Click the drop down arrow to select your language. -
Effective/Last Updated: January 1, 2023
Last Reviewed/Revised on: January 1, 2023
BNI®DATA RETENTION POLICY
BNI Worldwide Development Ltd., together with its related affiliates BNI Franchising, LLC, Prosperity Brands, LLC, BNI Intermediate Holdings, LLC, BNI International Holdings CTB, LLC, BNI Holdings, LLC, BNI Global Holdings, LLC, BNI Global, LLC, BNI Connect Global, LLC, BNI India Enterprises Private Limited, BNI Singapore Enterprises Private Limited, BNI Lanka Enterprises Private Limited, BNI Hong Kong Enterprises (PVT) Limited, BNI Enterprises Business Network (Guangzhou) Co. Ltd, BNI Network France, Chapters France, BNI Networking & Referral Ireland Holding Limited, Netwerk Organisatie Nederland en Vlaanderen B.V., Network Organisation Benelux Limited, Brec S.r.l, Business Networking & Referrals Limited, Networking & Business Referrals Limited, Scion Social Holdings, LLC, Scion Social Private Limited, Scion Social Pte. Ltd., Corporate Connections Franchising, LLC, Corporate Connections Global, LLC, Corporate Connections Worldwide Development Ltd., CorpConnect Enterprises India Private Limited (“BNI“, “us“, “our” or “we“) adopts this Policy (as defined below) to balance our legal obligations and the need to retain information for business purposes against the cost of storing and securing such information.
This Data Retention Policy (“Policy”) has been adopted by BNI in order to manage risks related to legal and compliance requirements and our ability to continue business operations. The purpose of this Policy is to ensure that necessary records and documents of BNI are protected and maintained and that records no longer needed by BNI or are of no value are discarded at the proper time. This Policy is also for the purpose of aiding company employees in understanding their obligations in retaining electronic documents – including e-mail, web files, PDF documents, and all Microsoft Office or other formatted files
A record is any information medium, regardless of physical form or characteristic, that was created or received by us while transacting business and is appropriate for preservation because of its evidential or informational value.
For purposes of this Policy, records shall be broadly construed to include all categories of recorded information that are relevant and necessary to BNI in its business operations, including, but not limited to, contracts, correspondence, forms, memoranda, drawings, photographs, reports, spreadsheets, blueprints, training, recorded procedures, policies, and manuals. Under this Policy, records include, but are not limited to, all categories of information recorded on paper, computer discs, computer mass storage, wireless devices, cloud storage, digital cameras, microfilm, microfiche, and blueprints, whether maintained at BNI’s offices, facilities, any off-site storage facilities, employees’ homes, or elsewhere.
2. PERSONAL DATA
Personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” (GDPR, art. 4(1))
3. RETENTION PERIOD
The “Retention Period” for any given record is the period for which a record must be maintained. The calculation for the applicable retention period begins at the end of the year in which the record was created and ends on the approved disposal date in accordance with BNI’s business needs and legal/regulatory requirements as reflected in the Retention Schedules, which may be updated from time to time by BNI’s legal department (“Legal”) in consultation with the BNI Compliance Team. Records shall be retained only for as long as a valid business reason exists or as required by law. Personal Data may not be retained any longer than is reasonably necessary and proportionate for the purposes for which the Personal Data are processed. Valid business reasons include the effective operation of BNI’s business, the regular course of business for a particular BNI department regarding the usefulness of a certain record, compliance with legal and regulatory obligations, and the retention of records, which may be pertinent to ongoing or reasonably foreseeable litigation, legal hold, or government investigation. With respect to records which may relate to ongoing or potential litigation or government investigation or audit, normal retention is suspended, and final disposition of a record must then depend upon written approval from both the finance department (“Finance”) and Legal as well as the BNI Information Technology Compliance manager. See Sections XIII and XIV.
