Data Retention and Security Policy

Earth Office recognizes the importance of protecting personal data and ensuring its confidentiality, integrity, and availability. This Data Retention and Security Policy outlines our practices for retaining and securing personal data in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

Data Retention: We retain personal data for no longer than necessary for the purposes for which it was collected and processed. The following retention periods apply:

  1. Contact Form Inquiries: We retain personal data collected through our contact form (names, email addresses, phone numbers) for a period of 12 months.
  2. Cookies and Tracking Technologies:
    • Google Analytics 4 and Google Tag Manager: 26 months
    • Meta Pixel and other advertising cookies: Typically, 13 months or less
  3. Other Data: We periodically review and update our data retention practices to ensure compliance with legal requirements and operational needs.

Data Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Our data security measures include:

  1. Encryption: We use industry-standard encryption protocols to protect personal data in transit and at rest.
  2. Access Controls: We have strict access controls and authentication mechanisms, such as two-factor authentication (2FA), to limit access to personal data only to authorized individuals.
  3. Security Testing: We regularly conduct security testing, vulnerability assessments, and penetration testing to identify and address potential security risks.
  4. Secure Storage and Backup: Personal data is stored and backed up in secure environments with strict access controls and monitoring.
  5. Incident Response: We have established procedures to detect, respond to, and report personal data breaches in a timely manner, as required by applicable laws and regulations.
  6. Vendor Management: We carefully evaluate and monitor third-party vendors and service providers that process personal data on our behalf to ensure they meet our security requirements.
  7. Employee Awareness and Training: We provide regular awareness and training programs to ensure our employees understand their responsibilities in handling personal data securely and in compliance with applicable laws and regulations.

Continuous Improvement: We regularly review and update our data retention and security practices, policies, and procedures to address evolving risks and requirements. We are committed to maintaining appropriate safeguards to protect the confidentiality, integrity, and availability of personal data.

If you have any questions or concerns about our data retention or security practices, please contact us using the information provided in our Privacy Policy.