BNI^® Retention

Effective/Last Updated: January 1, 2023
Last Reviewed/Revised on: January 1, 2023

BNI^®DATA RETENTION POLICY

I. Overview

BNI Worldwide Development Ltd., together with its related affiliates BNI Franchising, LLC, Prosperity Brands, LLC, BNI Intermediate Holdings, LLC, BNI International Holdings CTB, LLC, BNI Holdings, LLC, BNI Global Holdings, LLC, BNI Global, LLC, BNI Connect Global, LLC, BNI India Enterprises Private Limited, BNI Singapore Enterprises Private Limited, BNI Lanka Enterprises Private Limited, BNI Hong Kong Enterprises (PVT) Limited, BNI Enterprises Business Network (Guangzhou) Co. Ltd, BNI Network France, Chapters France, BNI Networking & Referral Ireland Holding Limited, Netwerk Organisatie Nederland en Vlaanderen B.V., Network Organisation Benelux Limited, Brec S.r.l, Business Networking & Referrals Limited, Networking & Business Referrals Limited, Scion Social Holdings, LLC, Scion Social Private Limited, Scion Social Pte. Ltd., Corporate Connections Franchising, LLC, Corporate Connections Global, LLC, Corporate Connections Worldwide Development Ltd., CorpConnect Enterprises India Private Limited (“BNI“, “us“, “our” or “we“) adopts this Policy (as defined below) to balance our legal obligations and the need to retain information for business purposes against the cost of storing and securing such information. 

II. Purpose

This Data Retention Policy (“Policy”) has been adopted by BNI in order to manage risks related to legal and compliance requirements and our ability to continue business operations. The purpose of this Policy is to ensure that necessary records and documents of BNI are protected and maintained and that records no longer needed by BNI or are of no value are discarded at the proper time. This Policy is also for the purpose of aiding company employees in understanding their obligations in retaining electronic documents – including e-mail, web files, PDF documents, and all Microsoft Office or other formatted files

III. Definitions

1. RECORDS

A record is any information medium, regardless of physical form or characteristic, that was created or received by us while transacting business and is appropriate for preservation because of its evidential or informational value.

For purposes of this Policy, records shall be broadly construed to include all categories of recorded information that are relevant and necessary to BNI in its business operations, including, but not limited to, contracts, correspondence, forms, memoranda, drawings, photographs, reports, spreadsheets, blueprints, training, recorded procedures, policies, and manuals.  Under this Policy, records include, but are not limited to, all categories of information recorded on paper, computer discs, computer mass storage, wireless devices, cloud storage, digital cameras, microfilm, microfiche, and blueprints, whether maintained at BNI’s offices, facilities, any off-site storage facilities, employees’ homes, or elsewhere.

2. PERSONAL DATA

Personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” (GDPR, art. 4(1))

3. RETENTION PERIOD

The “Retention Period” for any given record is the period for which a record must be maintained. The calculation for the applicable retention period begins at the end of the year in which the record was created and ends on the approved disposal date in accordance with BNI’s business needs and legal/regulatory requirements as reflected in the Retention Schedules, which may be updated from time to time by BNI’s legal department (“Legal”) in consultation with the BNI Compliance Team. Records shall be retained only for as long as a valid business reason exists or as required by law. Personal Data may not be retained any longer than is reasonably necessary and proportionate for the purposes for which the Personal Data are processed. Valid business reasons include the effective operation of BNI’s business, the regular course of business for a particular BNI department regarding the usefulness of a certain record, compliance with legal and regulatory obligations, and the retention of records, which may be pertinent to ongoing or reasonably foreseeable litigation, legal hold, or government investigation. With respect to records which may relate to ongoing or potential litigation or government investigation or audit, normal retention is suspended, and final disposition of a record must then depend upon written approval from both the finance department (“Finance”) and Legal as well as the BNI Information Technology Compliance manager.  See Sections XIII and XIV.