4. RECORD REVIEW
Every twelve (12) months, or upon expiration or termination of contract entered into with third party suppliers, vendors, and/or member, or other time period as determined by Legal in consultation with the BNI Compliance Team, on a rolling basis, department by department, a review of all Retention Schedules for each BNI department shall occur: to ensure that all records necessary for business and regulatory reasons are being properly maintained; to make changes in retention periods; to identify new record series if needed; and to ensure that records up for disposition are properly destroyed according to retention schedules. A report for each BNI department will be created and reviewed by Legal, Finance and, if applicable, the relevant regulatory agencies for process improvement, to identify compliance issues and to support litigation and regulatory actions.
IV. Persons Accountable
A. CHIEF EXECUTIVE OFFICER
The Chief Executive Officer or head of any BNI affiliate covered under this Policy (each a “CEO”) ensures the development, implementation, and maintenance of the Policy.
B. CHIEF FINANCIAL OFFICER
The Chief Financial Officer (“CFO”), head of finance of each affiliate or business unit, or appointed designee, as applicable, along with Legal Counsel is responsible for,
- Reviewing and approving retention schedules (as described at Section XVI below) pursuant to accounting practices, tax and other regulations.
- Determine and communicate what records will be included in a tax audit hold.
- Providing information to records management on the completed tax audits for disposition activities and possible upcoming holds for tax audits.
C. LEGAL COUNSEL
Legal Counsel or designee is responsible for:
- Reviewing and approving retention schedules along with the CFO pursuant to relevant regulations.
- Determining and communicating what records are subject to a litigation hold.
- In cooperation with the BNI Compliance manager, providing instruction to employees on the Policy and Retention Schedules.
- In cooperation with BNI Compliance manager, issuing written permission to reinstate Retention Schedules following notification of pending and/or foreseeable litigation, investigation, or audit.
D. COMPLIANCE TEAM
The Compliance Team led by the Compliance manager (with representation from the technology, legal, finance, operations, marketing and business functions) is responsible for:
- the implementation of and compliance with this Policy throughout BNI.
- This includes the development, implementation, maintenance and updating of the Retention Schedules for all areas.
- Monitoring archive areas, file rooms, inactive records, and the oversight of any facility where records are stored, as well as ensuring only authorized access to company intellectual property.
- Providing instruction to employees on the Policy and Retention Schedules.
- Information Technology (“IT”) will be responsible for coordinating the access, transfer, and retrieval of records from all physical and electronic storages.
- Providing retention schedule compliance audits and reviews in conjunction with the CEO, CFO (or his or her designee), Data Protection Officer, and Legal Counsel reviews.
- Coordinating the records management activities of each of the departments utilizing the BNI Department Managers (as defined below) where available.
E. BNI DEPARTMENT MANAGER
Each BNI Department Manager will be responsible for
- Records management coordination within that group (“Department Manager”).
- Developing, implementing, maintaining and updating, pursuant to this Policy, retention schedules for their department.
- Informing their department of the existence of this Policy and ensuring compliance with its guidelines. Further, this person will be responsible for coordinating efforts with the Compliance Team. The BNI Department Manager could be responsible for more than one function, as needed on a site-by-site basis.
F. DATA PROTECTION OFFICER
The Data Protection Officer (“DPO”) is responsible for advising and monitoring the development, implementation, and maintenance of this Policy, to the extent that it relates to Personal Data. BNI’s DPO can be contacted at firstname.lastname@example.org.
G. INDIVIDUAL EMPLOYEES
As described below under the section entitled “General Procedures,” it is the duty of each BNI employee to be familiar with the requirements of this Policy and to periodically review their records and files, including their electronic and computer records and files, for processing of records pursuant to this Policy.
This Policy applies to all Persons who have or have had, during the duration of their employment or interaction with BNI, access to or/and data retention responsibilities for BNI Informational Resources. Informational Resources may include, but are not limited to, Personal Data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location. These Records may be created, received, or maintained in hard copy or electronically.
