RENAISSANT DATA RETENTION POLICY
Effective Date: May 19, 2026 | Version: 1.0
1. Purpose
This Data Retention Policy (the “Policy”) establishes Renaissant, Inc.’s (“Renaissant,” “we,” “us,” or “our”) standards for retaining, archiving, and securely disposing of records and data created or received in the course of business. This Policy supports Renaissant’s commitments under its Privacy Policy and applicable laws, including the EU and UK General Data Protection Regulations, the California Consumer Privacy Act as amended (“CCPA”), the Illinois Biometric Information Privacy Act (“BIPA”), and U.S. federal and state recordkeeping requirements.
2. Scope
This Policy applies to all personal information, business records, and other data, in any format (electronic or physical), that Renaissant collects, processes, stores, or maintains, including data held by Renaissant’s service providers and subprocessors. It applies to all Renaissant personnel, contractors, and authorized agents.
3. Guiding Principles
Renaissant’s retention practices are guided by the following principles:
-
Lawfulness. Retain data only for purposes permitted by law and disclosed in the Renaissant Privacy Policy.
-
Necessity and minimization. Retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, or to satisfy legal, regulatory, or contractual obligations.
-
Accountability. Maintain documented retention periods and defensible disposal practices.
-
Security. Protect data throughout its lifecycle using administrative, technical, and physical safeguards aligned with the SOC 2 Trust Services Criteria.
-
Defensible disposal. Permanently destroy or de-identify data when its retention period ends, unless subject to a legal hold.
4. Definitions
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as defined under applicable privacy laws.
“Biometric Information” means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or any information based on such identifiers that is used to identify an individual, as defined under BIPA and similar state biometric privacy laws.
“De-identified Data” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual, and that is subject to technical safeguards and business processes preventing re-identification.
“Legal Hold” means a directive from Renaissant’s Legal team or counsel to preserve specific data because of pending or reasonably anticipated litigation, investigation, audit, or regulatory inquiry.
5. Retention Schedule
The following schedule sets out the standard retention periods for the principal categories of records and data Renaissant maintains. Where multiple periods could apply, the longer period controls. Where law requires a shorter period, the legally required shorter period controls.
6. Legal Holds
When Renaissant becomes aware of pending or reasonably anticipated litigation, investigation, audit, or regulatory inquiry, Renaissant’s Legal team will issue a written legal hold notice identifying the data subject to preservation. Data subject to a legal hold must not be modified, deleted, or otherwise disposed of, regardless of any retention period in this Policy, until the hold is formally released in writing by Legal. Legal holds override all standard retention and disposal practices.
7. Secure Disposal
When data reaches the end of its retention period and is not subject to a legal hold, Renaissant will dispose of it using methods appropriate to the medium and sensitivity of the data, including:
-
Electronic records: cryptographic erasure, secure overwriting, or destruction of storage media in accordance with NIST SP 800-88 guidelines.
-
Backups: phased expiration through the standard backup rotation cycle.
-
Physical records: cross-cut shredding or use of a certified destruction vendor.
-
Service provider data: confirmation from subprocessors that they have deleted or returned data in accordance with their contractual obligations.
De-identification may be used as an alternative to destruction where the resulting data cannot reasonably be re-identified and is subject to safeguards preventing re-identification.
Where a valid deletion request applies to data that exists in production systems and in backups, Renaissant will delete the data from production systems within the timeframes required by applicable law. Data residing in backups will be deleted through the standard backup rotation cycle and will not be restored except as required by law.
8. Biometric Information
Biometric Information is subject to enhanced controls. Consistent with Renaissant’s Biometric Information Policy and BIPA:
-
Biometric Information is collected only after written notice and written release from the individual.
-
Biometric Information is stored, transmitted, and protected using the reasonable standard of care within Renaissant’s industry, and in a manner that is the same as or more protective than the manner in which Renaissant protects other confidential and sensitive information.
-
Biometric Information is permanently destroyed when the initial purpose for collection has been satisfied or within three (3) years of the individual’s last interaction with Renaissant, whichever occurs first.
-
Renaissant does not sell, lease, trade, or otherwise profit from Biometric Information.
9. Service Providers and Subprocessors
Renaissant requires service providers and subprocessors that handle personal information on its behalf to apply retention and disposal practices that are at least as protective as those in this Policy. Upon termination of a service provider engagement, Renaissant will require the service provider to delete or return personal information in accordance with the applicable agreement, except where retention is required by law.
10. Data Subject and Customer Requests
Individuals may have rights under applicable law to request deletion of their personal information. Renaissant will honor verified deletion requests in accordance with its Privacy Policy and applicable law. Renaissant may decline to delete data where retention is required or permitted by law (for example, to comply with legal obligations, complete a transaction, defend legal claims, or maintain an internal audit trail). Where Renaissant processes personal information on behalf of a customer, deletion will be coordinated with the customer in accordance with the applicable agreement.
11. Roles and Responsibilities
Chief Information Security Officer (CISO). Owns this Policy; reviews and updates it at least annually; coordinates with Legal on legal holds and rights requests.
Legal. Issues and releases legal holds; advises on jurisdiction-specific retention requirements.
Engineering and Security. Implement technical controls for retention, archival, and secure disposal; maintain backup schedules and logging configurations.
Data Owners (department heads). Identify records within their function, apply the schedule, and escalate exceptions to the CISO.
All Personnel. Comply with this Policy and report suspected violations to privacy@renaissant.com.
12. Exceptions
Exceptions to this Policy require written approval from the CISO, in consultation with Legal where appropriate. Approved exceptions will be documented, including the reason, the alternative retention period, and the duration of the exception.
13. Review and Updates
The CISO will review this Policy at least annually and update it as needed to reflect changes in law, business practices, or risk. Material changes will be communicated to relevant personnel and reflected in version control below.
14. Contact
Questions about this Policy should be directed to:
Renaissant, Inc.
Attn: Chief Information Security Officer
W263N6209 Ridge Dr.
Sussex, WI 53089
privacy@renaissant.com