compliance with Legal and Regulatory Requirements
JASCI’s SaaS platform is committed to ensuring that all data handling and retention practices comply with applicable legal and regulatory requirements on a global scale. The platform is designed to meet the stringent demands of various data protection regulations not only in specific regions but across different jurisdictions worldwide. This global compliance approach includes the retention, processing, and disposal of data in a manner that adheres to these international requirements, thereby mitigating the risk of legal repercussions and ensuring trust with clients and stakeholders globally. Compliance is not only a legal obligation but a fundamental principle guiding JASCI’s data management practices, ensuring that the platform remains adaptable to evolving regulations in different countries.
2.1. Relevant Data Protection Laws
JASCI’s data retention policy is crafted to align with key data protection laws in accordance with, but not limited to the General Data Protection Regulation GDPR in the EU, California Consumer Privacy Act (CCPA) in the United States, Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other relevant international regulations such as Brazil's General Data Protection Law (LGPD), Japan’s Act on the Protection of Personal Information (APPI) and the Personal Data Protection Act (PDPA) in Singapore. These laws require careful consideration of data collection, processing, retention, and deletion practices, with a focus on compliance in multiple jurisdictions.
2.2. Data Subject Rights: Data subjects are provided with the ability to access, and request the deletion of their stored data with written request by an authorized representative, in accordance with, but not limited to the General Data Protection Regulation GDPR in the EU, California Consumer Privacy Act (CCPA) in the United States, Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other relevant international regulations such as Brazil's General Data Protection Law (LGPD), Japan’s Act on the Protection of Personal Information (APPI) and the Personal Data Protection Act (PDPA) in Singapore.
2.3. Data Minimization: Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. This principle is universally applied, ensuring compliance with both regional and international data minimization requirements.
2.4. Lawful Basis for Processing: Data is processed based on consent, contractual necessity, legal obligations, or legitimate interests, as defined by applicable laws across different regions, in accordance with but not limited to the General Data Protection Regulation GDPR in the EU, California Consumer Privacy Act (CCPA) in the United States, Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other relevant international regulations such as Brazil's General Data Protection Law (LGPD), Japan’s Act on the Protection of Personal Information (APPI) and the Personal Data Protection Act (PDPA) in Singapore.
2.5. Contractual Obligations: In addition to legal and regulatory requirements, the Data Retention Policy considers the contractual obligations JASCI Software MSA (master subscription agreement), PSA (professional services agreement) and support agreement has with its customers.
2.6. Industry Standards and Best Practices
JASCI’s SaaS platform adheres to recognized industry standards and best practices in data retention and management. These standards ensure that JASCI’s data management processes are secure, reliable, and scalable. Practices include:
2.6.1. Encryption: All data, both at rest and in transit, is encrypted using industry-standard encryption protocols.
2.6.2. Access Controls: Role-based access control (RBAC) is used to ensure that only authorized personnel have access to sensitive data.
2.6.3. Data Integrity: Regular checks and balances are in place to ensure the integrity and accuracy of stored data.
3. Data Retention Guidelines
3.1. General Principles of Data Retention: Data retained within the JASCI production, uat (user acceptance testing) and data warehouse databases shall be managed in accordance with the established retention periods outlined in this policy. Retention practices are designed to comply with applicable regulatory requirements and to support efficient data management and storage solutions. All data shall be securely stored, protected, and disposed of in a manner consistent with the principles of data security and regulatory compliance.
3.2. Retention Periods for Specific Data Categories: The retention periods for specific data categories are detailed in the Data Categories and Retention Periods table referenced in Appendix 1 of this Policy. Data shall be retained for the periods specified therein, after which it will be subject to secure disposal procedures. The retention periods are determined based on operational needs, regulatory requirements, and the importance of the data to JASCI’s business processes.
3.3. Exceptions to Standard Retention Periods: Exceptions to the standard data retention periods may be granted under specific circumstances, including but not limited to, legal obligations, contractual obligations, or specific requests by JASCI customers. Any deviations from the standard retention periods will be documented, reviewed, and approved by the JASCI Chief Technology Officer. Additionally, these exceptions may incur additional recurring subscription fees, and will be assessed on a case-by-case basis.
3.4. Customer Access & Export of Historical Data: JASCI provides customers with secure access to historical data stored in our cloud-based Data Warehouse, offering up to two years of data retention by default. This historical data can be viewed, looked up, or extracted at any time through the JASCI platform, ensuring customers can seamlessly retrieve and analyze past records as needed for their business operations.
Appendix A:
