Data Hosting, Backup, and Deletion

Version: 08 November 2024


The following Pelt8 Data Hosting, Backup, and Deletion Policy describes how Pelt8 hosts data for Client Accounts.

The current version of the Data Hosting, Backup, and Deletion Policy is published on Pelt8’s website at https://www.pelt8.com/legal/data-hosting-policy


DEFINITIONS

Account Administrator: A user with permissions to add, create, and delete other users within a Client Account on the Pelt8 Software.

Client Account: A customer account associated with an Organisation on the Pelt8 Software, representing a unique customer within the system.

Organisation: The entity or company that owns a Client Account and its associated users on the Pelt8 Software.

Licensed Company: A company authorized to use the Pelt8 Software, retaining exclusive rights to its data and able to request data release from Pelt8 during the contract term.

 

DATA SECURITY 

Pelt8 ensures that stored data is accessible over the Internet to the extent of technical possibilities. Appropriate Technical and Organizational Measures (TOMs), including regular data backups, virus checks, and firewall installations, are implemented to prevent data loss and unauthorized access, in accordance with Pelt8’s Information Security Policies. The current version of the Data Security Policy is published on Pelt8's website at https://www.pelt8.com/legal/data-security.


DATA HOSTING & LOCATION  

All data is securely stored in the Switzerland North Azure Region and encrypted at rest for enhanced security. Redundant storage solutions, such as zone-redundant storage, safeguard data against physical hazards, including fire and water damage. (See Datacentre environmental safeguards for further details.)

Alternative storage locations can be used upon request.


DATA ACCESS AND CONTROL 

Access to the Pelt8 Software and API is strictly controlled using Microsoft authentication, with mandatory two-factor authentication (2FA) for user access. Database access is restricted to a private endpoint within the virtual network, requiring Microsoft Entra authentication. The Licensed Company retains exclusive rights to its data and may request Pelt8 to release specific or all data during the contract term. Data will be transmitted in Pelt8’s format, and a reasonable fee may be charged for data release.


DATA BACKUP AND RECOVERY 

The Pelt8 Software does not replace the need for the Licensed Company to maintain regular data backups. If data under the Licensed Company’s Client Account is lost, destroyed, damaged, or corrupted due to Pelt8’s systems, Pelt8’s sole obligation is to restore the data from the most recent backup. Regular backups are conducted, with recovery tailored to specific circumstances, typically taking several hours. Disaster recovery follows Azure SQL Database disaster recovery guidance. In the event of a security incident, Pelt8 conducts a thorough investigation, promptly notifies affected Licensed Companies, and implements corrective measures.


DATA EXPORT AND RETENTION 

Permitted users, including selected Account Administrators, may export data. Data retention aligns with specified backup and retention policies. Upon contract termination, all data associated with the Licensed Company is deleted within 90 days unless legal obligations require a longer retention period. Pelt8 ensures that all data, including Personal Data, is deleted in compliance with the Data Processing Agreement (DPA) and Privacy Policy.


USER DELETION AND DATA RETENTION

When an Account Administrator deletes a user from the Pelt8 Software, that user's access is removed. However, actions or changes made by the user, including data additions, modifications, or settings adjustments, will remain on record for compliance and audit purposes.

If an Organisation is deleted, Pelt8 retains all associated data, including access logs, user names, and details, for an additional 90 days. After this period, all information related to the Organisation and its users is permanently deleted from Pelt8’s systems.

In accordance with GDPR requirements, historical associations related to a deleted user can be removed upon request. To initiate this process, please contact our support team at support@pelt8.com, including the user’s name and a justification for the deletion.


CONTINUITY AND COMPLIANCE 

In the event of Pelt8's liquidation or cessation of operations, Pelt8 ensures uninterrupted access to Licensed Company data by implementing necessary measures, such as data backups and secure data transfer protocols. Pelt8 actively pursues relevant certifications and compliance with regulatory requirements. Data export, retention, and compliance are managed in accordance with established policies.

