WEBAPPS, LLC
Last updated 4/20/2020
Webapps LLC – is the owner of the HitPath® affiliate tracking software and the sole operator of the HitPath Masters Conference. This Privacy Policy (“the Policy”) explains how WebApps, LLC (“the Company”) collects, uses, stores, protects, and in some limited instances shares data, including personal data, generated by WebApps clients and third parties that interact with WebApps and its clients.
WebApps is committed to complete transparency as to how we use your personal data. To that end, if you have any questions regarding this policy, we encourage you to reach out to our Data Protection Officer using the details set out below:
You can contact us as follows:
FAO: Webapps, LLC
Address: 650 Poydras Street, #2800
New Orleans, LA 70130
Telephone: 1-866-882-6201
Email: support@hitpath.com
WebApps reserves the right to modify this Policy at any time. We will notify you of any material changes to the Policy by posting the modified Statement at https://hitpath.com/privacy-policy and changing the Effective Date at the top of the Policy. This Policy is incorporated into the Acceptable Terms of Use and, if you are a WebApps customer, into your License Agreement and the Terms and Conditions of that License Agreement.
A copy of this Policy is available upon request.
WebApps collects data in two ways: by interacting directly with a client or user and by receiving data as provided by a client or third party. If you are a client or potential client that is interacting directly with WebApps, you are providing data, including personal data directly to WebApps. This occurs when you sign up for a Hitpath demo and/or for the Hitpath Affiliate Program. When you sign up for any Hitpath service, you are going to be asked to provide certain information such as your name, email address, company name and web address. This method of collection occurs through the registration form.
WebApps also receives information relating to third parties from Clients through the use of the WebApps Software. If, for example, a client utilizes WebApps software to monitor online marketing behavior for certain advertising campaigns, end user data will be forwarded to WebApps through application of the Hitpath software. While WebApps and the end user will never interact directly, that end user is generating information including things like his/her IP address, geolocation, and online behavior. That data is collected by the WebApps Client and then forwarded to WebApps through the Hitpath software so WebApps can provide the Client with a broad range of services utilizing that data. In those situations, it is the Client who determines the purpose and means of the processing of the personal data. WebApps and the Client have a written license agreement which governs the nature of that relationship and the obligations of the parties with respect to that personal data, but WebApps does not control what personal data our Clients collect nor how they use it. WebApps does take steps to protect all personal data that it receives from Clients, including the personal data of third parties, but the Client is responsible for ensuring that the personal data is properly collected and protected. WebApps encourages its clients to review their own Privacy Policies and Data Protection Management Systems before collecting any personal data from any person.
In addition to data that you provide to us through voluntary registrations, email correspondence, telephone calls, surveys
The data collected by WebApps falls into two categories: Client data and end user data. Client data is provided to WebApps directly by a Client as part of the enrollment process and ongoing relationship needed to facilitate the WebApps License Agreement. End user data is data that is provided to WebApps by Clients.
WebApps collects the following types of information about Client directly from those Clients:
WebApps receives the following types of end user information from Clients:
We collect this data for a number of reasons. The basis for collection are 1) your consent (if requested and given); 2) to provide services to you under a WebApps License Agreement in the event you are a WebApps Client; 3) where we need to comply with a legal or regulatory obligation; or 4) to further our legitimate business interests.
WebApps is primarily engaged in the business of processing end user data for the benefit of our Clients. This means that in almost all instances, the end user does not interact directly with WebApps. Instead, an end user interacts with one of WebApps’ clients, or more specifically with an advertisement linked directly to a WebApps client either because the Client placed the advertisement or did so through an Affiliate or Publisher, and WebApps then processes the data that is generated by that end user activity. Through the application of the Hitpath software, WebApps is able to provide useful information to its clients relating to the effectiveness of certain advertisements, campaigns, Client Affiliates, and Client Publishers. In this scenario, WebApps is the processor of personal data.
WebApps also collects personal data directly from Clients through Client consent. WebApps collects certain client data such as name, email address, mailing address, IP information, and payment information when a Client signs up with WebApps. WebApps uses that personal data to facilitate the services it provides Client and to act on the contractual relationship between WebApps and client including communicating directly with the Client, processing payment information, providing technical support, and in some limited instance marketing directly to the Client regarding certain available services (unless the Client has opted out of those direct marketing communications).
