DATA RETENTION POLICY

B2B I.T. Solutions (“Company,” “we,” “us,” or “our”) retains personal data and other information only for such periods as are reasonably necessary to operate and support its services, perform contractual obligations, comply with applicable legal and regulatory requirements, satisfy third-party platform obligations, and protect the Company’s legitimate business interests. Data is deleted, anonymized, or otherwise rendered inaccessible when it is no longer required for those purposes, subject to applicable legal preservation requirements.

This Data Retention Policy (“Policy”) describes the Company’s approach to managing data retention across its systems, applications, and third-party integrations, including data processed in connection with social media platforms and other external services. This Policy is intended to reflect recognized data-protection principles and to align with applicable privacy and data-governance requirements, including the EU General Data Protection Regulation (“GDPR”), relevant U.S. federal and state data-protection laws, and the contractual and policy requirements imposed by technology and platform partners.

1. Scope

This Policy applies to all data collected, received, generated, maintained, or otherwise processed by or on behalf of B2B I.T. Solutions in the course of providing its services, regardless of the format, medium, or location in which such data is stored. Covered data includes, without limitation, electronic data such as system records, application data, logs, analytics, integration metadata, API-derived information, and authentication credentials, as well as hard-copy records where applicable.

This Policy governs data relating to clients and client accounts, website visitors, connected social media accounts, vendors, contractors, employees, applicants, and other individuals or entities whose data the Company processes in connection with its business operations.

2. Data Retention Principles

In determining appropriate retention periods, the Company applies the following principles:

Retention periods described in this Policy reflect general practices and do not require the Company to retain data for any minimum period where such data is no longer necessary for the purposes described herein.

Categories of Data and Retention Periods

3.1 Website and Marketing Data

The Company collects limited website visitor data, such as basic usage analytics, IP addresses, and contact form submissions, for purposes including site functionality, performance monitoring, security, and responding to inquiries. Such data is generally retained only for so long as reasonably necessary to fulfill these purposes, unless a longer retention period is required to comply with applicable law, resolve disputes, or enforce legal rights.

Marketing and newsletter subscription data is retained for so long as the individual remains subscribed or otherwise engaged with Company communications. Upon an unsubscribe request or withdrawal of consent, the Company deletes or anonymizes such data within a commercially reasonable timeframe, subject to any applicable legal requirements.

3.2 Client and Account Data

Client account data is retained for the duration of the client relationship to enable service delivery, account administration, customer support, and contractual performance. Following termination or expiration of a client account, such data may be retained for so long as reasonably necessary to address billing matters, resolve disputes, enforce contractual rights, respond to legal claims, and satisfy recordkeeping obligations.

Billing, payment, and transactional records are retained for the period required by applicable tax, accounting, or financial reporting laws, and thereafter only as necessary for lawful business purposes.

3.3 Social Media Platform and API-Derived Data

The Company integrates with third-party social media platforms, including Facebook, Instagram, LinkedIn, X, and Google Business, to enable clients to publish article summaries and related content to their connected accounts.

In connection with these integrations, the Company may process limited platform-derived data, including post identifiers, timestamps, account identifiers, confirmation responses, and restricted engagement metrics. Such data is retained only to the extent reasonably necessary to support posting, synchronization, client-visible reporting, error resolution, auditing, and troubleshooting of the integration. In processing such platform-derived data, the Company acts solely on behalf of and at the direction of its clients, and does not independently determine the purposes or means of such processing except as necessary to provide the services.

Authentication credentials, including OAuth access tokens and refresh tokens, are stored solely for the purpose of maintaining an active connection between the client’s account and the applicable platform. These credentials are retained only while the client’s account remains connected and are deleted within a commercially reasonable period upon account disconnection, revocation of access, or termination of the account, except where short-term retention is required for security review, audit purposes, or compliance with legal obligations.

Platform-derived data is processed exclusively to provide the functionality requested by the client and is not used for advertising, behavioral profiling, or the training of machine-learning or artificial-intelligence models, except where such use is expressly permitted by the applicable platform’s terms and authorized by the client.

Upon client request, account disconnection, or a platform-mandated requirement, applicable platform-derived data is deleted without undue delay, subject to any legal hold or statutory retention obligation.

3.4 Generated Content

Articles and automated summaries generated through the Company’s systems are retained in accordance with the client’s account configuration and applicable contractual terms. Such content is retained to enable content delivery, client access, and ongoing service functionality and is not treated as platform-derived data. Generated content is not retained for purposes unrelated to service provision, contractual performance, or compliance obligations.

3.5 Vendor, Contractor, and Business Partner Data

Data relating to vendors, contractors, and business partners is retained for the duration of the applicable agreement and thereafter only for so long as reasonably necessary to support auditing, dispute resolution, compliance with legal obligations, and the protection of the Company’s legal and business interests, unless a longer retention period is required by law.

3.6 Employment and Recruitment Data

Employee personnel records are retained for the duration of employment and for so long as reasonably necessary to comply with applicable labor, employment, tax, and benefits laws, resolve disputes, and enforce legal rights.

Recruitment data relating to unsuccessful applicants is retained only as long as reasonably necessary to comply with applicable law, respond to employment-related claims, and support legitimate hiring and compliance processes, after which it is deleted or anonymized.

3.7 Legal, Security, and Compliance Data

Security logs, audit records, and incident-response documentation are retained only for so long as reasonably necessary to investigate, remediate, or document security incidents, comply with regulatory obligations, or support legal claims.

Data subject to litigation holds, regulatory inquiries, investigations, or other legal preservation requirements is retained for the duration of the applicable hold and is not deleted or destroyed until the hold is formally lifted by legal counsel.

4. Data Duplication

The Company takes reasonable measures to limit unnecessary duplication of data. Where duplicate copies are required for legitimate operational, security, backup, or business-continuity purposes, all copies remain subject to this Policy and are retained and deleted in accordance with the applicable retention periods.

5. Data Deletion and Destruction

When data is no longer required for the purposes described in this Policy, the Company deletes, anonymizes, or securely destroys such data using commercially reasonable technical and organizational measures designed to prevent unauthorized access or recovery. Automated deletion processes are implemented where practicable, particularly with respect to integration-related data and authentication credentials. Manual deletion procedures are applied where automation is not feasible. Data stored in backup or disaster-recovery systems is subject to the same retention and deletion principles described in this Policy and is overwritten or rendered inaccessible in accordance with the Company’s backup schedules.

Any exceptions to scheduled deletion must be approved by the Company’s Data Protection Officer. Where a litigation hold or other legal preservation obligation applies, deletion of affected data is suspended until the obligation is lifted.

6. Governance and Review

This Policy is reviewed on a periodic basis and updated as necessary to reflect changes in applicable law, regulatory guidance, platform requirements, and the Company’s operational practices. Employees and contractors with access to data covered by this Policy are required to comply with its terms and may be subject to disciplinary action for violations. Nothing in this Policy is intended to create a contractual guarantee regarding specific deletion timelines, except as required by applicable law or expressly agreed in writing.

7. Contact

Questions regarding this Policy or the Company’s data retention practices may be directed to:
Data Protection Officer
B2B I.T. Solutions
https://www.scrfix.com/contact-us.php

Copy Image
Copy Image URL
Download Image
Support