 

Version: 08 November 2024


The following Pelt8 Data Hosting, Backup, and Deletion Policy describes how Pelt8 hosts data for Client Accounts.

The current version of the Data Hosting, Backup, and Deletion Policy is published on Pelt8’s website at https://www.pelt8.com/legal/data-hosting-policy


DEFINITIONS

Account Administrator: A user with permissions to add, create, and delete other users within a Client Account on the Pelt8 Software.

Client Account: A customer account associated with an Organisation on the Pelt8 Software, representing a unique customer within the system.

Organisation: The entity or company that owns a Client Account and its associated users on the Pelt8 Software.

Licensed Company: A company authorized to use the Pelt8 Software, retaining exclusive rights to its data and able to request data release from Pelt8 during the contract term.

 

DATA SECURITY 

Pelt8 ensures that stored data is accessible over the Internet to the extent of technical possibilities. Appropriate Technical and Organizational Measures (TOMs), including regular data backups, virus checks, and firewall installations, are implemented to prevent data loss and unauthorized access, in accordance with Pelt8’s Information Security Policies. The current version of the Data Security Policy is published on Pelt8's website at https://www.pelt8.com/legal/data-security.


DATA HOSTING & LOCATION  

All data is securely stored in the Switzerland North Azure Region and encrypted at rest for enhanced security. Redundant storage solutions, such as zone-redundant storage, safeguard data against physical hazards, including fire and water damage. (See Datacentre environmental safeguards for further details.)

Alternative storage locations can be used upon request.


DATA ACCESS AND CONTROL 

Access to the Pelt8 Software and API is strictly controlled using Microsoft authentication, with mandatory two-factor authentication (2FA) for user access. Database access is restricted to a private endpoint within the virtual network, requiring Microsoft Entra authentication. The Licensed Company retains exclusive rights to its data and may request Pelt8 to release specific or all data during the contract term. Data will be transmitted in Pelt8’s format, and a reasonable fee may be charged for data release.


DATA BACKUP AND RECOVERY 

The Pelt8 Software does not replace the need for the Licensed Company to maintain regular data backups. If data under the Licensed Company’s Client Account is lost, destroyed, damaged, or corrupted due to Pelt8’s systems, Pelt8’s sole obligation is to restore the data from the most recent backup. Regular backups are conducted, with recovery tailored to specific circumstances, typically taking several hours. Disaster recovery follows Azure SQL Database disaster recovery guidance. In the event of a security incident, Pelt8 conducts a thorough investigation, promptly notifies affected Licensed Companies, and implements corrective measures.


DATA EXPORT AND RETENTION 

Permitted users, including selected Account Administrators, may export data. Data retention aligns with specified backup and retention policies. Upon contract termination, all data associated with the Licensed Company is deleted within 90 days unless legal obligations require a longer retention period. Pelt8 ensures that all data, including Personal Data, is deleted in compliance with the Data Processing Agreement (DPA) and Privacy Policy.


USER DELETION AND DATA RETENTION

When an Account Administrator deletes a user from the Pelt8 Software, that user's access is removed. However, actions or changes made by the user, including data additions, modifications, or settings adjustments, will remain on record for compliance and audit purposes.

If an Organisation is deleted, Pelt8 retains all associated data, including access logs, user names, and details, for an additional 90 days. After this period, all information related to the Organisation and its users is permanently deleted from Pelt8’s systems.

In accordance with GDPR requirements, historical associations related to a deleted user can be removed upon request. To initiate this process, please contact our support team at support@pelt8.com, including the user’s name and a justification for the deletion.


CONTINUITY AND COMPLIANCE 

In the event of Pelt8's liquidation or cessation of operations, Pelt8 ensures uninterrupted access to Licensed Company data by implementing necessary measures, such as data backups and secure data transfer protocols. Pelt8 actively pursues relevant certifications and compliance with regulatory requirements. Data export, retention, and compliance are managed in accordance with established policies.