WebApps does a few different things with the personal data it receives. If the personal data is end user Data collected by a client and then provided to WebApps for processing, WebApps processes that information in a number of ways. WebApps processes the data and reports that Data via its Hitpath software showing the effectiveness of advertising campaigns, affiliates, and publishers. This includes reporting on click data for end users that shows the effectiveness of certain advertisement and campaigns as well as general end user behavior associated with those marketing efforts. WebApps makes these reports and processed data available to WebApps clients via the client’s particular instance of the Hitpath software.
If the personal data is Client data that has been voluntarily provided by the Client through its written consent, WebApps uses that information to communicate directly with the Client, to provide technical support, to assist in the Client’s use of that Client’s instance of the Hitpath software, and to directly market to that Client, in the event the Client has not elected to object to those direct marketing efforts.
WebApps relies on third party vendors at times to assist them with the logistical support needed to operate WebApps and the Hitpath software. This includes vendors that providing hosting services, database services, storage, DNS, call provider services, and geo-location services. WebApps limits the information that we provide these third parties to the greatest extent possible. Further, all of our third party vendors have entered into an agreement with WebApps to protect your personal data.
There are some very specific and limited circumstances where WebApps must share personal data with others. WebApps may disclose personal data in the event of suspected fraudulent, malicious, or unlawful activity, or invalid traffic, or if we believe that we are legally required to do so.
You have certain rights to your personal data. These rights include the right to be informed, the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and rights in relation to automated decision making and profiling. These rights are described in detail in the GDPR itself. If you wish to review the source material for these rights you can follow this link. http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. If you have any questions regarding these rights or wish to exercise any of these rights, please contact support@hitpath.com. WebApps is committed to protecting and honoring your rights to the treatment, storage, and handling of your personal data.
As part of the bundle of rights set out above, you have a right to notify the appropriate supervisory authority if there is a problem with the handling of your personal data. Each country in the EU and EAA has a supervisory authority who will field these types of complaints directly.
Webapps, LLC does not market to nor seek users under the age of 13. Information discovered to contain personally identifiable information on an individual under the age of thirteen will be immediately purged and never shared with third parties.
Individual customers who reside in California and have provided their personal information to us may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must be submitted to us at legal@hitpath.com. Within thirty (30) days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.
Notwithstanding any other provision, we may also engage a data provider who may collect web log data from you (including IP address and information about your browser or operating system), or place or recognize a unique cookie on your browser to enable you to receive customized ads or content. These cookies contain no personally identifiable information. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, that we may share with a data provider solely in hashed, non-human readable form. To opt-out of these data provider cookies, please go to www.aboutads.info
With your consent, we and/or affiliate companies may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services or their services (as the case may be). Such marketing communications will only be sent to you if you have given your consent when you registered for our Services and have not withdrawn such consent.
All marketing emails you receive from us or companies we work with will include specific instructions on how to unsubscribe and you may unsubscribe at any time.
Additionally, you can contact us as directed at the following link to unsubscribe from marketing from us and the companies we work with https://hitpath.com/contact-us
A cookie is simply a tiny text file containing pieces of data, stored when you visit a website. It’s designed to help websites remember what you did in the past. This can include whether you clicked on particular links or pages or read pages on the site as long as the cookie is valid.
To fit the new regulations, we’ve detailed the cookies used on this website for you to decide whether you want to keep using them or if you would rather delete existing cookies, or even disable the use of cookies on our websites altogether.
WebApps uses three types of cookies.
Necessary Cookies:
These are essential cookies that let you to use the Dashboard and use its features depending on the device you’re using (language, screen performances, OS…). Without them, the quality of your navigation could not be ensured. These cookies don’t collect any information about you that could be used for marketing or remembering where you’ve been on the internet.
Performance Cookies:
These collect information about how you use a website, for instance, which pages you go to most often, and if you get error messages. They don’t collect information that identifies you; all the information is anonymous. It is used only to improve how the website works and how we can provide you with more relevant content.
Third-party Cookies
A third-party cookie is set by someone else. Sometimes targeting cookies are linked to other sites, such as Facebook.