This Policy applies to all “Persons” referred as members, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to Personal Data or Records. It is the responsibility of all the above to familiarize themselves with this Policy and ensure adequate compliance related with it. (Please refer XVI – A) Need to retain certain Records may be mandated for federal; local laws; federal regulations, legitimate business purposes as well as the EU General Data Protection Regulations (GDPR).
Legal shall establish enterprise-wide retention procedures for the organization. In establishing BNI’s retention procedures, Legal shall consider legal and compliance requirements, litigation needs, business processes, privacy concerns, and the cost of retaining information.
Legal Counsel in tandem with members of the Compliance Team is responsible for preparing and maintaining a comprehensive data retention, archiving, and destruction schedule (“Retention Schedule”). The Retention Schedule will consider active and inactive electronic information including data held in servers, databases, storage arrays, backup media, important workstations, e-mail, log files, and other types of electronic storage devices.
B. Policy Statement
The need to retain Personal Data varies widely based on data type. Some Personal Data can be immediately deleted, some must be retained until future needs no longer exist. This Policy provides guidelines to ensure that all applicable laws, regulations and BNI’s rules on Personal Data retention are consistently applied throughout the organization.
C. Reason for Data Retention
Some Personal Data must be retained to protect the organization’s interests, comply with regulatory requirements, preserve evidence, and conform to good business practices. Personal Data may be retained for one or several of the following reasons:
- Business Requirements
- Regulatory/Compliance Requirements
- Security incident or other investigation.
- Intellectual property preservation
VII. Data Types and Records Inventory
Each BNI department is to maintain an inventory of required Data Types and their processing of the Data Types under departmental control. Entries to the inventories are to be categorized to assist BNI Department Manager with policy compliance, data retention, archiving, and destruction policies.
- Lawful Purpose of Processing
- Data Subject Type
- Data Type
- Data Processor details
- Requirements met for a Sensitive Personal Data (if applicable).
- Retention Period
Data will be categorized and maintained as designed by the United Kingdom’s Information Commissioner’s Office (WHEREVER APPLICABLE) (See Link in Reference Section):
- Personal Data/Records Name
- Office Location
- Data/Records Function Description
- Data Controller Access
- Data Classification
- Data Purpose
- Data Recipient
- Data Processing/Backup/Storage
- Data Use Period
- Data Retention Period/Schedule
- Data/Record Security Measure
- Data Purge (Disposal) Process
- Data Protection Bill/Special Category/Convention/Offence Alignment
- Contact Person Name
- Contact Email
VIII. Persons Accountable
Records Retention Schedule as described herein is attached to this Policy. Following an analysis of BNI’s business needs and any applicable legal and regulatory requirements, a Retention Schedule which dictates the useful life and subsequent processing date of records has been created for general purposes and each BNI department. Records are grouped by general and functional categories. The general schedule includes those records pertaining to and common to BNI. Functional schedules include record categories specific to a department. Retention Schedule will include the applicable BNI Department Manager, the record categories by subject, the period through which the record should be maintained pursuant to any legal requirement and/or business need, and the disposal date. Each record or record series on a Retention Schedule will be assigned an identification number. All Retention Schedules, including future changes to them, must be approved by the CEO, CFO, IT, Business, and Legal Counsel.
IX. General Considerations
This Policy and the Retention Schedule are designed to meet the business needs of BNI as well as the legal requirements of various governmental and other regulatory agencies. In addition, this Policy is designed to ensure the proper selection, retention, and, following the end of the Retention Period, appropriate disposition of records. When no regulatory or legal requirement exists, a record’s Retention Period is based on BNI’s business needs.
It is important to note that not all records are subject to the Retention Periods set forth in this Policy. Only records, which are relevant and necessary to the operation of BNI, are subject to the Retention Schedule. Unless otherwise set forth in the Retention Schedule, it is the policy of BNI that all records be disposed of within two (2) years after the date on which the record is generated. Any questions concerning the Retention Periods listed or records not addressed by the Retention Schedule should first be directed to the BNI Department Manager, and if further questions exist, to the Compliance Team.
