Data Privacy

This page was last updated on 16 June 2023.

Symplex Inc. (Communion) seeks to ensure that it retains only data necessary to effectively conduct its program activities and work in fulfillment of its mission.

Access, Transfer, and Delete Data

Customers can request to access, transfer or delete data by contacting support or through founders@communion.so. Customers can make this request at an organizational level at any time. Individual users will have to go through their organizational representatives.

Personal Data Terms

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

Personal information includes name, email, organization, organizational position and any other contact information provided.

Personal data will be used for the deliverance of expected services. Personal data will be archived or deleted within 1 month of termination of services pursuant to the retention, archival, and removal policy.If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Data Purpose

All collected personal information is used solely for the conduct of expected business and support services. The need to retain data varies widely with the type of data and the purpose for which it was collected. Communion strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth Communion’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by Communion and stored on Communion owned or leased systems and media, regardless of location. It applies to both datacollected and held electronically (including photographs, video and audio recordings) and data that is collected and held as hard copy or paper files. The need to retain certaininformation may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).Reasons for Data Retention Communion retains only that data that is necessary to effectively conduct its program activities, fulfill its mission and comply with applicable laws and regulations.Reasons for data retention include:• Providing an ongoing service to the data subject (e.g. sending a newsletter,publication or ongoing program updates to an individual, ongoing training orparticipation in Communion’s programs, processing of employee payrolland other benefits)• Compliance with applicable laws and regulations associated with financial andprogrammatic reporting by Communion to its funding agencies and otherdonors• Compliance with applicable labor, tax and immigration laws• Other regulatory requirements• Security incident or other investigation• Intellectual property preservation• LitigationData DuplicationCommunion seeks to avoid duplication in data storage whenever possible, thoughthere may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in Communion’s possession, including duplicate copies of data.Retention RequirementsCommunion has set the following guidelines for retaining all personal data asdefined in the Institute’s data privacy policy.• Website visitor data will be retained as long as necessary to provide the service requested/initiated through the Communion website.• Contributor data will be retained for the year in which the individual has contributed and then for 6 months after the date of the last contribution. Financial informationwill not be retained longer than is necessary to process a single transaction.• Event participant data will be retained for the period of the event, including anyfollow up activities, such as the distribution of reports, plus a period of [Duration];• Program participant data (including sign in sheets) will be retained for the duration of the grant agreement that financed the program plus any additional time required under the terms of the grant agreement.• Personal data of sub-grantees, subcontractors and vendors will be kept for the duration of the contract or agreement.• Employee data will be held for the duration of employment and then 6 months afterthe last day of employment.• Data associated with employee wages, leave and pension shall be held for the period of employment plus 1 month, with the exception of pension eligibility andretirement beneficiary data which shall be kept for 1 month. • Recruitment data, including interview notes of unsuccessful applicants, will be held for 1 month after the closing of the position recruitment process.• Consultant (both paid and pro bono) data will be held for the duration of theconsulting contract plus 1 month after the end of the consultancy.• Board member data will be held for the duration of service on the Board plus for1 month after the end of the member’s term.• Data associated with tax payments (including payroll, corporate and VAT) will beheld for 1 month.• Operational data related to program proposals, reporting and program management will be held for the period required by the Communion donor, but not more than 1 month.Data DestructionData destruction ensures that Communion manages the data it controls andprocesses it in an efficient and responsible manner. When the retention period for the data as outlined above expires, Communion will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to Communion as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by Communion’s data protection team with consent from legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Data storage policy

Data is stored on our own secure cloud databases. Data is encrypted in motion. Data is only recorded as it is required to provide services and only stored as long as it is required to reasonably provide expected services. Data is archived within one month of termination of services

Data archival/removal policy

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Data will be automatically archived 1 month after the termination of services. Data can be restored for users at their request or deleted upon specific request.