4. RECORD REVIEW

Every twelve (12) months, or upon expiration or termination of contract entered into with third party suppliers, vendors, and/or member, or other time period as determined by Legal in consultation with the BNI Compliance Team, on a rolling basis, department by department, a review of all Retention Schedules for each BNI department shall occur: to ensure that all records necessary for business and regulatory reasons are being properly maintained; to make changes in retention periods; to identify new record series if needed; and to ensure that records up for disposition are properly destroyed according to retention schedules.  A report for each BNI department will be created and reviewed by Legal, Finance and, if applicable, the relevant regulatory agencies for process improvement, to identify compliance issues and to support litigation and regulatory actions.

IV. Persons Accountable

A. CHIEF EXECUTIVE OFFICER

The Chief Executive Officer or head of any BNI affiliate covered under this Policy (each a “CEO”) ensures the development, implementation, and maintenance of the Policy.

B. CHIEF FINANCIAL OFFICER

The Chief Financial Officer (“CFO”), head of finance of each affiliate or business unit, or appointed designee, as applicable, along with Legal Counsel is responsible for,

• Reviewing and approving retention schedules (as described at Section XVI below) pursuant to accounting practices, tax and other regulations. 
• Determine and communicate what records will be included in a tax audit hold. 
• Providing information to records management on the completed tax audits for disposition activities and possible upcoming holds for tax audits.

C. LEGAL COUNSEL

Legal Counsel or designee is responsible for:

• Reviewing and approving retention schedules along with the CFO pursuant to relevant regulations.
• Determining and communicating what records are subject to a litigation hold.
• In cooperation with the BNI Compliance manager, providing instruction to employees on the Policy and Retention Schedules.
• In cooperation with BNI Compliance manager, issuing written permission to reinstate Retention Schedules following notification of pending and/or foreseeable litigation, investigation, or audit.

D. COMPLIANCE TEAM

The Compliance Team led by the Compliance manager (with representation from the technology, legal, finance, operations, marketing and business functions) is responsible for:

• the implementation of and compliance with this Policy throughout BNI.
  • This includes the development, implementation, maintenance and updating of the Retention Schedules for all areas.
• Monitoring archive areas, file rooms, inactive records, and the oversight of any facility where records are stored, as well as ensuring only authorized access to company intellectual property.
• Providing instruction to employees on the Policy and Retention Schedules.  
• Information Technology (“IT”) will be responsible for coordinating the access, transfer, and retrieval of records from all physical and electronic storages.
• Providing retention schedule compliance audits and reviews in conjunction with the CEO, CFO (or his or her designee), Data Protection Officer, and Legal Counsel reviews.
• Coordinating the records management activities of each of the departments utilizing the BNI Department Managers (as defined below) where available.

E. BNI DEPARTMENT MANAGER

Each BNI Department Manager will be responsible for

• Records management coordination within that group (“Department Manager”).
• Developing, implementing, maintaining and updating, pursuant to this Policy, retention schedules for their department.
• Informing their department of the existence of this Policy and ensuring compliance with its guidelines. Further, this person will be responsible for coordinating efforts with the Compliance Team. The BNI Department Manager could be responsible for more than one function, as needed on a site-by-site basis.

F. DATA PROTECTION OFFICER

The Data Protection Officer (“DPO”) is responsible for advising and monitoring the development, implementation, and maintenance of this Policy, to the extent that it relates to Personal Data. BNI’s DPO can be contacted at dpo@bni.com.

G. INDIVIDUAL EMPLOYEES

As described below under the section entitled “General Procedures,” it is the duty of each BNI employee to be familiar with the requirements of this Policy and to periodically review their records and files, including their electronic and computer records and files, for processing of records pursuant to this Policy.

V. Scope

This Policy applies to all Persons who have or have had, during the duration of their employment or interaction with BNI, access to or/and data retention responsibilities for BNI Informational Resources. Informational Resources may include, but are not limited to, Personal Data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location. These Records may be created, received, or maintained in hard copy or electronically.