The issue and the use of cookies by third parties are subject to the protection of privacy policies of these third parties. We inform you of the purpose of cookies that we know and means you have to make choices regarding cookies.
If you decide you’re not happy with the use of cookies on the WebApps website or on your instance of the Hitpath software you can easily delete them from the cookie folder of your browser. You can also set your browser to block cookies or to send a warning notice before a cookie is stored on your computer. You can exercise your disagreement by changing the configuration of your browser.
Different information is used for different purposes, and is subject to different standards and regulations. In general, information is retained for such period of time as is felt necessary to provide you with services you request, to comply with applicable regulations or legislation, and to ensure that you have a reasonable opportunity to access the information. If you no longer consent to us retaining your personal information, you can request that it be removed by contacting us at support@hitpath.com. WebApps Document Retention Policy is available for your review here.
WebApps takes necessary precautions to preserve data security, based on the nature of your data and the risks posed by our processing, and in particular to prevent their being impaired, damaged or having unauthorized third parties get access to them (physical protection of premises, authentication procedures for our clients with personal and secure access using confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
The General Data Protection Regulation (GDPR) is legislation which was recently adopted by the European Union and which goes into effect on Mary 25, 2018. WebApps has undertaken an extensive audit of its systems including an extensive audit of the data it controls and process, how it obtains and protects that data, and the relationships it has with third party vendors to ensure that the data is secure.
As part of its GDPR Compliance Program, WebApps has updated many of its policies and procedures to ensure full transparency in its treatment of personal data. WebApps relies on privacy by design and privacy by default principles, minimizes the data that it collects, controls, processes, and stores, and has implemented protocol to protect that data including increased awareness of threats to that data, quick response to any security breaches, and notification systems for clients, users, and supervisory authorities as appropriate.
WebApps requires written agreements with its third party vendors ensuring that those vendors are GDPR compliant and are taking adequate steps to process and store personal data. WebApps has also implemented a system to adequately respond to data subject requests relating to any of the data subject rights memorialized in the GDPR including Right to Restrict, Right to be Forgotten, Right to Access, and so on.
We value your opinion. If you have any comments or question about our Privacy Policy, you can email us at support@hitpath.com.
WebApps will update this Policy as needed. In the event of such an update, all clients will be provided with the updated Policy via their registered email for the Hitpath software. Additionally, an updated copy of the Policy will be available at www.hitpath.com/privacy-policy.
WEBAPPS, LLC
Last updated 04/15/2020
This Acceptable Use Policy (“Policy”) describes prohibited uses of hitpath.com (the Site) and the HitPath® affiliate tracking software ( collectively the “Services”) as owned and operated by WebApps, LLC, its subsidiaries and/or affiliates (“WebApps”). This is not an exhaustive list of prohibited activities and WebApps reserves the right to modify this Policy at any time. If you have entered into a License Agreement with WebApps, the terms and conditions of that Agreement shall control in the event of a conflict with this Policy.
For questions regarding this policy, please contact Webapps at support@hitpath.com.
By using the Services or accessing the Site, you agree to the latest version of this Policy. If you violate this policy or authorize or assist others to do so, we may suspend or terminate your use of the Services.
You may not use, encourage, promote, facilitate or instruct others to use the Services and/or the Site for any illegal, harmful, fraudulent, infringing or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, fraudulent, infringing or offensive. Prohibited activities include:
You may not use the Services to violate the security or integrity of any network, computer or communication system, software application, or network or computing device (“System”). These prohibited activities include but are not limited to:
WebApps reserves the right to monitor your activity when using the Services. In the event that we suspect that your activities violate any law or regulation, we reserve the right to report those activities to appropriate law enforcement officials, regulators or other appropriate third parties. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.
You may only use the Services in compliance with the rules, regulations, and laws of each applicable country and/or province where you and/or your publishers or affiliates conduct business.
A violation of or an alleged violation of this Policy will result in the immediate termination of your License Agreement, in WebApps’ sole discretion.
Please immediately inform us of any violation of this Policy.
This page is designed to share with you some information regarding the steps WebApps, LLC d/b/a Hitpath is taking to prepare for the General Data Protection Regulation (or GDPR) that is set to take effect on May 25, 2018. The GDPR is a new and sweeping set of privacy regulations adopted by the European Union that will apply to many businesses based in the United States, including WebApps.