X. General Procedures
A. Employee Responsibility
Individual employees shall be responsible for reviewing their own records, including e-mails, and making determinations, pursuant to this Policy, as to whether the records, (1) are necessary and relevant to BNI’s business, (2) fall within a listed BNI department, (3) must be retained pursuant to an existing Retention Schedule, (4) must be disposed of pursuant to a Retention Schedule, and/or (5) are subject to pending or threatened litigation or regulatory proceedings. All records that must be retained pursuant to this Policy shall be held by the individual until those records are forwarded, at a designated time or upon request, to the BNI Department Manager. It is the responsibility of each BNI employee to comply with his or her applicable Retention Schedule(s) and with the requirements related to the disposition of records, regardless of media, format or location. If an individual employee has any doubts about the implementation of this Policy, they should contact the Compliance Team for clarification.
B. Annual File Clean-Up
At least once during each calendar year, the BNI Department Manager will ensure that each employee and each working group for which the BNI Department Manager has responsibility has reviewed its files and kept or discarded all electronic and paper files in accordance with this Policy (the “Annual File Clean-Up”). Each employee shall forward all records in his or her possession to the BNI Department Manager for storage or other disposition in accordance with this Policy.
Employees and their managers are responsible for ensuring that all files, desks, credenzas, computers, hard drives, laptops and disks and any other storage space used by them are reviewed and cleared of unnecessary records in connection with the Annual File Clean-Up. The IT department will support and ensure that proper deletion procedures are followed. In the event that records are located on non-networked laptops or PCs, the records should be saved to a disk and sent to the BNI Department Manager.
C. Duties of the BNI Department Manager
Periodically throughout the year, the BNI Department Manager will communicate with the employees in the BNI department to field questions, provide training and ensure consistent implementation of this Policy. On at least an annual basis and following the Annual File Clean-Up, the BNI Department Manager will review the records in his or her possession and determine, pursuant to the Policy and Retention Schedule, whether the records must be retained, either on-site or in an off-site facility, or processed pursuant to the Retention Schedule. See Section XVI.
Following each Annual File Clean-Up, the BNI Department Managers, the Compliance Team and Legal Counsel will meet to discuss issues regarding consistent implementation of the Policy and/or any questions that have arisen during the previous period.
D. Litigation Holds
In situations where legal action or government investigation is pending or is reasonably foreseeable or contemplated, all Retention Schedules with respect to any records related to such legal action or government investigation shall be suspended until written approval to reinstate such Retention Schedules is issued by both Legal Counsel and the Compliance Team. If persons in a BNI department have a reason to believe that legal action or government investigation may be a possibility, they are to cease the destruction of any relevant records and immediately notify their BNI Department Manager who will then notify the Compliance Team and Legal Counsel. Relevant records may not be altered where legal action or government investigation is pending or is reasonably foreseeable or contemplated. See Section XII.
E. Tax Audit Hold – Annual Update Regarding Tax Audit Status
Many of the Retention Schedules are tied to completion of federal, state and local tax authority audits. All documents which are to be retained until Final Tax Audit (“Final Tax Audit” or “FTA”) on the attached Retention Schedule should be retained until written notice is provided by the relevant tax authority or the Company Manager that the tax audit cycle which the information encompasses is completed. See Section XIII.
XI. Disposal of Records
Unless legal, business or other compelling considerations intervene, records must be properly disposed of at the end of the period specified in the Retention Schedule.
