Privacy Policy

Who we are

Our website address is: https://www.erpra.net.


Privacy Policies

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Analytics

Who we share your data with & how long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

 

Where we send your data

Visitor comments may be checked through an automated spam detection service.


Records Retention Policy

This Records Retention Policy is to ensure that all records created, received, or maintained by ERP Risk Advisors are retained or disposed of in accordance with applicable legal and regulatory requirements, as well as operational needs. This policy aims to establish guidelines for the systematic management of records throughout their lifecycle, from creation to final disposition.

Policy

Retention Periods:

  • Records will be retained for the periods specified in the Records Retention Schedule for ERP Armor, which will be maintained and updated by the Operations Manager or designated personnel.
  • The retention periods are determined based on legal, regulatory, and operational requirements, considering the statute of limitations, audit requirements, and business needs.

Record Classification:

  • Records will be classified based on their content and usage into categories such as administrative, financial, personnel, operational, legal, and others as appropriate.
  • Each category will have specific retention periods and disposal guidelines outlined in the Records Retention Schedule.

Records Retention Schedule:

  • The Records Retention Schedule will specify:
    • Categories of records.
    • Applicable retention periods.
    • Method of destruction or disposal.
    • Responsible personnel or department for managing each category.

Access and Security:

  • Access to records will be restricted to authorized personnel only, in accordance with the organization’s Information Security Policy.
  • Measures will be implemented to safeguard records against unauthorized access, alteration, or destruction.

Disposal of Records:

  • At the end of the retention period specified in the Records Retention Schedule, records will be disposed of in a secure and confidential manner.
  • Disposal methods may include shredding for paper records or secure deletion for electronic records, ensuring that no sensitive information is compromised.

Legal Holds:

  • In the event of litigation, audit, investigation, or other legal proceedings, records relevant to such proceedings must be preserved beyond their normal retention period until the matter is resolved or until otherwise instructed by legal counsel.

Monitoring and Compliance:

  • The Operations Manager or designated personnel will monitor compliance with this policy and the Records Retention Schedule.
  • Regular audits and reviews will be conducted to ensure adherence to legal and regulatory requirements and to update the Records Retention Schedule as necessary.

Training and Awareness:

  • All employees will receive training on their responsibilities regarding records management, including understanding this policy, the Records Retention Schedule, and proper record-keeping practices.

Related Standards, Policies, and Processes

Implementation:

  • This Records Retention Policy will be communicated to all employees, and compliance will be mandatory. The Operations Manager or designated personnel will be responsible for its implementation, monitoring, and periodic review to ensure alignment with current laws, regulations, and organizational needs.

Review and Revision:

  • This policy will be reviewed annually and updated as necessary to reflect changes in legal and regulatory requirements or organizational structure.

Contact Information

ERP Risk Advisors

ATTN: Human Resources

209 N 52nd Ave.

Greeley, CO 80634

USA


What data breach procedures we have in place

As soon as a theft, data breach or exposure containing ERPRA Protected data or ERPRA Sensitive data is identified, the process of removing all access to that resource will begin.

The CEO will chair an incident response team to handle the breach or exposure.

The team will include members from various parts of the organization, as needed.

  1. Develop a communication plan.
  • Work with ERPRA communications, legal and human resource departments to decide how to communicate the breach to a) internal employees, b) the public, and c) those directly affected.
  1. Ownership and Responsibilities
  • Roles & Responsibilities:
    • Sponsors – Sponsors are those members of the ERPRA community that have primary responsibility for maintaining any information resource. Sponsors may be designated by any ERPRA Executive in connection with their administrative responsibilities, or by the actual sponsorship, collection, development, or storage of information.
    • Information Security Administrator is that member of the ERPRA community, designated by the CEO who provides administrative support for the implementation, oversight and coordination of security procedures and systems with respect to specific information resources in consultation with the relevant Sponsors.
    • Users include virtually all members of the ERPRA community to the extent they have authorized access to information resources, and may include staff, trustees, contractors, consultants, interns, temporary employees and volunteers.
    • The Incident Response Team shall be chaired by CEO and shall include, but will not be limited to, the following departments or their representatives: IT-Infrastructure, IT-Application Security; Communications; Legal; Management; Financial Services, Member Services; Human Resources.
  • Policy Compliance
    • Any ERPRA personnel found in violation of this policy may be subject to disciplinary action, up to and including termination of employment. Any third-party partner company found in violation may have their network connection terminated.
ERPRA Become Our Partner

Please select your preferred datasheet and download it: