User Data Backup Policy
This backup policy describes the archiving procedures according to which Scholarcy Ltd, a company registered in England and Wales under company number 11779938 (“we”) backs-up and archives the data that you upload and store in our online software system known as Scholarcy Library. This policy shall only apply to the data which is under our control. Other data related to the Service may be controlled by other processors such as our card payment partners. In such cases the data provided to them is subject to their policies and is their responsibility.
This policy is only applicable where you have a current Scholarcy Library account. If you delete your account, or if we do (as we may be entitled to in accordance with our Agreement with you), then the data will be lost.
For the purpose of this policy the following terms have the meanings specified below. Where terms in this procedure have capital letters but are not defined below they shall be as defined in the Agreement.
“Agreement” means our agreement with you relating to the Services which can be found at https://www.scholarcy.com/scholarcy-library-terms-of-service
“Backup” means any copy of the Customer Data that is taken on a regular basis and stored in a secure location and is further defined in Section 5;
“Backup Retention Period” means the period specified in days that we hold Backups for in the event of DR;
“DR” means disaster recovery which is the approach taken to recover services in the event of an Incident;
“Incident” means an event that affects either the availability, confidentiality or integrity of the Customer Data;
“RPO” means the recovery point objective as defined in section 4 which is the targeted maximum age of Customer Data that may be unrecoverable following an incident;
“RTO” means the recovery time objective as defined in section 4 which is the targeted maximum duration of time for the Services to be fully restored following any incident;
“Services” means shall have its meaning as defined in the Agreement
4. Our Data Backup Objectives
4.1 An RPO of 1 week.
4.2 An RTO of 12 hours.
4.3 A Backup Retention Period of 3 years.
5. Policy Principles
5.1 Backups are used by us for recovering data in the event of an Incident.
5.2 Backups are stored in EU data centres certified to ISO27001 standard and will never be moved outside the EU or a location that does not meet this standard, unless otherwise explicitly stated in your agreement.
5.3 Backups consist of:
5.3.1 Database Backups which are taken at intervals no less than the RPO and copied to a DR data centre located within the EU
5.3.2 File backup copies which are taken at intervals no less than the RPO and copied to a DR data centre located within the EU
5.4 Backups from the previous RPO are tested to ensure they are valid.
5.5 Only our authorised employees shall have access to Backups.
5.6 Files are stored in an encrypted form when saved to the storage system.
5.7 The DR site data centre is maintained with equivalent capabilities as the production data centre to ensure the continuation of service performance in the event of a serious incident.
Any amendments to this policy will be notified to customers with 30 days’ notice.