This page will provide you with a brief explanation as to what WebApps is doing to protect your data and to ensure that we comply with the new high standard set by the GDPR.
One of the main steps WebApps is taking to comply with GDPR is to update its Privacy Policy. The Privacy Policy explains what data WebApps collects from you and from other data subjects, how it stores, protects, and uses that data, and your various rights relating to that data. We encourage you to follow this link and to review the updated Privacy Policy which goes into effect on May 24, 2018.
WebApps is also updating its Document Retention Policy, which governs how long WebApps will retain documents, both during the life of your License Agreement and generally throughout the business. These changes will also go into effect on May 24, 2018. We strongly encourage you to review this document carefully as it contains significant changes in policy regarding how long certain information will be available to you regarding your account. The updated Document Retention and Destruction Policy is available via this link.
WebApps has also adopted a General Data Protection Regulation Policy. This policy explains the many additional steps WebApps has taken to comply with GDPR and to protect your data. The General Data Protection Regulation Policy is available for your review via this link.
We will continue to update these Policies from time to time. These policies will be posted on our website as updated and available for your review at any time.
While many of the requirements of GDPR are brand new, WebApps has always been and will continue to be committed to protecting your data. The changes that we are designed not only to comply with the new legislative requirements but also to provide you with the highest levels of service and privacy possible.
We want to bring one significant change to the Acceptable Use Policy to your attention. In effort to minimize the security risk inherent with data collection, WebApps is taking steps to reduce the sheer volume of data that it retains. Under the current License Agreement, as subject to the current Acceptable Use Policy, WebApps maintains all of your user data for as long as your License Agreement remains in effect.
We are modifying that system slightly. Under the new Acceptable Use Policy, WebApps will only retain your data for one year while your License Agreement is in effect. This means that after data has been sitting in your database for a year that data will be automatically purged. You have the option to opt out of this system, as explained in the updated Acceptable Use Policy. If you want us to hold your data for longer during your License Agreement, all you have to do is request that we do so and we will be happy to oblige.
Please reach out to us via our website or your customer service representative if you have any questions regarding these policy changes.
WebApps, LLC
Effective May 24, 2018
WebApps, LLC (“the Company”), is a Louisiana limited liability company. The Company provides a multichannel tracking platform which allows companies, advertisers, advertising agencies, and publisher networks to monitor the activity generated by their respective online marketing activities (“the Services”).
The Company receives personal data in various forms and from various sources in connection with the Services. Customers provide personal data regarding themselves to the Company so that the Company can provide them with the Services. Customers also provide the Company with personal data of other companies and natural persons that is generated by that end user through his online activities and then flows through the Customer to the Company for processing. Under both of these scenarios, the Company at times receives personal data pertaining to natural personal located in the European Union (EU) and the European Economic Area (EEA). As a result of its control and/or processing of this personal data, the Company falls within the scope of the General Data Protection Regulation (“GDPR”).
The purpose of this Policy is to detail the Company’s efforts to comply with the requirements of the GDPR and to ensure the protection and confidentiality of personal data.
The Company has enacted a variety of policies to ensure that it is complying with the requirements of GDPR. Some of these policies have been in place for some time and have been updated whereas other policies have been enacted for the first time in order to comply with GDPR.
These policies are all available for review at your request.
These policies include the following:
Additionally, the Company has amended its contractual relationships to ensure that personal data is appropriately protected. This includes User License Agreements and Data Processing Agreement Addendums. Examples of these documents are also available upon request.
The Company has not elected to appoint a Data Protection Officer at this time. The Company’s core activities do not consist of processing operations which require regular and systematic monitoring of data subjects in the EU and/or EAA on a large scale. The Company does not process sensitive data relating to criminal convictions and offenses. The CEO of the Company, Samuel S. Prokop, is responsible for ensuring that the Company acts in compliance with the requirements of GDPR and any inquiries on this subject shall be directed to him.
The Company’s commitment to minimizing the risk to the personal data it controls and processes is ongoing. To minimize that risk, the Company has implemented an Information Security Policy, Document Retention Policy, Privacy Policy, and Security and Breach Protocols.
