Data and Photo Retention Policies

Customer badge data and photos qualify as Personally Identifiable Information (PII) and must be treated securely by both eXpress badging and the customer.

Table of Contents:

• The “Why” behind all this cybersecurity stuff!
  • Cybersecurity Basics
• The Two Data Retention Categories
  • No Data Retention Rights 
    • Upload Center Contract Badging Customers
    • Complimentary Veonics Portal Customers
  • Includes Data Retention Rights
    
    • Paid Veonics Portal On-Premises Printing Customers
    • Paid Veonics Portal Contract Badging Customers
    • Veonics Portal Data Integration Customers 

The “Why” behind all this cybersecurity stuff!

We are securing your data so that when we finish your project, there are no cybersecurity liabilities left behind!

Protecting employee, student, licensee, and member data has become increasingly challenging. We protect your data, photos, designs, and applicable user information while they are in our possession - meeting our industry’s best standards! By simplifying data protection, we maintain cost-effectiveness and efficiency by having some basic policies and processes in place.  

Data security starts when customers just give us the print job data that’s printed on the badge or sorting data used to ship and distribute the badges … delete all other irrelevant data before sending it to us!

We have integrated cybersecurity processes into all our employee, customer, and vendor data management functions to avoid the hindrance of over-regulated processes. This article presents the key data retention guidelines we have implemented to comply with the standards outlined in the NIST Cybersecurity Framework.

Cybersecurity Basics

eXpress badging has a strict Cybersecurity Policy for Data, Photos, and Badge Design that ensures the secure exchange of all Personally Identifiable Information (PII) the customer provides. We use state-of-the-art cyber protection and firewalls to safeguard our servers from unauthorized access and ensure access to customer badge information is granted only to authorized personnel.

eXpress badging is committed to protecting customers, users, badge data, photos, and badge designs, and we will never make them public or sell them to third parties.

We prohibit the upload of any of the following regulated data:

• HIPAA (Health Insurance Portability and Accountability Act)
• PHI (Protected Healthcare Information)
• PCI (Consumer Payment Information)  

Veonics Portal user access will expire after 180 days of the last login, requiring reactivation by calling or emailing our support staff. We track most user actions taken per record in the Veonics Portal for audit purposes. We encourage our customers to avoid providing unnecessary PII elements within files for upload or import to eXpress badging to print or manage photo ID issuance.

If high-level PII data is required, our hide-data feature allows only authorized users to view selected field data by selecting a radio button and typing a reason to view. 

The Two Data Retention Categories:

1. No Data Retention Rights

   1. Upload Center Contract Badging Customers

   2. Complimentary Veonics Portal Subscribers

2. Includes Data Retention Rights

   1. Paid Veonics Portal Subscribers 

No Data Retention Rights:

1. Upload Center Contract Badging Customers

   1. Instructions for the Upload Center
   2. eXpress badging is not responsible for retaining this information for ongoing re-issuance, and it will be deleted at our discretion after printing. Print jobs with a high PII data liability threshold may be deleted immediately upon shipment. As a rule, most print jobs will be deleted between 30 and 60 calendar days unless otherwise stated in amended and approved contractual terms.
   3. Customers are responsible for keeping a backup of all badge data in case it is needed for future use.
   4. eXpress badging follows a secure process for data/photo storage, uploads, and deletion.
      1. Customer-uploaded data and photos (files) are saved on our hosted ShareFile account server(s) and are automatically deleted after 30 calendar days.
      2. Files are downloaded to eXpress badging servers for manipulation when required, then uploaded into the Veonics Portal.
      3. Local server files are deleted immediately after uploading to the Veonics Portal.
      4. The files provided by the customer are used by eXpress badging to generate card records for printing upon being imported into the Veonics Portal.
      5. All Card Records are Obliterated (all photos, data, and Record Properties are deleted) within 60 calendar days after printing.
2. Complimentary Veonics Portal Subscribers
   1. Customers who use eXpress badging printing services are provided free access to the Veonics Portal. Customer badging data is not retained as with paid Veonics Portal subscribers. Once the print job is completed, all Card Records are deleted/obliterated by eXpress badging within 60 calendar days, most likely when they are shipped. The exception to this rule only includes larger contract projects where data retention is approved and included within the terms of the agreement.
   2. If data retention is necessary, contract-badging customers can purchase a subscription and assign a user to manage their data usage.

Includes Data Retention Rights

Paid Veonics Portal Subscribers

1. Print On-Premises Customers

2. Contract Badging Service Customers ... with paid subscription

3. Veonics Portal Data Integration Customers

The responsibility of retaining or deleting Card Records lies with the customer as long as their Portal account remains active and is paid in full. eXpress badging will not delete any Card Records while the account is in this state unless the customer exceeds their record threshold level and requests eXpress badging assistance in the deletion process. In such cases, the customer may need to pay for professional services.

When a Card Record is deleted, it will not delete the source photo, as it is marked as a non-deletable file. Only when a "Record Properties" is obliterated are all photos deleted.  The Veonics Portal does have an active/printed record count threshold; once this threshold is exceeded, eXpress badging will require a paid increase in the threshold level or purging of records. 

DATA & PHOTO DELETION: When a Veonics Portal account is not renewed, all data, photos, card designs, and users will be deleted between 30 and 60 calendar days. However, we may shorten or extend this period if it is contractually required. Please note that it is not the responsibility of eXpress badging to retain this information after non-renewal. Therefore, the customer must make any necessary backups of data, photos, card designs, and user lists before inactivating their account. 

When using our Veonics Credential Database SFTP process, data files and photos used to populate the Veonics Portal are archived in a secured SFTP folder for up to 30 days and then deleted afterward, typically no more than 45 calendar days.