Records throughout the various BNI departments, including records at any off-site storage facility, should be reviewed on an annual basis to identify those records, which should be properly disposed of pursuant to this Policy. Once records are identified by each BNI department, the BNI Department Manager should prepare a form listing the records scheduled for disposal. The form should then go to the Compliance Team who, in coordination with the CEO, CFO, and Legal Counsel, will review the records and in accordance with this Policy, as well as any legal or tax requirements, approve or disapprove of disposal. If approved, the records shall be disposed of and a “Disposal of Records” form signed by the person witnessing their disposal. The “Disposal of Records” form should also set forth the dates and descriptions of the records, the Retention Period, and the date of disposal. If disapproved, the records shall be listed on a “Not Approved for Disposal” form along with the dates and descriptions of the records, the Retention Period, the reasons for rejecting disposal, and the signature of the Compliance Team. These records and the form shall be retained pursuant to this Policy. The Compliance Team will be responsible for keeping the “Disposal of Records” and “Not Approved for Disposal” forms for the appropriate retention period for these forms pursuant to this Policy.
Disposal of all records, including electronic records, shall be made in such a way that the records cannot be recovered. Permanent disposal of paper records may be achieved by shredding the records. Permanent disposal of electronic records, however, may be more complicated and may include permanent changes to the record that deidentify, anonymize or pseudonymize, depending on applicable law. The permanent changes to these records should be made in accordance with guidelines provided by Legal and IT. Should questions arise as to the permanent disposal of electronic records, the BNI Department Manager will work with IT to ensure proper disposal pursuant to the Policy. All the disposed data must be encrypted in a way that there are no data breaches and should be continuously safeguarded.
If the disposal is outsourced, the vendor/contractor must first be assessed to ensure they comply with our Data Protection and Information Security Standards and appropriate contracts with Data Protection and Information Security clauses must be implemented.
XII. Litigation Hold
Records shall not be destroyed if they are subject to a litigation hold. A litigation hold should be placed on any records that are relevant to pending or reasonably foreseeable litigation and actual or reasonably foreseeable government investigation or audit. This includes without limitation all electronic and hard copies. Information concerning the creation of a litigation hold should be distributed by Legal Counsel or the Compliance Team throughout the affected areas of BNI, including the BNI departments affected, Compliance Team, and IT. Categories of documents subject to a litigation hold will be reviewed and revised periodically to reflect changes in BNI’s legal environment.
Once data is subject to a hold, destruction of that data, even inadvertent destruction, may result in severe penalties. The litigation hold will serve to suspend the Retention Schedules for the appropriate records. Records subject to a litigation hold may not be destroyed or altered even if the Retention Period according to the applicable Retention Schedule has expired. Such records should be identified as being subject to a hold in order to alert people who encounter such records that destruction is not to proceed. The reasons for the hold should also be identified. The Retention Schedule for records on hold may only be reinstated when written approval is obtained from Legal Counsel and the Compliance Team. Questions regarding whether certain documents should be subject to a litigation hold should be directed to the BNI Department Manager, the Compliance Team and/or Legal Counsel.
XIII. Tax Audit Hold
Records shall not be destroyed if they are subject to a tax audit hold. A tax audit hold should be placed on any records that may be requested as part of a federal, state, or local tax audit. The tax authorities have broad authority to examine the books and records of the taxpayer. The tax authorities may examine any books, papers, records, or other data that may be relevant or material to ascertain the correctness of any federal income tax return or any internal revenue tax of any corporation or other person. The categories of documents subject to a tax audit hold will be reviewed and revised periodically.
Once data is subject to a hold, destruction of that data, even inadvertent destruction, may result in tax authority adjustments to BNI’s taxable income calculations and severe penalties. Questions regarding whether certain documents should be subject to a tax audit hold should be directed to the BNI Department Manager, the Compliance Team and/or the relevant tax authority.
XIV. Personal Data Hold
Personal Data shall not be destroyed if they are subject to requests from the data subjects to exercise their rights to be informed if their Personal Data are being processed, to be provided with copies of their Personal Data, to rectification of their Personal Data, to restriction of the data’s processing, or their right of data portability.