The company will also undergo semi-annual Data Protection Impact Assessments. The purpose of these assessments shall be to not only assess the risks facing the company, but also to ensure that the policies that it has implemented to minimize these risks are functional and effective. The Chief Technical Officer shall be responsible for completing the semi-annual DPIA.
In additional to the semi-annual DPIA, the Company shall undergo a semi-annual GDPR internal audit. The Company understands that GDPR is new law and as such will likely evolve and change over time. Similarly, new threats and processes will arise which the Company must take into account over time. To that end, the Company will perform a semi-annual GDPR internal audit relying on the GDPR questionnaire published for that purpose by BayLDA. The results of those audits will be retained for no less than three (3) years.
The Company operates as a Controller and as a Processor depending on the service provided and the source of the personal data. Customers provide personal data directly to the Company when they sign up for the Services. This data includes information such as Company name, individual name, address, phone number, etc. The Company is the controller of that data as it controls the means by which it is collected, why it is collected, and how it is used.
The Company operates as a processor when Customers provide the Company with information for it to process on their behalf. The Company is in the business of tracking and monitoring behavior relating to certain online marketing and advertising efforts of its Customers. Customers collect data directly from end users and then relay that information through to the Company. The Company then processes that information so it has value and use to the Customer. The Company is only a processor in this scenario as it does not control the means of collection of the data, why it is collected, or how it is used.
The Basis for the Company’s process of information depends on the source of the data and the data subject. When a Customer contracts with the Company for the Services, the Customer is asked to provide certain pieces of personal data to the Company. This information is necessary to establish the Customer’s instance of the Hitpath Software, the Company’s primary product. The Customer consents to the Company’s processing of its personal data at that time.
The Company also processes personal data on the basis of a contract. The Company enters into a License Agreement with each of its customers. In order to fulfill its contractual obligations under the License Agreement, the Company must process some of the Customer’s personal data. This processing is necessary to the operation of the Services offered by the Company and the software will not function correctly without this personal data.
The Company also relies processes Customer personal data on the basis of legitimate interest of fraud prevention. Specifically, the Company has instituted certain security measures to prevent unauthorized access to Customer accounts. The Company processes the personal data provided by the Customer to ensure that the Customer and only the Customer can access its account. This security related processing is necessary to protect the Customer and other data subjects and the individual’s interests do not override this legitimate interest in fraud prevention.
The Company also processes data of other data subjects, including end users, that is provided to it by Customers. The basis for that processing is the legitimate business of the operation of the Company and the provision of the Services to the Customers as well as part of its direct marketing practices. The Company is in the business of taking data that is provided to it by its customers, the controllers of that data, and processing it in a way that allows the customer to understand the value of the Customers online advertising and marketing strategies. The Company has an interest operating its business and in providing an efficient and valuable service to its Customers. The Company does not control the means of collection of the data and relies on its Customers, the controller, to properly notify any end user that it is collecting data at the time of collection. The processing of the personal data of data subjects is necessary for the Company to provide the Services to its Customers and to carry out its business. Further, end users have an expectation that their online activities, particularly their interaction with online advertisements, are being monitored and generating data that is used by advertisers, publishers, and agencies. The interests and fundamental rights of the data subject do not override the legitimate interests of the Company as described herein.
The Company relies on a number of vendors. It does so both in its capacity as a controller and in its capacity as a processor. The Company relies on vendors to provide a number of services including hosting, servers, geo location, customer intelligence, among others. In order for these vendors to carry out these tasks, the Company must transfer data to them. This data may include personal data of both customers and other data subjects including end users.
In order to ensure that these third party vendors properly protect all data that the Company provides to them, the Company requires these vendors to provide certain assurances regarding their compliance with GDPR. Additionally, the Company requires that each vendor execute a Data Processing Agreement or to adopt terms covered by such a document into existing user agreements.
The Company is keenly aware of the variety of data subject rights memorialized by GDPR. The Company’s handling of personal data is addressed at length in the company’s Privacy Policy which is available on the Company’s website.