This Policy applies to all “Persons” referred as members, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to Personal Data or Records. It is the responsibility of all the above to familiarize themselves with this Policy and ensure adequate compliance related with it.  (Please refer XVI – A) Need to retain certain Records may be mandated for federal; local laws; federal regulations, legitimate business purposes as well as the EU General Data Protection Regulations (GDPR).

VI. Policy

A. Responsibilities

Legal shall establish enterprise-wide retention procedures for the organization.  In establishing BNI’s retention procedures, Legal shall consider legal and compliance requirements, litigation needs, business processes, privacy concerns, and the cost of retaining information.

Legal Counsel in tandem with members of the Compliance Team is responsible for preparing and maintaining a comprehensive data retention, archiving, and destruction schedule (“Retention Schedule”). The Retention Schedule will consider active and inactive electronic information including data held in servers, databases, storage arrays, backup media, important workstations, e-mail, log files, and other types of electronic storage devices.

B. Policy Statement

The need to retain Personal Data varies widely based on data type. Some Personal Data can be immediately deleted, some must be retained until future needs no longer exist. This Policy provides guidelines to ensure that all applicable laws, regulations and BNI’s rules on Personal Data retention are consistently applied throughout the organization.

C. Reason for Data Retention

Some Personal Data must be retained to protect the organization’s interests, comply with regulatory requirements, preserve evidence, and conform to good business practices. Personal Data may be retained for one or several of the following reasons:

• Business Requirements
• Regulatory/Compliance Requirements
• Litigation
• Security incident or other investigation.
• Intellectual property preservation

VII. Data Types and Records Inventory

Each BNI department is to maintain an inventory of required Data Types and their processing of the Data Types under departmental control.  Entries to the inventories are to be categorized to assist BNI Department Manager with policy compliance, data retention, archiving, and destruction policies. 

• Lawful Purpose of Processing
• Data Subject Type
• Data Type
• Data Processor details
• Location
• Requirements met for a Sensitive Personal Data (if applicable).
• Retention Period

Data will be categorized and maintained as designed by the United Kingdom’s Information Commissioner’s Office (WHEREVER APPLICABLE) (See Link in Reference Section):

• Personal Data/Records Name
• Office Location
• Data/Records Function Description
• Data Controller Access
• Data Classification
• Data Purpose
• Data Recipient
• Data Processing/Backup/Storage
• Data Use Period
• Data Retention Period/Schedule
• Data/Record Security Measure
• Data Purge (Disposal) Process
• Data Protection Bill/Special Category/Convention/Offence Alignment
• Contact Person Name
• Contact Email

VIII. Persons Accountable

Records Retention Schedule as described herein is attached to this Policy. Following an analysis of BNI’s business needs and any applicable legal and regulatory requirements, a Retention Schedule which dictates the useful life and subsequent processing date of records has been created for general purposes and each BNI department.  Records are grouped by general and functional categories. The general schedule includes those records pertaining to and common to BNI. Functional schedules include record categories specific to a department.  Retention Schedule will include the applicable BNI Department Manager, the record categories by subject, the period through which the record should be maintained pursuant to any legal requirement and/or business need, and the disposal date. Each record or record series on a Retention Schedule will be assigned an identification number. All Retention Schedules, including future changes to them, must be approved by the CEO, CFO, IT, Business, and Legal Counsel.

IX. General Considerations

This Policy and the Retention Schedule are designed to meet the business needs of BNI as well as the legal requirements of various governmental and other regulatory agencies. In addition, this Policy is designed to ensure the proper selection, retention, and, following the end of the Retention Period, appropriate disposition of records. When no regulatory or legal requirement exists, a record’s Retention Period is based on BNI’s business needs.

It is important to note that not all records are subject to the Retention Periods set forth in this Policy. Only records, which are relevant and necessary to the operation of BNI, are subject to the Retention Schedule. Unless otherwise set forth in the Retention Schedule, it is the policy of BNI that all records be disposed of within two (2) years after the date on which the record is generated. Any questions concerning the Retention Periods listed or records not addressed by the Retention Schedule should first be directed to the BNI Department Manager, and if further questions exist, to the Compliance Team.  