XV. Policy Maintenance
An effective and responsible Data Retention Policy must be reviewed and revised according to the changing needs of BNI and any legal or regulatory requirements. A regular review of the Policy is key in determining whether the Policy needs to be updated and whether the Policy is being instituted on a systematic basis.
On at least an annual basis, BNI Department Managers should complete an audit of their area’s records in order to determine whether Retention Schedules, disposal dates, and Litigation Holds, if any, have been implemented. Written verification of review and compliance should be signed and sent to the Compliance Team. This written verification shall be retained pursuant to this Policy.
Personnel who become aware of changes in regulatory requirements or business needs concerning certain records are to report any such changes to the BNI Department Manager. The BNI Department Manager should then notify the Compliance Team is to review the changes, make subsequent revisions to the Retention Schedules, obtain approval of the changes from the CEO, CFO and Legal Counsel and notify all BNI department personnel of the approved revisions.
XVI. Retention Schedule
This Retention Schedule provides a management tool for identifying and determining the retention and disposal of functional records. It contains valuable information and guidance to the organization in respect to the categories of Record Types it creates. It is therefore an important business tool and assists to guide compliance with legal obligations.
Maximum record retention periods represent the most conservative statutes of limitation of the countries in which BNI operates.
The aims of the Retention Schedule are to:
- Identify records which are worth preserving, storing, and/or destroying.
- Prevent the premature destruction of records which need to be retained for a specific period to satisfy legal, financial and other requirements of public administration; and
- Authorize the destruction of those records not required for business operations.
If any new Data Types are identified, for example arising from a new function or new record type and are not referred to in this Retention Schedule, they must not be destroyed. In such a situation the Legal Counsel and the Compliance Team (email@example.com) must be contacted with a request to amend the Retention Schedule. No Data Types are to be destroyed until approval is obtained from Legal Counsel and the Compliance Team to amend this Retention Schedule.
A. Retention Schedule
|Department||Function||Description||Records||Maximum Retention Period||Retention Period Justification|
|Human Resources||Recruiting Files||These may include:
Completed online application forms or CVs.
Equal opportunities monitoring forms.
Assessment exercises or tests.
Notes from interviews and short-listing exercises.
Pre-employment verification of details provided by the successful candidate. (These may be transferred to a successful candidate’s employment file.)
|Job Application||2 years after notifying candidates of the outcome of the recruitment exercise. (If transitioning from candidate to employee, information will be maintained for life of employment and 8 years afterwards)||Business need as determined by Human Resources|
|Pre-Employment Assessments||Business need as determined by Human Resources|
|Resumes||Business need as determined by Human Resources|
|Interview Notes||Business need as determined by Human Resources|
|Equal Opportunity Monitoring||Business need as determined by Human Resources|
|Collective Work Agreement||Business need as determined by Human Resources|
|Master Franchise Candidate Information||Business need as determined by Human Resources|
|Personnel Files||These may include:
Written particulars of employment, changes to terms and conditions or agreements that could affect employees.
Also to include: Contracts of employment or other contracts/agreements for paid personnel.