The Company takes responsibility for complying with the GDPR at the highest management level and through the organization. The company records the steps that it takes to comply with GDPR including implementing a system for regular risk assessments, audits, and the processing of personal data. In addition to implementing certain policies to protect the data it controls and processes, the Company as adopted both privacy by design and privacy by default approaches to ensure that appropriate data protection measures are in place throughout the entire lifecycle of the Company’s processing activities. The Company has increased it security measures to protect this data and has instituted policies to heighten security awareness for its employees. The Company has also instituted policies to ensure that data breaches are quickly recognized and appropriately addressed both with the individuals involved and with the appropriate supervisory authorities.
WebApps, LLC
Updated 5/24/2018
The purpose of this Policy is to ensure that necessary records and documents of WebApps, LLC (“WebApps” or “the Company”) are adequately protected and maintained and to ensure that records that are no longer needed by the Company or are of no value are discarded at the proper time. This Policy is also for the purpose of aiding employees of the Company in understanding their obligations in retaining electronic documents – including e-mail, Web files, text files, sound and movie files, PDF documents, and all Microsoft Office or other formatted files.
This Policy represents the Company’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.
Attached as Appendix A is a Record Retention Schedule that is approved as the initial maintenance, retention and disposal schedule for physical records of the Company and the retention and disposal schedule of electronic documents. The Data Protection Officer (the “Administrator”) is the officer in charge of the administration of this Policy and the implementation of processes and procedures to ensure that the Record Retention Schedule is followed. The Administrator is also authorized to: make modifications to the Record Retention Schedule from time to time to ensure that it is in compliance with local, state and federal laws and includes the appropriate document and record categories for the Company; monitor local, state and federal laws affecting record retention; annually review the record retention and disposal program; consult with outside counsel, and monitor compliance with this Policy.
In the event the Company is served with any subpoena or request for documents or any employee becomes aware of a governmental investigation or audit concerning the Company or the commencement of any litigation against or concerning the Company, such employee shall inform the Administrator and any further disposal of documents shall be suspended until shall time as the Administrator, with the advice of counsel, determines otherwise. The Administrator shall take such steps as are necessary to promptly inform all staff of any suspension in the further disposal of documents.
This Policy applies to all physical records generated in the course of the Company’s operation, including both original documents and reproductions. It does not apply to independent contractor records as we rely upon the governing boards of third party vendors to set appropriate retention policies for their members. It also applies to the electronic documents described above.
This Policy was approved by the Members of the Company.
APPENDIX A RECORD RETENTION SCHEDULE
The Record Retention Schedule is organized as follows:
SECTION TOPIC
Record Type | Retention Period |
Accounts Payable ledgers and schedules | 7 years |
Accounts Receivable ledgers and schedules | 7 years |
Annual Audit Reports and Financial Statements | Permanent |
Annual Audit Records, including work papers and other documents that relate to the audit | 7 years after completion of audit |
Annual Plans and Budgets | 2 years |
Bank Statements and Canceled Checks | 7 years |
Employee Expense Reports | 7 years |
General Ledgers | Permanent |
Interim Financial Statements | 7 years |
Notes Receivable ledgers and schedules | 7 years |
Investment Records | 7 years after sale of investment |
Internal Audit work papers and findings | 7 years after completion |
Record Type | Retention Period |
Contracts and Related Correspondence (including any proposal that resulted in the contract and all other supportive documentation) | 7 years after expiration or termination |
Record Type | Retention Period |
Corporate Records (minute books, signed minutes of the Board and all committees, corporate seals, articles of incorporation, bylaws, annual corporate reports) | Permanent |
Licenses and Permits | Permanent |
Memorandums of Understanding | Permanent |
General Principle: Most correspondence and internal memoranda should be retained for the same period as the document they pertain to or support. For instance, a letter pertaining to a particular contract would be retained as long as the contract (7 years after expiration). It is recommended that records that support a particular project be kept with the project and take on the retention time of that particular project file.
Correspondence or memoranda that do not pertain to documents having a prescribed retention period should generally be discarded sooner. These may be divided into two general categories:
Those pertaining to routine matters and having no significant, lasting consequences should be discarded within two years. Some examples include:
Please note that copies of interoffice correspondence and documents where a copy will be in the originating department file should be read and destroyed, unless that information provides reference to or direction to other documents and must be kept for project traceability.
Those pertaining to nonroutine matters or having significant lasting consequences should generally be retained permanently.
Electronic Mail: Not all email needs to be retained, depending on the subject matter.
