Plain-English Summary
We keep your data only for as long as we need it. Different types of data are kept for different periods, depending on legal requirements and business needs. When data is no longer needed, we securely delete or de-identify it. You can request deletion of your personal data at any time, subject to our legal obligations to retain certain records.
1. Purpose
This Data Retention and Recordkeeping Policy sets out BowerNest's approach to retaining and disposing of personal information and other data collected through the platform. This policy is designed to ensure compliance with the Privacy Act 1988 (Cth), the State Records Act 1998 (NSW) (where applicable), and other relevant legislation.
2. Retention Principles
BowerNest retains data in accordance with the following principles:
- Purpose limitation: Data is retained only for as long as it is needed for the purpose for which it was collected, or for a related purpose that the individual would reasonably expect.
- Legal compliance: Data is retained for the minimum period required by applicable laws and regulations.
- Minimisation: We regularly review our data holdings and dispose of data that is no longer needed.
- Security: Retained data is protected with appropriate security measures throughout its lifecycle.
3. Retention Schedule
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account registration data | Duration of account plus 2 years | Privacy Act 1988 (Cth), APP 11 |
| Apprenticeship training records | Duration of apprenticeship plus 7 years | State Records Act 1998 (NSW), Vocational Education and Training Act 2005 (NSW) |
| Employer verification records | Duration of account plus 7 years | Corporations Act 2001 (Cth), Privacy Act 1988 (Cth) |
| Safety and incident reports | 7 years from date of report | Work Health and Safety Act 2011 (NSW), Limitation Act 1969 (NSW) |
| Financial and transaction records | 7 years | Income Tax Assessment Act 1997 (Cth), Corporations Act 2001 (Cth) |
| Communication records | 2 years | Privacy Act 1988 (Cth) |
| Analytics and usage data | 2 years (de-identified) | Internal policy |
| Pilot program feedback | Duration of pilot plus 3 years | Internal policy, contractual |
| Consent records | Duration of consent plus 7 years | Privacy Act 1988 (Cth), evidentiary requirements |
| Security and access logs | 1 year | Internal policy, Essential Eight alignment |
4. Data Disposal
When data reaches the end of its retention period and is no longer required for any lawful purpose, BowerNest will dispose of it securely using one of the following methods:
- Deletion: Permanent deletion from all active systems, backups, and archives within a reasonable timeframe.
- De-identification: Removal of all personal identifiers so that the data can no longer be linked to an individual. De-identified data may be retained for research and analytical purposes.
- Destruction: Physical destruction of any media containing personal information, where applicable.
5. User Requests for Deletion
You may request deletion of your personal data at any time by contacting [email protected]. We will process your request within 30 days, subject to our legal obligations to retain certain records. Where we are unable to delete specific data due to legal requirements, we will inform you of the reason and the applicable retention period.
6. Review
This policy is reviewed annually to ensure it remains current and compliant with applicable legislation. Any material changes will be communicated to users through the website.
This policy is part of the BowerNest Legal Policy Framework (Version 1.0). If you have questions about this policy, please contact us at [email protected]. This document should be reviewed by qualified legal counsel before reliance.