|Offer Letter||life of employment and 8 years afterwards||Business need as determined by Human Resources|
|Employment Contract||Business need as determined by Human Resources|
|Background Check||Business need as determined by Human Resources|
|Form I-9||Business need as determined by Human Resources|
|Certificate of Education, Qualification, IDs||Business need as determined by Human Resources|
|Boot Camp completion||Business need as determined by Human Resources|
|Training Records||Business need as determined by Human Resources|
|Signed Handbook||Business need as determined by Human Resources|
|Payroll & Compensation Records||Business need as determined by Human Resources|
|Time Keeping/Wage Earning Records||Business need as determined by Human Resources|
|Employment Benefits||Business need as determined by Human Resources|
|Performance Reviews/Assessments||Business need as determined by Human Resources|
|Incentive Plans||Business need as determined by Human Resources|
|Terminations||Business need as determined by Human Resources|
|Healthcare Documentation||Business need as determined by Human Resources|
|COBRA||Business need as determined by Human Resources|
|Short/Long Term Disability Records||Business need as determined by Human Resources|
|Maternity Records||Business need as determined by Human Resources|
|Accident Records||Business need as determined by Human Resources|
|Grievance Records||Business need as determined by Human Resources|
|Payroll Files||These may include: Pay Period Payroll and Benefits records||Compensation||life of employment and 8 years afterwards||Regulatory/Litigation/Business Need|
|Health Care||Regulatory/Litigation/Business Need|
|Accounting and Finance||Accounting Receivable Files||These may include: Invoicing monthly royalties, Fees, Sub sales, MFA sales, Collections and communications||Invoices w/Payment||life of engagement and 10 years afterwards||Regulatory/Litigation/Business Need|
|Electronic Payment Records||Regulatory/Litigation/Business Need|
|Accounts Payable Files||Recording Vendor invoices and making payments for goods and services||W-9||life of engagement and 10 years afterwards||Regulatory/Litigation/Business Need|
|Check Stubs||Regulatory/Litigation/Business Need|
|Legal||Corporate/Business/Legal Files||These may include: Agreements, Disclosures, Certificates, Licenses, Tax Filings and Intellectual Property Documents needed to run the Business||Corporate Documents for various company-owned entities||life of engagement and 10 years afterwards, unless litigation hold required||Regulatory/Litigation/Business Need|
|Copies of identification documents of execs, e.g., passports, driver licenses, etc||Regulatory/Litigation/Business Need|
|Vendor Contracts||Regulatory/Litigation/Business Need|
|Member complaints/demand for refund||Regulatory/Litigation/Business Need|
|Approvals, rejections, and/or important correspondence with local authorities related to franchise registration||Regulatory/Litigation/Business Need|
|Franchise Disclosure Document||Regulatory/Litigation/Business Need|
|Audited Financial Statements||Regulatory/Litigation/Business Need|
|Franchise Agreements; Sub Franchise Agreement, Master Franchise Agreements (including all related supplements or exhibits)||Regulatory/Litigation/Business Need|
|Incorporation documents for franchise entities||Regulatory/Litigation/Business Need|
|Certificated of Insurance for franchisees||Regulatory/Litigation/Business Need|
|Purchase Sale Agreements and any associated supplements or exhibits; transfer/assignment agreements||Regulatory/Litigation/Business Need|
|Litigation files||Regulatory/Litigation/Business Need|
|Court Orders||Regulatory/Litigation/Business Need|
|Requests for Departure from Records Retention Plan||Regulatory/Litigation/Business Need|
|Requests to be forgotten||Regulatory/Litigation/Business Need|
|Legal department notes (confidential & privileged work product)||Regulatory/Litigation/Business Need|
|NDAs with vendors/potential contractors||Regulatory/Litigation/Business Need|
|Trademark and IP- related License/Transfer/Assignment/Agreements||Regulatory/Litigation/Business Need|
|Operations and Training||Training Material and Operational Procedure Files||These may include Manuals, videos, recording and Intellectual Properties necessary to deliver trainings and execute operations||Podcasts||Permanent||Business need as determined by Training|
|Conference Audio||Life of usefulness and 3years afterwards||Business need as determined by Training|
|Training Manuals||Life of usefulness and 3 years afterwards||Business/Litigation need|
|Training Records/Training Events||Life of membership and 6 years afterwards||Business/Litigation need|
|ND Operations Manual||Life of usefulness and 6 years afterwards||Business/Litigation need|
|ED Operations Manual||Life of usefulness and 6 years afterwards||Business/Litigation need|
|Online Training – MSP, LTT||Life of usefulness and 3 years afterwards||Business/Litigation need|
|Technology||Corporate||These may include files necessary to communicate and conduct business operations||Life of employment and 8 years afterwards||Regulatory/Litigation/Business need|