Staff will strive to keep all but an insignificant minority of their e-mail related to business issues.
Staff will not store or transfer Company related e-mail on non-work-related computers except as necessary or appropriate for Foundation purposes.
Staff will take care not to send confidential/proprietary Company information to outside sources.
Electronic Documents: including Microsoft Office Suite and PDF files. Retention also depends on the subject matter.
Web Page Files: Internet Cookies
All workstations: All web browsers should be scheduled to delete Internet cookies once per month.
Skype, G-Chat, Slack, and other Messaging documents
All documents produced or stored as part of any messaging service used by any employee for Company purposes, including internal and external communications, shall be scheduled to be deleted automatically six (6) months after the date the communication took place and/or the document was generated. If the employee/user is unable to alter the document retention schedule of the particular chat serviced used, the document retention policy of that service shall control the handling of those documents.
Text Messages
Employees may from time to time utilize their mobile devices include their personal cell phones to exchange work related text messages. All employees shall adjust their mobile device text setting to automatically delete text messages after thirty (30) days.
The Company does not automatically delete electronic files beyond the dates specified in this Policy. It is the responsibility of all staff to adhere to the guidelines specified in this policy.
Record Type | Retention Period |
Legal Memoranda and Opinions (including all subject matter files) | 10 years after close of matter |
Litigation Files | 10 year after expiration of appeals or time for filing appeals |
Court Orders | Permanent |
Requests for Departure from Records Retention Plan | 10 years |
Record Type | Retention Period |
Contact information | 2 years |
Billing information | 2 years |
Reports | 12 months (if contract is active),
30 days after termination of contract |
Campaign and Affiliate Data | 12 months (if contract is active),
30 days after termination of contract |
Click Data
Admin Use Data |
12 months (if contract is active),
30 days after termination of contract 12 months (if contract is active), 30 days after termination of contract |
Record Type | Retention Period |
Reporting Data | |
Hits Table | 12 months (if subject to active contract, otherwise 30 days) |
Hits Database | 12 months (if subject to active contract, otherwise 30 days) |
Sales Database | 12 months (if subject to active contract, otherwise 30 days) |
Redshift | 12 months (if subject to active contract, otherwise 30 days) |
Log Files | 40 days |
Lead Generation Data | |
Call Center Data | 12 months (if subject to active contract, otherwise 30 days) |
Direct Marketing Data | 12 months (if subject to active contract, otherwise 30 days) |
Direct Unsubscribe Data | Indefinite |
Indirect Ununsubscribe Data | Indefinite |
Suppression List | Indefinite |
Record Type | Retention Period |
Consultant’s Reports | 2 years |
Material of Historical Value (including pictures, publications) | Permanent |
Policy and Procedures Manuals – Original | Current version with revision history |
Policy and Procedures Manuals Copies | Retain current version only |
Annual Reports | Permanent |
Record Type | Retention Period |
Employee Personnel Records (including individual attendance records, application forms, job or status change records, performance evaluations, termination papers, withholding information, garnishments, test results, training and qualification records) | 6 years after separation |
Employment Contracts – Individual | 7 years after separation |
Record Type | Retention Period |
Correspondence, Property Deeds, Assessments, Licenses, Rights of Way | Permanent |
Original Purchase/Sale/Lease Agreement | Permanent |
Property Insurance Policies | Permanent |
General Principle: The Company must keep books of account or records as are sufficient to establish amount of gross income, deductions, credits, or other matters required to be shown in any such return.
These documents and records shall be kept for as long as the contents thereof may become material in the administration of federal, state, and local income, franchise, and property tax laws.
Record Type | Retention Period |
Tax-Exemption Documents and Related Correspondence |
Permanent |
IRS Rulings | Permanent |
Excise Tax Records | 7 years |
Tax Bills, Receipts, Statements | 7 years |
Tax Returns Income, Franchise, Property | Permanent |
Tax Workpaper Packages Originals | 7 years |
Sales/Use Tax Records | 7 years |
Annual Information Returns – Federal and State | Permanent |
IRS or other Government Audit Records | Permanent |
Record Type | Retention Period |
Records of Contributions | Permanent |
The Company’s or other documents evidencing terms of gifts | Permanent |