Data Management & Retention Policy

Last updated: September 1, 2024

Our commitment to privacy

Your privacy is important to us. This policy is intended to provide you with a clear understanding of how we retain and manage the personal data information collected by PairSoft.

This Notice was last updated and applies from September 1, 2024. When we make changes to this Data Management & Retention Policy, we will change the “Last Updated” date at the beginning of this policy. All changes shall be effective from the date of publication unless otherwise provided in the notification.

This policy describes the process for data retention and management at PairSoft.

• What this policy covers
• Why we retain data
• How we determine data retention periods
• Data exemptions
• How we remove and destroy data
• Additional privacy information
• How to contact us
• How to contact the appropriate authority

The amount of time we store information depends on the type of data and the purpose for collecting it. PairSoft strives to ensure that data is only retained for the period necessary–to fulfil the purpose for which it was collected—and is deleted when no longer required.

After such time, we will either delete or de-identify your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

What this policy covers

Various types of personal data collected by PairSoft and the length of time the data is retained. Visitors and website users give explicit consent for sharing personal data with PairSoft. Other user categories where PairSoft collects and stores personal data include prospective customers, job candidates, industry professionals, employees, vendors, and partners.

This policy applies to all records collected by Pairsoft and stored on PairSoft owned or leased systems and media, regardless of location. In this policy, a “record” is any type of electronic or paper file (document, spreadsheet, database entries) that we store in our systems. This includes files both employees and external sources create. All legal and business documents, as well as formal internal and external communications, fall under this policy’s purview.

If a retention period is not listed, then it is determined based on its purpose, sensitivity, and priority. Once the purpose is achieved, personal data is no longer required.

PairSoft seeks to avoid duplication in data storage whenever possible, though there may be instances where it is necessary for data to be held in more than one place. This policy applies to all data in the possession of PairSoft, including duplicate copies of data.

Why we retain data

PairSoft keeps only data necessary to effectively conduct business activities, deliver services, and comply with applicable laws and regulations. Different types of data have specific retention requirements.

We use industry standard technical and organizational measures to secure the information we store. For more information about the company, privacy, and data processing, please see the PairSoft Privacy Policy.

The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR). A list of relevant policies and laws are provided at the end of this policy.

Reasons for data retention include:

• Providing an ongoing service
  • Sending a newsletter or event invitation
  • Ongoing training or participation in PairSoft programs and services
• Fulfilling contractual obligations and delivering services
• Forecasting and preparing for the future
• Processing of employee payroll and other benefits
• Maintenance of accurate financial records
• Compliance with applicable laws and regulations associated with financial reporting
• Compliance with applicable labor, tax and immigration laws
• Other regulatory requirements
• Security incident or other investigation
• Intellectual property preservation
• Litigation
• Physical security maintenance records
• Access logs

The following records may be preserved indefinitely:

• Tax returns and audits
• Internal PairSoft policies
• Partnership and vendor contracts
• Real estate purchase and lease documentation
• Financial statements and annual reports
• Results of audits and legal investigations

PairSoft is responsible for staying updated on changes in data privacy regulations and industry best practices. Our regular audits and review may result in updates to our data management and retention policies.

How we determine data retention periods

The following guidelines apply to all categories of data collected and processed per the PairSoft Privacy Policy. Safeguards for the protection of data during retention and transfer are specifically defined in the

Standard Contractual Clauses (SCCs) necessary for GDPR compliance. A full copy of these documents may be requested via privacy@parisoft.com

Visitors

Website visitor data will be retained as long as necessary to provide the service requested/initiated through the PairSoft website or until a user opts-out, deletes, or updates. A person may object at any time to the processing of personal data for marketing purposes.

PairSoft monitors follower engagement and uses various analytics tools for insight. Additional third-party social platforms provide organized insights pulled from multiple channels: this data tracks the interests and behavior of visitors.

We retain information derived from cookies and other tracking technologies for a reasonable time from the date such information was created. Data held beyond the retention period will be anonymized.

Job Candidates: Recruitment, Selection, and Hiring

Candidate data, including interview notes of unsuccessful applicants, will be held for at least 1 year after the application process ends unless candidate consent is provided, or national and local employment and/or privacy regulations require otherwise.

This data includes:

• Job applications
• Resumes
• Job advertisements
• Screening tools/tests
• Interview notes and other records related to hire/no-hire decisions
• Copy of EEO-1 survey and self-identification forms if applicable
• Background checks

Employees: Employment and taxes

Basic Employee data is updated and stored during the employment term and then up to 3 years after the last day of employment. The Employee mailbox is stored until 6 months after leaving the company.

Data associated with employee wages, employment condition agreements, healthcare, leave, retirement, and pension are retained according to specific laws. The full details for employees (including United States Federal Contractors) are a part of our internal Employee Privacy Information. A copy of this can be requested via privacy@pairsoft.com.

Visitors and Employees: Physical Access Data

Where PairSoft records access to physical locations, such as CCTV footage from public areas, the data will be retained a maximum of 4 weeks after creation (unless the footage pertains to criminal activities, then as long as necessary).

Customers: Prospects

If a User has elected to receive marketing emails from PairSoft via opt-in, we will retain information about marketing preferences for a reasonable period from the date a User has last expressed interest in our Services, such as when they last opened an email from us or when they requested to opt-out of communications.

Customers: Prospects

Basic Customer and prospect relationship data, including lead data and unsuccessful quotations, are stored for the agreement’s duration and up to 2 years after last contact.

Customers: Information you share on the Services

If a User’s account through a PairSoft Customer is deactivated or disabled, then some of the User’s information and their provided content will remain to allow team members or other Users to make use of the Services. When requested, the details that can identify a specific user will be removed according to the PairSoft Privacy Policy.