X. General Procedures

A. Employee Responsibility

Individual employees shall be responsible for reviewing their own records, including e-mails, and making determinations, pursuant to this Policy, as to whether the records, (1) are necessary and relevant to BNI’s business, (2) fall within a listed BNI department, (3) must be retained pursuant to an existing Retention Schedule, (4) must be disposed of pursuant to a Retention Schedule, and/or (5) are subject to pending or threatened litigation or regulatory proceedings. All records that must be retained pursuant to this Policy shall be held by the individual until those records are forwarded, at a designated time or upon request, to the BNI Department Manager. It is the responsibility of each BNI employee to comply with his or her applicable Retention Schedule(s) and with the requirements related to the disposition of records, regardless of media, format or location. If an individual employee has any doubts about the implementation of this Policy, they should contact the Compliance Team for clarification.

B. Annual File Clean-Up

At least once during each calendar year, the BNI Department Manager will ensure that each employee and each working group for which the BNI Department Manager has responsibility has reviewed its files and kept or discarded all electronic and paper files in accordance with this Policy (the “Annual File Clean-Up”). Each employee shall forward all records in his or her possession to the BNI Department Manager for storage or other disposition in accordance with this Policy.

Employees and their managers are responsible for ensuring that all files, desks, credenzas, computers, hard drives, laptops and disks and any other storage space used by them are reviewed and cleared of unnecessary records in connection with the Annual File Clean-Up. The IT department will support and ensure that proper deletion procedures are followed.  In the event that records are located on non-networked laptops or PCs, the records should be saved to a disk and sent to the BNI Department Manager.

C. Duties of the BNI Department Manager

Periodically throughout the year, the BNI Department Manager will communicate with the employees in the BNI department to field questions, provide training and ensure consistent implementation of this Policy. On at least an annual basis and following the Annual File Clean-Up, the BNI Department Manager will review the records in his or her possession and determine, pursuant to the Policy and Retention Schedule, whether the records must be retained, either on-site or in an off-site facility, or processed pursuant to the Retention Schedule. See Section XVI.

Following each Annual File Clean-Up, the BNI Department Managers, the Compliance Team and Legal Counsel will meet to discuss issues regarding consistent implementation of the Policy and/or any questions that have arisen during the previous period.

D. Litigation Holds

In situations where legal action or government investigation is pending or is reasonably foreseeable or contemplated, all Retention Schedules with respect to any records related to such legal action or government investigation shall be suspended until written approval to reinstate such Retention Schedules is issued by both Legal Counsel and the Compliance Team. If persons in a BNI department have a reason to believe that legal action or government investigation may be a possibility, they are to cease the destruction of any relevant records and immediately notify their BNI Department Manager who will then notify the Compliance Team and Legal Counsel.  Relevant records may not be altered where legal action or government investigation is pending or is reasonably foreseeable or contemplated. See Section XII.

E. Tax Audit Hold – Annual Update Regarding Tax Audit Status

Many of the Retention Schedules are tied to completion of federal, state and local tax authority audits.  All documents which are to be retained until Final Tax Audit (“Final Tax Audit” or “FTA”) on the attached Retention Schedule should be retained until written notice is provided by the relevant tax authority or the Company Manager that the tax audit cycle which the information encompasses is completed. See Section XIII.

XI. Disposal of Records

Unless legal, business or other compelling considerations intervene, records must be properly disposed of at the end of the period specified in the Retention Schedule.

Records throughout the various BNI departments, including records at any off-site storage facility, should be reviewed on an annual basis to identify those records, which should be properly disposed of pursuant to this Policy. Once records are identified by each BNI department, the BNI Department Manager should prepare a form listing the records scheduled for disposal. The form should then go to the Compliance Team who, in coordination with the CEO, CFO, and Legal Counsel, will review the records and in accordance with this Policy, as well as any legal or tax requirements, approve or disapprove of disposal. If approved, the records shall be disposed of and a “Disposal of Records” form signed by the person witnessing their disposal. The “Disposal of Records” form should also set forth the dates and descriptions of the records, the Retention Period, and the date of disposal. If disapproved, the records shall be listed on a “Not Approved for Disposal” form along with the dates and descriptions of the records, the Retention Period, the reasons for rejecting disposal, and the signature of the Compliance Team. These records and the form shall be retained pursuant to this Policy. The Compliance Team will be responsible for keeping the “Disposal of Records” and “Not Approved for Disposal” forms for the appropriate retention period for these forms pursuant to this Policy.

