Data Retention Policy | Virtual Big Market LLC

1. Introduction

At Virtual Big Market LLC ("we," "us," or "our"), we are committed to maintaining the privacy and security of our customers' data. This Data Retention Policy outlines our practices regarding the collection, use, storage, and deletion of customer data, in compliance with applicable laws and regulations, including those specific to the State of California.

2. Scope

This policy applies to all customer data collected or processed by Virtual Big Market LLC, including but not limited to:

Point-of-sale (POS) databases
Sensitive personal information
Design files
Non-sensitive data
Customer demographic data regarding account creation
Any other data relevant to the services we provide

3. Policy Details

3.1. Handling of Sensitive Customer Data

No Retention or Backup: We do not retain or back up customer data such as point-of-sale databases and other sensitive information on our systems.
Service and Maintenance: If sensitive data is temporarily used for service and maintenance purposes, it will be securely deleted immediately upon completion of the required action.
Customer Demographic Data: Customer demographic data collected during account creation will be retained and safeguarded in accordance with this policy and applicable laws.

3.2. Data Backup Responsibility

Customer Responsibility: All sensitive data backup is the sole responsibility of the customer. We do not retain or back up sensitive customer data.
Assistance with Backup Systems: We can assist customers with the setup of backup systems upon request. However, we make no guarantees regarding the effectiveness, reliability, or security of these backup systems.
No Liability for Data Loss: We are not liable for any data loss, corruption, or inability to recover data. Customers are encouraged to implement and maintain robust backup strategies.
Recommended Backup Practices: We strongly recommend that customers maintain multiple levels of backup for their sensitive data, including but not limited to:
- Automatic Backups: Regularly scheduled backups that occur without manual intervention.
- Onsite Backups: Physical backups stored at the customer's primary location.
- Offsite Backups: Backups stored at a different geographical location to protect against site-specific incidents.

3.3. Retention of Non-Sensitive Data

Design Files and Non-Sensitive Data: We may retain design files and other non-sensitive data as needed to provide ongoing services to our customers.
Retention Periods: Non-sensitive data will be retained for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.
Customer Requests for Deletion: Customers have the right to request the deletion of their design files and non-sensitive data at any time. Upon receiving such a request, we will promptly delete the requested data from our systems, in accordance with applicable laws.

3.4. Data Access Requests

Right to Access: Customers can request a copy of their data at any time.
Digital Transfers: Copies of data will be transferred digitally at no cost to the customer.
Physical Media Transfers: If physical backup media are needed to transfer data, customers may be charged a fee to cover the cost of the media and shipping.
Conditions for Release: Data and work products will only be released if all associated fees have been paid in full. If the work product has not been paid for, it will not be released.

3.5. Compliance with Retention and Deletion Requests

Legal Obligations: All retention and deletion requests will be handled in accordance with applicable laws and regulations.
Retention of Necessary Data: Some data may be retained as required to facilitate ongoing identification, comply with legal obligations, resolve disputes, or enforce our agreements.
Notification: If we are unable to comply with a deletion request due to legal requirements, we will inform the customer of the reasons, unless prohibited by law.

3.6. Customer Rights Under California Law

Residents of California have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

Right to Know: Customers may request information about the categories and specific pieces of personal data we have collected.
Right to Delete: Customers may request the deletion of personal data we have collected from them.
Right to Opt-Out: Customers may opt out of the sale or sharing of their personal data.
Right to Correct: Customers may request the correction of inaccurate personal information we hold about them.
Right to Limit Use of Sensitive Personal Information: Customers may limit the use and disclosure of their sensitive personal information.
Non-Discrimination: We will not discriminate against customers who exercise their privacy rights under California law.

To exercise these rights, customers may contact us using the information provided in the "Contact Us" section below.

4. Data Security Measures

We implement robust security measures to protect customer data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Sensitive data is encrypted during transmission and, where applicable, at rest.
Access Controls: Access to sensitive data is restricted to authorized personnel who require it for legitimate business purposes.
Regular Audits: We conduct regular security audits to ensure compliance with our data protection policies and applicable laws.
Employee Training: Our employees receive regular training on data privacy and security practices.

5. Third-Party Service Providers

Data Sharing: We may share customer data with third-party service providers who assist us in providing our services. These providers are obligated to protect customer data in accordance with this policy and applicable laws.
Due Diligence: We conduct due diligence on our third-party providers to ensure they meet our data protection standards.

6. No International Data Transfers

We do not transfer, store, or process your personal information outside of the United States. All data handling is confined within California.

7. Children's Privacy

Underage Users: Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16.
Parental Consent: If we become aware that we have inadvertently collected personal data from a child under 16 without parental consent, we will delete such data promptly.

8. Data Breach Notification

In the event of a data breach that affects customer data, we will promptly notify the affected customers and relevant authorities in accordance with applicable laws and regulations.

9. Limitation of Liability

No Warranty: While we strive to assist with the setup of backup systems, we do not guarantee their effectiveness, reliability, or security.
Customer Acknowledgment: By using our services, customers acknowledge that they are responsible for the backup and protection of their own data.
Indemnification: Customers agree to indemnify and hold Virtual Big Market LLC harmless from any claims or damages arising from data loss or corruption.

10. Amendments to This Policy

We may update this Data Retention Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this policy. We encourage customers to review this policy periodically.

11. Definitions

Personal Data: Any information that relates to an identified or identifiable individual.
Sensitive Personal Information: Personal data that includes financial information, health information, biometric data, or other information deemed sensitive under applicable laws.

12. Contact Us

For questions or concerns regarding this Data Retention Policy or to exercise your rights under California law, please contact us at:

Email: privacy@virtualbigmarket.com
Phone: (661) 457-5557
Address: 8200 Stockdale Hwy M10 #134, Bakersfield, CA 93311