 

Version: 08 November 2024


The following Pelt8 Data Hosting, Backup, and Deletion Policy describes how Pelt8 hosts data for Client Accounts.

The current version of the Data Hosting, Backup, and Deletion Policy is published on Pelt8’s website at https://www.pelt8.com/legal/data-hosting-policy


DEFINITIONS

Account Administrator: A user with permissions to add, create, and delete other users within a Client Account on the Pelt8 Software.

Client Account: A customer account associated with an Organisation on the Pelt8 Software, representing a unique customer within the system.

Organisation: The entity or company that owns a Client Account and its associated users on the Pelt8 Software.

Licensed Company: A company authorized to use the Pelt8 Software, retaining exclusive rights to its data and able to request data release from Pelt8 during the contract term.

 

DATA SECURITY 

Pelt8 ensures that stored data is accessible over the Internet to the extent of technical possibilities. Appropriate Technical and Organizational Measures (TOMs), including regular data backups, virus checks, and firewall installations, are implemented to prevent data loss and unauthorized access, in accordance with Pelt8’s Information Security Policies. The current version of the Data Security Policy is published on Pelt8's website at https://www.pelt8.com/legal/data-security.


DATA HOSTING & LOCATION  

All data is securely stored in the Switzerland North Azure Region and encrypted at rest for enhanced security. Redundant storage solutions, such as zone-redundant storage, safeguard data against physical hazards, including fire and water damage. (See Datacentre environmental safeguards for further details.)

Alternative storage locations can be used upon request.


DATA ACCESS AND CONTROL 

Access to the Pelt8 Software and API is strictly controlled using Microsoft authentication, with mandatory two-factor authentication (2FA) for user access. Database access is restricted to a private endpoint within the virtual network, requiring Microsoft Entra authentication. The Licensed Company retains exclusive rights to its data and may request Pelt8 to release specific or all data during the contract term. Data will be transmitted in Pelt8’s format, and a reasonable fee may be charged for data release.


DATA BACKUP AND RECOVERY 

The Pelt8 Software does not replace the need for the Licensed Company to maintain regular data backups. If data under the Licensed Company’s Client Account is lost, destroyed, damaged, or corrupted due to Pelt8’s systems, Pelt8’s sole obligation is to restore the data from the most recent backup. Regular backups are conducted, with recovery tailored to specific circumstances, typically taking several hours. Disaster recovery follows Azure SQL Database disaster recovery guidance. In the event of a security incident, Pelt8 conducts a thorough investigation, promptly notifies affected Licensed Companies, and implements corrective measures.


DATA EXPORT AND RETENTION 

Permitted users, including selected Account Administrators, may export data. Data retention aligns with specified backup and retention policies. Upon contract termination, all data associated with the Licensed Company is deleted within 90 days unless legal obligations require a longer retention period. Pelt8 ensures that all data, including Personal Data, is deleted in compliance with the Data Processing Agreement (DPA) and Privacy Policy.


USER DELETION AND DATA RETENTION

When an Account Administrator deletes a user from the Pelt8 Software, that user's access is removed. However, actions or changes made by the user, including data additions, modifications, or settings adjustments, will remain on record for compliance and audit purposes.

If an Organisation is deleted, Pelt8 retains all associated data, including access logs, user names, and details, for an additional 90 days. After this period, all information related to the Organisation and its users is permanently deleted from Pelt8’s systems.

In accordance with GDPR requirements, historical associations related to a deleted user can be removed upon request. To initiate this process, please contact our support team at support@pelt8.com, including the user’s name and a justification for the deletion.


CONTINUITY AND COMPLIANCE 

In the event of Pelt8's liquidation or cessation of operations, Pelt8 ensures uninterrupted access to Licensed Company data by implementing necessary measures, such as data backups and secure data transfer protocols. Pelt8 actively pursues relevant certifications and compliance with regulatory requirements. Data export, retention, and compliance are managed in accordance with established policies.