Disposal of all records, including electronic records, shall be made in such a way that the records cannot be recovered. Permanent disposal of paper records may be achieved by shredding the records. Permanent disposal of electronic records, however, may be more complicated and may include permanent changes to the record that deidentify, anonymize or pseudonymize, depending on applicable law. The permanent changes to these records should be made in accordance with guidelines provided by Legal and IT. Should questions arise as to the permanent disposal of electronic records, the BNI Department Manager will work with IT to ensure proper disposal pursuant to the Policy. All the disposed data must be encrypted in a way that there are no data breaches and should be continuously safeguarded.

If the disposal is outsourced, the vendor/contractor must first be assessed to ensure they comply with our Data Protection and Information Security Standards and appropriate contracts with Data Protection and Information Security clauses must be implemented.

XII. Litigation Hold

Records shall not be destroyed if they are subject to a litigation hold.  A litigation hold should be placed on any records that are relevant to pending or reasonably foreseeable litigation and actual or reasonably foreseeable government investigation or audit. This includes without limitation all electronic and hard copies. Information concerning the creation of a litigation hold should be distributed by Legal Counsel or the Compliance Team throughout the affected areas of BNI, including the BNI departments affected, Compliance Team, and IT. Categories of documents subject to a litigation hold will be reviewed and revised periodically to reflect changes in BNI’s legal environment.

Once data is subject to a hold, destruction of that data, even inadvertent destruction, may result in severe penalties. The litigation hold will serve to suspend the Retention Schedules for the appropriate records.  Records subject to a litigation hold may not be destroyed or altered even if the Retention Period according to the applicable Retention Schedule has expired.  Such records should be identified as being subject to a hold in order to alert people who encounter such records that destruction is not to proceed. The reasons for the hold should also be identified. The Retention Schedule for records on hold may only be reinstated when written approval is obtained from Legal Counsel and the Compliance Team. Questions regarding whether certain documents should be subject to a litigation hold should be directed to the BNI Department Manager, the Compliance Team and/or Legal Counsel.

XIII. Tax Audit Hold

Records shall not be destroyed if they are subject to a tax audit hold. A tax audit hold should be placed on any records that may be requested as part of a federal, state, or local tax audit. The tax authorities have broad authority to examine the books and records of the taxpayer. The tax authorities may examine any books, papers, records, or other data that may be relevant or material to ascertain the correctness of any federal income tax return or any internal revenue tax of any corporation or other person. The categories of documents subject to a tax audit hold will be reviewed and revised periodically.

Once data is subject to a hold, destruction of that data, even inadvertent destruction, may result in tax authority adjustments to BNI’s taxable income calculations and severe penalties. Questions regarding whether certain documents should be subject to a tax audit hold should be directed to the BNI Department Manager, the Compliance Team and/or the relevant tax authority.

XIV. Personal Data Hold

Personal Data shall not be destroyed if they are subject to requests from the data subjects to exercise their rights to be informed if their Personal Data are being processed, to be provided with copies of their Personal Data, to rectification of their Personal Data, to restriction of the data’s processing, or their right of data portability.

XV. Policy Maintenance

An effective and responsible Data Retention Policy must be reviewed and revised according to the changing needs of BNI and any legal or regulatory requirements. A regular review of the Policy is key in determining whether the Policy needs to be updated and whether the Policy is being instituted on a systematic basis. 

On at least an annual basis, BNI Department Managers should complete an audit of their area’s records in order to determine whether Retention Schedules, disposal dates, and Litigation Holds, if any, have been implemented.  Written verification of review and compliance should be signed and sent to the Compliance Team. This written verification shall be retained pursuant to this Policy.

