BettrData Data Handling Policy

Data Handling

Types of data

The following types of data are stored, processed, and/or transmitted on system components that are owned, operated, maintained, and controlled by

    • Sensitive: applies to the most sensitive business information, to which access is strictly limited (e.g., passwords, encryption keys)
      Confidential: applies to less sensitive business information, which is intended for use solely by the company, and/or its customers (e.g., personally identifiable information (PII), balance sheets, income statements, internal market research, audit reports)
    • Public: applies to all other information that does not clearly fit into the above classifications
    • Retention: retains Sensitive and Confidential data only for as long as necessary to fulfill its purposes, unless otherwise required by law or to meet legal and customer contractual obligations. To support compliance with these obligations, the chief technology officer, CTO, or an equivalent role reviews data retention practices on an annual basis.
    • Disposal: securely disposes of sensitive and confidential data,following defined processes. Once it is no longer necessary for legal, regulatory, or business requirements, or it has reached the end of its retention period, the following methods are used for both hardcopy and electronic data:
      • Purging and deleting data from all system components using a secure, wipe program in accordance with industry, accepted standards for secure, deletion (e. g. degaussing)
      • Destroying any cardholder data that is in a hardcopy format, (e.g. cross shredding).
      • For electronic media stored on system components that are no longer in use, data is disposed of through one of the following methods: disintegration shredding by a disk grinding device, incineration by licensed incinerator, and pulverization. Instances of customer data disposal are tracked via ticketing system to document the steps taken to complete the removal.
Scroll to Top