RED HELMET TECHNOLOGY PTY LIMITED
DATA RETENTION AND DELETION POLICY
What is the purpose of this document?
Under GDPR only personal data that is necessary should be collected and personal data should only be
as long as is necessary for the purpose for which it was collected. This document sets out the policy in
respect of data retention and deletion.
reasonably practical after they apply.
- Where a candidate is successful and is offered, and accepts, a job with Red Helmet Technology Pty Limited, his/her
personal information provided during recruitment will be retained.
- Where a candidate is not successful, his/her personal data will be held for a period of 2 years and
(other than in the circumstances set out in paragraph 4 below) then deleted.
- After 2 years, all personal data held on the unsuccessful candidate will be deleted save:
- for the name and email address of the candidate which is retained for 6 years for record
purposes in order to identify whether he has previously applied to Red Helmet Technology Pty Limited;
- where the candidate has re-applied for other roles, for 2 years after their last application;
- if the candidate has made any complaint about the recruitment process for 2 years after the date of the complaint.
- We retain personal data on employees for the duration of their employment. When an employee leaves,
personal data should be deleted as follows:
Notwithstanding the above, the following personal data will be retained for 6 years after termination
the employee’s employment:
- 6 months after termination of employment, assuming no Tribunal claim or other claim has
been commenced or threatened, all personal information other than that set out in
- if a Tribunal claim or other claim is commenced, 12 months after the final judgment is made
in respect of that claim, or a settlement is reached;
- if a Tribunal claim is threatened but not commenced, 12 months after termination of
- if any other claim is threatened but not commenced, 6 years after the event giving rise to the
claim, or the date of the last threat (whichever is later).
- salary information, tax and payroll documentation and records;
- information on hours worked and matters billed;
- emails and communications with Red Helmet Technology Pty Limited team members and customers; and
- details of professional qualifications (where relevant to Red Helmet Technology Pty Limited’s obligations
after first contact with them.
- We retain personal data on customers for so long as they hold an account with us or for 6 years after
their last purchase. After this period the files should be deleted unless requested otherwise by the
- If we have engaged with a prospective customer but have not provided services to them, their data may
be retained for 12 months and further marketing activities may take place in respect of them (subject to
us having received consent for direct marketing or in compliance with our legitimate interests policy).
In the event that we do not receive further engagement with the prospective customer within the period of
12 months, all data sets other than their name and email address should be deleted.
- Where the prospective customer has continued to engage with Red Helmet Technology Pty Limited, we can retain their
personal data for 12 months from their last engagement.
Process in respect of a deletion request
- If we have provided services to the requester, our default position would be to retain historic
transaction data and ID data for 6 years for audit, warranty and tax purposes. However we would delete their user
account and any extraneous personal information. Where we have engaged with the requester, but have
not sold provided services to them, data would be deleted immediately. This should be communicated to
the requester. If a requester raises an objection, this should be escalated to management.
- If a request is made in circumstances where we elect to honour the request, the provisions of
paragraph 3 apply.
- Once a request is made, (to the extent that we will honour the request) within 30 days the data to be
deleted will be manually deleted from all our systems and those of our processors.
- Where we will not honour an erasure request, within 30 days of receipt of a request, we will notify
the data subject as to the reasons why we will not honour the request and when the data will eventually be