Personnel who become aware of changes in regulatory requirements or business needs concerning certain records are to report any such changes to the BNI Department Manager. The BNI Department Manager should then notify the Compliance Team is to review the changes, make subsequent revisions to the Retention Schedules, obtain approval of the changes from the CEO, CFO and Legal Counsel and notify all BNI department personnel of the approved revisions.

XVI. Retention Schedule

This Retention Schedule provides a management tool for identifying and determining the retention and disposal of functional records. It contains valuable information and guidance to the organization in respect to the categories of Record Types it creates. It is therefore an important business tool and assists to guide compliance with legal obligations.

Maximum record retention periods represent the most conservative statutes of limitation of the countries in which BNI operates.

The aims of the Retention Schedule are to:

• Identify records which are worth preserving, storing, and/or destroying.
• Prevent the premature destruction of records which need to be retained for a specific period to satisfy legal, financial and other requirements of public administration; and
• Authorize the destruction of those records not required for business operations.

If any new Data Types are identified, for example arising from a new function or new record type and are not referred to in this Retention Schedule, they must not be destroyed. In such a situation the Legal Counsel and the Compliance Team (compliance@bni.com) must be contacted with a request to amend the Retention Schedule.  No Data Types are to be destroyed until approval is obtained from Legal Counsel and the Compliance Team to amend this Retention Schedule.

A. Retention Schedule

*Referral slips will have all personally identifiable information redacted after two years from the time the slip was entered into BNI Connect.

B. Record Storage and Backup Schedule

• Human Resources
  • Human Resources electronic files will be secured, stored, and backed up leveraging Microsoft’s Office 365 data security and backup policy
  • Human Resources non-electronic files will be physically secured within BNI Global and/or National Offices
• Accounting and Finance
  • Accounting and Finance electronic files will be secured, stored, and backed up leveraging Microsoft’s Office 365 data security and backup policy
  • Accounting electronic Intuit files will be secured, stored, and backed up leveraging Intuit’s data security and backup policy
  • Accounting and Finance non-electronic files will be physically secured within BNI Global and/or National Offices
• Legal
  • Legal electronic files will be secured, stored, and backed up leveraging Contract Safe data security and backup policy
  • Legal non-electronic files will be physically secured within BNI Global and/or National Offices
• Operations and Training
  • Operations and Training files will be secured, stored, and backed up leveraging Schoox data security and backup policy
• Information Technology
  • System of Record individual and data files are backed up securely within our various cloud environments subject to information security policy and backup policy
  • Information Technology non-electronic files will be physically secured within BNI Global and/ or National Offices.
• Marketing
  • Marketing data will be secured, stored, and backed up leveraging Marketo data security and backup policy
  • Marketing data transitioned to BNI from Marketo will be backed leveraging Rackspace data security and backup policy.

C. Record Disposal

Hard copies of documents will be destroyed by shredding after they have been retained until the end of their retention period specified in the Retention Schedule. Copies of computer backups will be sanitized or destroyed by other proven means of destroying such media after they have been retained until the end of their retention period specified in the Retention Schedule.

XVII. Enforcement

BNI Department Managers will be required as part of the Compliance Team’s annual data retention review of each department to acknowledge in writing their compliance with this Policy.

BNI employees and/or BNI departments found to be out of compliance with maintaining Data Type Records, Data Retention Schedules, and this Policy are subject to the disciplinary terms set forth by standing employment and contractual agreements.

XVIII. References

United Kingdom Information Security Office:  https://www.ico.org.uk/

XIX. Distribution

This Policy is to be made available to all BNI employees and BNI departments and other BNI team members if required as part of employment, contractual agreement or otherwise required as per statutory obligations.

XX. Policy Review and Revision

Legal Counsel and Compliance Team will review the structure and use of this Policy annually.  Revised Retention Schedules will be submitted to BNI Worldwide Development Ltd., for review and approval prior to its implementation.

©2023 BNI Global LLC. All rights reserved.