PURPOSE
This policy establishes how Clarity Street manages the retention and disposal of data, ensuring:
SCOPE
This policy applies to:
KEY PRINCIPALS
RETENTION SCHEDULE
This policy establishes how Clarity Street manages the retention and disposal of data, ensuring:
- Compliance with legal and regulatory obligations,
- Efficient use of storage and systems,
- Protection of client confidentiality,
- Accountability for data handling practices.
SCOPE
This policy applies to:
- All Clarity Street employees, contractors, and service providers,
- All forms of data: physical and digital,
- All data systems used for client, operational, financial, and internal purposes.
KEY PRINCIPALS
- Data Minimisation: Only data that is necessary for service delivery, compliance, or business improvement is retained.
- Retention-by-Category: Data is grouped and retained based on content and business function.
- Timely Disposal: Once data has passed its retention period, it is securely destroyed.
- Client Control: Client-owned data is retained according to their instructions, where contractually agreed.
- Security: Retained data is protected according to Clarity Street’s Information Security Policy.
RETENTION SCHEDULE
Data Type |
Retention Period |
Rationale |
Project documentation |
5 years after completion |
Useful reference, potential legal queries |
Financial records (invoices, etc.) |
Review every 2 years |
ATO Compliance |
Email correspondence |
Review every 2 years |
Business reference, dispute resolution |
CRM/client database records* |
Active until project completion |
For potential reengagement and reference |
Training & course materials |
Review every 2 years |
Ensure relevance and accuracy |
Internal operational documents |
5 years |
Business continuity and audits |
System logs and access reports |
Active until project completion |
Security monitoring and audit trail |
Marketing consents and records |
Review every 2 years |
Privacy compliance |
*All sensitive data is deleted when the client is offboarded at the end of their project term. All other documentation is kept for 12 months post project completion. Training videos are kept for up to 5 years. Sensitive information may appear in training videos.
Please note, all clients are notified that their meeting is being recording in advance of attendance via email notification.
DATA DISPOSAL
When data reaches the end of its retention period, it must be:
RESPONSIBILITIES
EXCEPTIONS & LEGAL HOLDS
If data is subject to a legal investigation, audit, or client request, it must not be destroyed—even if it exceeds the retention period—until cleared by legal counsel or the Project Director.
REVIEW & REVISION
This policy will be reviewed every 12 months or sooner if:
REFERENCE
FUTURE CHANGES
Clarity Street reserves the right to review, and if necessary, change this Policy. We will advise you of any changes and will post changes to this Policy on its website.
CONTACT DETAILS FOR CLARITY STREET
You may write to Clarity Street at:
Clarity Street
Level 8, Unit 805
220 Collins Street
Melbourne VIC 3000
You may telephone us on:
+61 437 101 152
You may email us at:
[email protected]
Specifying in the subject line “Data Retention Policy”
QUESTIONS
If you have any questions regarding this Policy or require further information, please contact Amy Holdsworth of Clarity Street (see contact details above).
Should there be a discrepancy between this Policy and the applicable legislation at any time, the applicable legislation at that time will prevail.
Please note, all clients are notified that their meeting is being recording in advance of attendance via email notification.
DATA DISPOSAL
When data reaches the end of its retention period, it must be:
- Reviewed for any legal holds or business reasons for continued retention,
- Deleted or destroyed using secure methods (e.g. permanent deletion from cloud storage, cross-cut shredding for paper),
- Documented in a Data Disposal Log where applicable.
RESPONSIBILITIES
- All Staff: Must follow this policy and report any potential breaches.
- Operations & Compliance Manager: Oversees implementation, audits compliance, and updates this policy.
- IT Services Provider: Ensures backup retention policies align with this document and that deletion processes are secure.
EXCEPTIONS & LEGAL HOLDS
If data is subject to a legal investigation, audit, or client request, it must not be destroyed—even if it exceeds the retention period—until cleared by legal counsel or the Project Director.
REVIEW & REVISION
This policy will be reviewed every 12 months or sooner if:
- Regulations change,
- New technology is adopted,
- There are incidents requiring procedural change.
REFERENCE
- Privacy Act 1988 (Cth)
- Australian Taxation Office (ATO) guidelines
- ISO/IEC 27001:2013 (where applicable)
- Clarity Street’s Privacy Policy
FUTURE CHANGES
Clarity Street reserves the right to review, and if necessary, change this Policy. We will advise you of any changes and will post changes to this Policy on its website.
CONTACT DETAILS FOR CLARITY STREET
You may write to Clarity Street at:
Clarity Street
Level 8, Unit 805
220 Collins Street
Melbourne VIC 3000
You may telephone us on:
+61 437 101 152
You may email us at:
[email protected]
Specifying in the subject line “Data Retention Policy”
QUESTIONS
If you have any questions regarding this Policy or require further information, please contact Amy Holdsworth of Clarity Street (see contact details above).
Should there be a discrepancy between this Policy and the applicable legislation at any time, the applicable legislation at that time will prevail.
