The Adventure Family of Companies (including but not exclusively Adventure Social LLC and Adventure Family Travel LLC; hereafter referred to as The Adventure Company) seeks to ensure that it retains only data necessary to effectively conduct its program activities and work in fulfillment of its missions.
The need to retain data varies widely with the type of data and the purpose for which it was collected. The Adventure Company strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth The Adventure Company’s guidelines on data retention and is to be consistently applied throughout the organization.
Scope
This policy covers all data collected by The Adventure Company and stored on The Adventure Company owned or leased systems and media, regardless of location. It applies to both data collected and held electronically (including photographs, video and audio recordings) and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).
Reasons for Data Retention
The Adventure Company retains only that data that is necessary to effectively conduct its program activities, fulfill its mission and comply with applicable laws and regulations.
Reasons for data retention include:
- Providing an ongoing service to the data subject (e.g. sending a newsletter, publication or ongoing program updates to an individual, ongoing training or participation in The Adventure Company’s programs, processing of employee payroll and other benefits)
- Compliance with applicable labor, tax and immigration laws
- Other regulatory requirements
- Security incident or other investigation
- Intellectual property preservation
- Litigation
Data Duplication
The Adventure Company seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in The Adventure Company’s possession, including duplicate copies of data.
Retention Requirements
The Adventure Company has set the following guidelines for retaining all personal data as defined in the data privacy policy.
- Website visitor data will be retained as long as necessary to provide the service requested/initiated through the The Adventure Company website.
- Contributor data will be retained for the year in which the individual has contributed and then for up to three (3) years after the date of the last contribution.
- Event participant data will be retained for the period of the event, including any follow up activities, such as the distribution of reports, plus a period of three (3) years;
- Program participant data (including login data) will be retained for the duration of any current subscription plus three (3) years.
- Employee data will be held for the duration of employment and then seven (7) years after the last day of employment.
- Recruitment data, including interview notes of unsuccessful applicants, will be held for two (2) years after the closing of the position recruitment process.
- Consultant (both paid and pro bono) data will be held for the duration of the consulting contract plus one (1) year after the end of the consultancy.
- Data associated with tax payments (including payroll, corporate and VAT) will be held for seven (7) years.
Data Sharing
Data may be shared or stored with other companies with which we do business in the course of delivering requested services. We make every effort to secure shared data behind passwords and/or multi-factor authentication procedures.
Data Destruction
Data destruction ensures that The Adventure Company manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, The Adventure Company will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by The Adventure Company’s data protection offer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.
Data Deletion
The Adventure Company encourages you to be in control of your data. We collect data from you and about you in order to deliver the best possible experiences for you. This includes personal identifiable information such as your name and email as well as participation data such as last login and accumulated Hacker Points. We only retain the data that allows us to provide optimal services to you.
Upon request to adventure@adventuresocial.com you may ask that your data be deleted from any of the Adventure Family of Companies. We will only retain the minimum amount of data needed to satisfy our own financial records requirements. All other data will be deleted as requested.
Periodically, data which belongs to an inactive subscriber will be archived and will be processed for archiving purposes in the public interest, scientific or historical research purposes, account reactivation purposes or statistical purposes in accordance. Additionally, data may continue to exist on backup sources until overwritten by new backups.