Customer support data within the PairSoft ticket system are stored for up to 3 years after creation. Within communication and tracking systems, PairSoft may continue to display messages a user has sent to recipient Users for the length of the Customer contract.

Customers: Managed Accounts

If the PairSoft Services are made available to you through an organization (e.g., your employer), we will retain your information as long as required by the administrator of your account.

Customers: Account information

PairSoft retains account information for as long as the Customer account is active and a reasonable period thereafter in case of a decision to re-activate the Services.

We also retain some Customer information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services.

Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

Financial Administration

The following financial data will be held for 7 years:

• The general ledger
• Accounts receivable and payable
• Bank statements
• Inventory administration
• Sales and purchase administration
• Payroll records and tax returns
• Annual financial statements

The following financial data will be held for 5 years:

• Real estate
• Electronic services
• Telecommunication services
• Signed quotations and contracts

Financial data held permanently:

• Contracts and Leases
• Deeds, Mortgages, Bills of Sale
• Insurance Records
• Accountant Audit Reports
• Legal correspondence

Data exemptions

Certain types of data are exempt from the GDPR. For example, information about companies or public authorities is not considered personal data. Data processed for archives or that are within the public interest are exempt.

Data collected or exchanged for public safety and the safeguarding of prevention, investigation, detection or prosecution of criminal offences are excluded from GDPR.

PairSoft periodically reviews its policy for data management periodically to ensure data is not retained for longer than necessary.

How we remove data

Data Destruction ensures that PairSoft manages the data it controls and processes it in an efficient and responsible manner.

When the retention period for the record expires, PairSoft will actively destroy the data covered by this policy. Authorized employees discard records either by shredding physical documents or deleting data from a database, application, or computer. Printed copies of electronic files are shredded, too.

Records may also be discarded upon request from a stakeholder. For example, a customer or partner may ask us to delete their information from our databases. In this case, managers will authorize employees to discard relevant records.

If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his/her supervisor and provide information as to why the data should not be destroyed.

Any exceptions to this data retention policy must be approved by the PairSoft Data Protection Officer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Additional Data Privacy information

PairSoft works in many countries around the world, and each has established their own privacy rules and laws. In the United States, individual states have passed their own regulations for internet privacy.

The policies, etc. listed below are not all-inclusive: the list will be updated periodically and posted here.

PairSoft currently complies with these International Privacy Certifications and Standards:

• In the European Union (EU), the General Data Protection Regulation, or GDPR, provides privacy rights for individual persons residing or working in the EU.

In the United States, PairSoft follows many important regulations for online privacy, including:

• The Children’s Online Privacy Protection Act (COPPA) regulates how online companies can collect and use data on children under the age of 13.
• The Sarbanes-Oxley Act (SOX) requires public companies to retain financial records for at least seven years, while the Fair Labor Standards Act (FLSA) requires employers to keep records for at least three years.
• The California Privacy Rights Act (CPRA), which went into effect in January 2023, requires companies to disclose how long they keep personal information or the criteria they use to determine retention periods. California Legislation Information Bill AB-375 Text (CCPA)

Most U.S. policies regarding person data –especially for employees—are managed by the Department of Labor plus other government agencies and offices.

The list below includes many of the U.S. regulations for personal data that PairSoft follows:

• Age Discrimination in Employment Act (ADEA)
• Americans with Disabilities Act (ADA) Civil Rights Act of 1964 (Title VII)
• Section 503 of the Rehabilitation Act Executive Order 11246
• Vietnam Era Veterans Readjustment Assistance Act (VEVRAA)
• Employee Polygraph Protection Act
• Consolidated Omnibus Budget Reconciliation Act (COBRA)
• Family Medical Leave Act (FMLA)
• Occupational Health & Safety Act (OSHA)
• Walsh-Healey Act (federal contractors)
• Federal Insurance Contribution Act (FICA)
• Federal Unemployment Tax Act
• Internal Revenue Code
• Civil Rights Act of 1964 (Title VII) Fair Credit Reporting Act (FCRA)
• Immigration Reform and Control Act (IRCA) Immigration and Nationality Act (INA)
• Equal Pay Act (EPA)
• Lilly Ledbetter Fair Pay Act
• Fair Labor Standards Act (FLSA)
• Service Contract Act
• Davis-Bacon Act

More information on these available via the United States Department of Labor.

How to contact us

If you have any questions about Our Company’s privacy policy and your personal data, or you would like to exercise one of your data protection rights, please do not hesitate to contact us. We have appointed a Data Protection Officer as our representative in the EU for data protection matters.

Email us at: privacy@pairsoft.com

Write to us at:

Paramount Technologies Inc, dba PairSoft

Attn: Data Privacy Officer

382 NE 191st St.

PMB 58356

How to contact the appropriate authority

Should you wish to report a complaint about how we handle your data, or if you feel that PairSoft has not addressed your concern in a satisfactory manner, you may contact the appropriate data protection authorities (DPAs).

DPAs in the European Union are independent public authorities that supervise the application of data protection law. You can lodge a complaint in the Member State of the European Union where you reside or work, or where the alleged violation of the GDPR occurred.

You can find an overview of all data protection authorities in the European Union on the European Data Protection Board website: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en .

Additional information can be found online at:

• Find your National Data Protection Authority online
  (https://edpb.europa.eu/about-edpb/board/members_en)
• European Commission website
  (https://commission.europa.eu/index_en)
• GDPR.EU website
  (https://ec.europa.eu/programmes/horizon2020/en/)