|Online Documents (Permanent business need)||Life of employment and 8 years afterwards||Regulatory/Litigation/Business need|
|System of record (BNI Connect) Individual Files||These may include: Files containing Non- Member and Member name, address, role, contact information, status, and activities||User||life of membership and 10 years afterwards||Regulatory/Litigation/Business need|
|Member||Life of membership and 10 years afterwards||Regulatory/Litigation/Business need|
|Visitor||3 Years after last activity||Business need|
|Prospect||3 Years after last activity||Business need|
|Prospective Visitor||3 years after last activity||Business need|
|Event Attendee||3 years after last activity||Business need|
|Drop Member (Alumni)||Life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Expired Member||Life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|System of Record (BNI Connect) System Data Files||These may include: Files containing Non- Member and Member name, address, role, contact information, status, and activities||Referral Slips*||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|TYFCB Slips||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|CEU slips||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|1-1 Slips||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Invoice||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Letter of Credit||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Payment||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Membership application||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Audit Logs||life while membership active and 10 years afterwards||Regulatory/Litigation/Business need|
|Marketing||Marketing||These may include Forms containing individual name, address, contact information and free form text||Web Form||Non Member, 3 years after last activity||Business need as determined by Marketing|
|Member, 7 years of last activity||Business need as determined by Marketing|
|Activity = Opened emails, completed forms, visitation to a webpage|
*Referral slips will have all personally identifiable information redacted after two years from the time the slip was entered into BNI Connect.
B. Record Storage and Backup Schedule
- Human Resources
- Human Resources electronic files will be secured, stored, and backed up leveraging Microsoft’s Office 365 data security and backup policy
- Human Resources non-electronic files will be physically secured within BNI Global and/or National Offices
- Accounting and Finance
- Accounting and Finance electronic files will be secured, stored, and backed up leveraging Microsoft’s Office 365 data security and backup policy
- Accounting electronic Intuit files will be secured, stored, and backed up leveraging Intuit’s data security and backup policy
- Accounting and Finance non-electronic files will be physically secured within BNI Global and/or National Offices
- Legal electronic files will be secured, stored, and backed up leveraging Contract Safe data security and backup policy
- Legal non-electronic files will be physically secured within BNI Global and/or National Offices
- Operations and Training
- Operations and Training files will be secured, stored, and backed up leveraging Schoox data security and backup policy
- Information Technology
- System of Record individual and data files are backed up securely within our various cloud environments subject to information security policy and backup policy
- Information Technology non-electronic files will be physically secured within BNI Global and/ or National Offices.
- Marketing data will be secured, stored, and backed up leveraging Marketo data security and backup policy
- Marketing data transitioned to BNI from Marketo will be backed leveraging Rackspace data security and backup policy.
C. Record Disposal
Hard copies of documents will be destroyed by shredding after they have been retained until the end of their retention period specified in the Retention Schedule. Copies of computer backups will be sanitized or destroyed by other proven means of destroying such media after they have been retained until the end of their retention period specified in the Retention Schedule.
BNI Department Managers will be required as part of the Compliance Team’s annual data retention review of each department to acknowledge in writing their compliance with this Policy.
BNI employees and/or BNI departments found to be out of compliance with maintaining Data Type Records, Data Retention Schedules, and this Policy are subject to the disciplinary terms set forth by standing employment and contractual agreements.
United Kingdom Information Security Office: https://www.ico.org.uk/
This Policy is to be made available to all BNI employees and BNI departments and other BNI team members if required as part of employment, contractual agreement or otherwise required as per statutory obligations.
XX. Policy Review and Revision
Legal Counsel and Compliance Team will review the structure and use of this Policy annually. Revised Retention Schedules will be submitted to BNI Worldwide Development Ltd., for review and approval prior to its implementation.
©2023 BNI Global LLC. All rights reserved.