|
EXHIBIT A
<br /> Appendix C
<br /> Data Retention Policy
<br /> 1) Data Retention Policy
<br /> a) Introduction
<br /> i) It shall be the policy of Smart Energy Water to maintain complete and accurate records for the usage,billing,behavior,or any of the specified
<br /> types of data("Data)of Client and its Users,for the duration described for historical reference,contractual or legal requirements,or for any
<br /> other purposes as set forth in this Data Retention Policy("Policy"). The types of Data stored and subsequent durations for each type,
<br /> described in the Retention Summary set forth in Section 1(h)below,shall be the recommended and standard retention periods based on
<br /> legal requirements and practical considerations. In the event that Client wishes to have such Data retained for an extended period,such
<br /> additional retention periods shall be agreed upon in a separate writing.
<br /> ii) Data Retention shall include, but is not limited to, paper and electronic records, documentary materials, Customer Data, personally
<br /> identifiable information,billing records,usage information,etc.Such information shall be managed and maintained in a manner that protects
<br /> the integrity of the Data,while ensuring appropriate access for the durations described above.
<br /> Ji) Upon expiration of the above retention periods,such data shall be destroyed,deleted, returned or otherwise disposed of according to
<br /> standard industry guidelines and in compliance with legal requirements, EXCEPT for those records pertaining to (1) matters under
<br /> investigation or those matters that are the subject of any claim or litigation,and(2)matters that are anticipated to be the subject of reasonably
<br /> foreseeable investigation,claim,or litigation.
<br /> b) Definitions
<br /> i) "Audit Logs' shall refer to recordings of key system events,timestamps, and other records that otherwise maintain evidence of any
<br /> processes or activities.
<br /> ii) "Billing Data"shall refer to any information regarding the billing information of customers,which may include,but is not limited to,credit
<br /> card information,security codes,expiration dates,billing addresses,names of customers,etc.
<br /> iii) "Billing Summaries"shall refer to any information regarding the costs or charges relating to a customer's usage of utilities maintained over
<br /> monthly billing periods.
<br /> iv) "Customer Data"shall refer to any personally identifiable information of a Client's users,which may include,but is not limited to,name,
<br /> address,personal Usage information,etc.
<br /> v) "Investigation'shall refer to any business or legal process which requires the retention,examination,or review of any Data.
<br /> vi) "Notifications"shall refer to logs of the information events(email,IVR,SMS text messaging)sent by a utility and received by a customer.
<br /> vii) "Outages"shall refer to logs of outage events reported via OMS to the Services,by either the customer,if approved,or the Client.
<br /> viii) "Retention"shall refer to storage of Data on either local,cloud-based,or archive storage or servers.
<br /> ix) "Usage'shall refer to any customer's use of a utility as tracked and maintained by the Services.
<br /> x) "User Behavior"shall refer to the interaction of Client's customers on the portal or mobile application,which may include,but is not limited
<br /> to,log-on periods,active periods,interactions with particular modules,dicks,etc.
<br /> c) General
<br /> i) SEW shall be bound in its obligations regarding the Data it processes and controls.These obligations shall include how long SEW retains
<br /> Data,and when and how SEW can destroy such Data.These obligations may arise from industry standards,local laws or regulations,or
<br /> arising out of agreements between the Parties.
<br /> ii) SEW shall ensure that necessary records,documents,or Data are adequately protected and maintained,and additionally,that such records,
<br /> documents,or Data are properly disposed of.
<br /> iii) SEW shall not use Client or Customer Data except as necessary to provide the Services,or as necessary to comply with the law or binding
<br /> order of a governmental body.
<br /> d) Cloud-Based Storage
<br /> i) In maintaining the Data,SEW shall utilize its cloud-based scalable storage solutions which shall allow Client to store and display historical
<br /> usage data, billing information, payment history, etc. SEW shall utilize industry standard methodologies, which shall ensure business
<br /> continuity,continuous retention for the periods described,data recovery,and availability for its Users.
<br /> e) Archiving and Backups
<br /> i) SEW shall utilize similar industry standard solutions for archiving, restoring, and backing up Data. Incremental Data(daily usage, user
<br /> behavior,notifications,outages)shall be recorded nightly,and full Data backups shall be executed over the weekend.Data shall be retained
<br /> in both Cloud-based local storage form,as well as Array-based replication form offsite to be utilized as back-ups or archives in the event of
<br /> system failure of the local Cloud-based storage.
<br /> ii) SEW shall be notified via email confirmation of backups of Data being saved successfully or such backups failing to be saved. Backups
<br /> shall be tested periodically by restoring such Data to a staging database to ensure that Data is not corrupted and are in proper usage
<br /> compliance in its application configuration.
<br /> f) Destruction and Purging of Data
<br /> i) Data that is personal or confidential in nature shall be disposed of according methodologies agreed upon by and between the parties in a
<br /> signed writing.
<br /> ii) Electronic Data shall be subject to secure electronic deletion.
<br /> iii) Physical or paper documents shall be shredded using secure consoles through which waste shall be property screened for disposal.
<br /> iv) Specific deletion or destruction processes shall be carried out by an employee of SEW or by an internal or external service provider employed
<br /> for the purposes of such proper and compliant disposal of Data.
<br /> v) Data of Users or Clients who have been inactive for a period of twenty-four(24)months shall be deleted.Clients,if such Client or User
<br /> account(s)are inactive for a period of eighteen(1 S)months,shall be notified of such inactivity via email.
<br /> g) Litigation or Investigation
<br /> i) In the event that SEW becomes involved in any unforeseen litigation or business event that requires access to Client and Customer Data,
<br /> such Data may need to be archived beyond its active use or as required by law
<br /> ii) Documents shall be retained in the event that they are subject to matters under investigation or those that are subject to any claim or
<br /> litigation,or those matters that are anticipated to be the subject of reasonably foreseeable investigation,claim,or litigation.
<br /> iii) Prior to the disclosure of any Client and Customer Data,SEW shall first disclose to Client of such requirement,so that Client may inform its
<br /> users and allow users the opportunity to seek protection from such disclosure.
<br /> h) Retention Summary
<br /> i) SEW,for the purposes of historical reference, contractual or legal requirements, or other requirements as a part of its delivery and
<br /> maintenance of Services or Software to Client,shall retain the following types of Data for the durations set forth,and pursuant to the terms
<br /> set forth in this Data Retention Policy.
<br /> Data Type Description Duration
<br /> 9
<br />
|