coffeecreek.church Data Retention Policy

DATA RETENTION POLICY

Coffee Creek Church seeks to ensure that it retains only data necessary to effectively conduct its

program activities and work in fulfilment of its mission.

The need to retain data varies widely with the type of data and the purpose for which it was

collected. Coffee Creek Church strives to ensure that data is only retained for the period

necessary to fulfil the purpose for which it was collected and is fully deleted when no longer

required. This policy sets forth Coffee Creek Church’s guidelines on data retention and is to

be consistently applied throughout the organization.

Scope

This policy covers all data collected by Coffee Creek Church and stored on Coffee Creek Church owned or leased systems and media, regardless of location. It applies to both data

collected and held electronically (including photographs, video and audio recordings) and

data that is collected and held as hard copy or paper files. The need to retain certain

information may be mandated by federal or local law, federal regulations and legitimate

business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention

Coffee Creek Church retains only that data that is necessary to effectively conduct its

program activities, fulfill its mission and comply with applicable laws and regulations.

Reasons for data retention include:

• Providing an ongoing service to the data subject (e.g. sending a newsletter,

publication or ongoing program updates to an individual, ongoing training or

participation in Coffee Creek Church’s programs, processing of employee payroll

and other benefits)

• Compliance with applicable laws and regulations associated with financial and

programmatic reporting by Coffee Creek Church to its funding agencies and other

donors

• Compliance with applicable labor, tax and immigration laws

• Other regulatory requirements

• Security incident or other investigation

• Intellectual property preservation

• Litigation

Data Duplication

Coffee Creek Church seeks to avoid duplication in data storage whenever possible, though

there may be instances in which for programmatic or other business reasons it is necessary

for data to be held in more than one place. This policy applies to all data in Coffee Creek Church’s possession, including duplicate copies of data.

Retention Requirements

Coffee Creek Church has set the following guidelines for retaining all personal data as

defined in the Institute’s data privacy policy.

• Website visitor data will be retained as long as necessary to provide the service

requested/initiated through the Coffee Creek Church website.

• Contributor data will be retained for the year in which the individual has contributed

and then for 5 years after the date of the last contribution. Financial information

will not be retained longer than is necessary to process a single transaction.

• Event participant data will be retained for the period of the event, including any

follow up activities, such as the distribution of reports, plus a period of 5 years;

• Program participant data (including sign in sheets) will be retained for the duration of

the grant agreement that financed the program plus any additional time required under

the terms of the grant agreement.

• Personal data of subgrantees, subcontractors and vendors will be kept for the duration

of the contract or agreement.

• Employee data will be held for the duration of employment and then [Duration] after

the last day of employment.

• Data associated with employee wages, leave and pension shall be held for the period

of employment plus 5 years, with the exception of pension eligibility and

retirement beneficiary data which shall be kept for 5 years.

• Recruitment data, including interview notes of unsuccessful applicants, will be held

for 5 years after the closing of the position recruitment process.

• Consultant (both paid and pro bono) data will be held for the duration of the

consulting contract plus 5 years after the end of the consultancy.

• Board member data will be held for the duration of service on the Board plus for

5 years after the end of the member’s term.

• Data associated with tax payments (including payroll, corporate and VAT) will be

held for 7 years.

• Operational data related to program proposals, reporting and program management

will be held for the period required by the Coffee Creek Church donor, but not more

than 5 years.

Data Destruction

Data destruction ensures that Coffee Creek Church manages the data it controls and

processes it in an efficient and responsible manner. When the retention period for the data as

outlined above expires, Coffee Creek Church will actively destroy the data covered by this

policy. If an individual believes that there exists a legitimate business reason why certain data

should not be destroyed at the end of a retention period, he or she should identify this data to

his/her supervisor and provide information as to why the data should not be destroyed. Any

exceptions to this data retention policy must be approved by Coffee Creek Church’s data

protection offer in consultation with legal counsel. In rare circumstances, a litigation hold

may be issued by legal counsel prohibiting the destruction of certain documents. A litigation

hold remains in effect until released by legal counsel and prohibits the destruction of data

subject to the hold.

Contacting Us

If there are any questions regarding this policy, you may contact us using the information below.

coffeecreek.church

1650 NW 220th

Edmond, OK 73025

United States

admin@coffeecreek.cc

405-708-7341

Last Edited on 2023-06-23