Data Retention Policy (US)

Client Data Retention Policy (US Region)

  1. Purpose of the policy:
    This policy outlines the data retention practices of Staffing Future following US data regulations in California, Colorado, Connecticut, Iowa, Utah, and Virginia. The policy establishes the period for which Staffing Future retains the personal data of its clients, employees, and contractors.
  2. Data retention period:
    Staffing Future will retain the personal data of its clients, employees, and contractors for a maximum of 60 days after it is no longer needed for the purpose for which it was collected unless required by law to retain it for a more extended period.
  3. Types of data:
    The data retention period applies to all personal data collected by Staffing Future, including but not limited to:
  • Contact information (e.g., name, email address, phone number)
  • Employment information (e.g., job title, work location, work history. resumes)
  • Identification information & documents (e.g., passport, ID number)
  • Special categories of data (e.g., health information)
  • EEOC Information
  1. Data disposal:
    At the end of the retention period, Staffing Future will securely dispose of the personal data, using appropriate measures to prevent unauthorized access, disclosure, or data loss.
  2. Exceptions:
    In certain circumstances, Staffing Future may retain personal data beyond 60 days. These circumstances include, but are not limited to:
  • Legal requirements: Staffing Future may be required to retain personal data for extended periods to comply with legal or regulatory obligations.
  • Litigation: Staffing Future may need to retain personal data for extended periods to defend against legal claims.
  • Data backups: Staffing Future may retain personal data in backups for a limited period to ensure business continuity and disaster recovery.
  1. Compliance monitoring:
    Staffing Future will regularly monitor compliance with this data retention policy to ensure it meets the GDPR and other applicable laws and regulations.
  2. Review and update:
    This data retention policy will be reviewed and updated periodically to reflect legal requirements and business needs changes.

Data Privacy Definitions by State:

California:

The California Consumer Privacy Act (CCPA) provides California residents with certain rights related to their data, including the right to know what personal information is being collected about them, the right to request deletion of their personal information, and the right to opt out of the sale of their personal information. The CCPA also requires businesses to provide certain disclosures about their data collection and sharing practices.

Colorado:

The Colorado Privacy Act (CPA) was recently passed and will go into effect in July 2023. It will require businesses to provide certain disclosures to consumers about their data collection and sharing practices. It will give consumers certain rights related to their data, including the right to opt out of the sale of their personal information and the right to request access to and delete their personal information.

Connecticut:

Connecticut does not have a comprehensive data privacy law, but it has enacted specific data breach notification requirements for businesses. Under Connecticut law, businesses must notify affected individuals in the event of a data breach that exposes their personal information.

Iowa:

Iowa does not have a comprehensive data privacy law, but it has enacted specific data breach notification requirements for businesses. Under Iowa law, businesses must notify affected individuals in the event of a data breach that exposes their personal information.

Utah:

The Utah Consumer Privacy Act (UCPA) provides Utah residents with certain rights related to their data, including the right to know what personal information is being collected about them, the right to request deletion of their personal information, and the right to opt out of the sale of their personal information. The UCPA also requires businesses to provide certain disclosures about their data collection and sharing practices.

Virginia:

The Virginia Consumer Data Protection Act (VCDPA) provides Virginia residents with certain rights related to their data, including the right to know what personal information is being collected about them, the right to request deletion of their personal information, and the right to opt out of the sale of their personal information. The VCDPA also requires businesses to provide certain disclosures about their data collection and sharing practices. The VCDPA will go into effect in January 2023