/
Data Portability and Destruction: Guidelines and Procedures

Data Portability and Destruction: Guidelines and Procedures

Owned by Maxime VANHAMME
19 Jun 2023
2 min read

Detailed Conditions to Move Data out of the Service Provider

a. Administrative Requirements:

  • The customer must submit a formal request to AREMIS for data portability.

  • The request should include the specific data to be moved, the desired format, and the intended destination.

  • AREMIS will designate an authorized contact person to facilitate the process.

b. Legal Requirements:

  • Some data, such as sensitive personal information protected by privacy laws or contractual obligations, may be restricted from being moved.

  • AREMIS will clearly communicate any data that cannot be removed due to legal or regulatory constraints.

  • Data subject to legal holds or pending investigations may also be exempt from removal.

c. Technical Requirements:

  • AREMIS will provide the necessary tools or infrastructure to facilitate data extraction.

  • Compatible data formats, such as CSV, XML, and database-specific backup files will be made available for download.

  • Bandwidth limitations or data transfer restrictions may apply.

d. Process Overview:

i. Request: The customer submits a formal request for data portability, specifying the desired data and format.

ii. Acceptance: AREMIS reviews the request for completeness and validity.

iii. Start Downloading: Upon approval, AREMIS initiates the data extraction process.

iv. Data Transfer: AREMIS makes the extracted data available for download by the customer.

v. Confirmation: The customer confirms the successful receipt of the data.

e. Cost:

  • AREMIS may impose fees for data portability, depending on factors such as data volume, complexity, or additional services required.

  • The cost structure should be communicated to the customer in advance.

 

Data Destruction Procedures

a. Administrative Requirements:

  • The customer must submit a formal request to AREMIS for data destruction.

  • The request should specify the data to be destroyed and the reason for the destruction.

  • AREMIS will designate an authorized contact person to handle the request.

b. Legal Requirements and Constraints:

  • Some data may be subject to legal or regulatory retention obligations, preventing its complete destruction.

  • AREMIS should communicate any legal constraints or obligations to the customer.

  • Data required for audits, financial reporting, or legal disputes may be exempt from destruction.

c. Technical Requirements:

  • AREMIS uses appropriate processes and mechanisms to securely and irreversibly delete the specified data.

  • Data backups or redundant copies will also be included in the destruction process.

d. Process Overview:

i. Request: The customer submits a formal request for data destruction, specifying the data to be deleted and the reason.

ii. Acceptance: AREMIS reviews the request for completeness and validity.

iii. Start Destruction Time: Upon approval, AREMIS initiates the data destruction process.

iv. Data Deletion: AREMIS securely deletes the specified data, ensuring its irrecoverability.

v. Confirmation: The customer receives confirmation of the successful data destruction.

e. Cost:

  • AREMIS may impose fees for data extraction or deletion, depending on factors such as data volume, complexity, or additional services required.

  • The cost structure should be communicated to the customer in advance.

 

Please note that the specific details and requirements for data portability and destruction may vary based on the customer's needs and the relevant laws and regulations. It is important to establish and define these specific details in the Statement of Work (SoW) or Statement of Agreement (SoA) to ensure clarity and compliance.