Employee & Organisational Record Retention Policy Employee & Organisational Record Retention Policy Version 1.0 | Approved: March 2026 | Next Review: March 2027 1. Purpose This policy sets out how Generocity Church stores, manages, and disposes of employee and organisational records in compliance with Australian law, including the Fair Work Act 2009, the Privacy Act 1988, ATO requirements, NSW employment legislation, and child safety obligations. Proper record retention protects the church, its employees, and the people we serve — particularly children. It also ensures we can meet our legal obligations and respond to any audit, dispute, or investigation with confidence. 2. Scope This policy applies to: All paid employees and pastoral staff Contractors and volunteers in roles with ongoing obligations (e.g. child-facing roles) All campuses and ministry arms of Generocity Church, including Generocity Kids and The Horizon Project It applies to records held in any format — paper, digital, or cloud-based (including Xero, Google Workspace, Basecamp, and any church management systems). 3. Retention Schedule The table below sets out minimum retention periods for key record categories. Where multiple obligations apply, retain records for the longest applicable period. Record Type Retention Period Notes EMPLOYMENT RECORDS Employee name, DOB, address 7 years From date record was made Pay records (rates, gross/net, deductions) 7 years From date of each record Hours worked including overtime 7 years Rosters and timesheets Leave records (annual, personal, LSL) 7 years NSW LSL: calculated from end of employment Superannuation contributions 7 years Fund details and amounts paid Employment contracts Life + 7 years Retain for duration of employment plus 7 years Termination records 7 years Notice given, reason, final pay FINANCIAL & TAX RECORDS Tax records (ATO) 5 years From date of lodgement Super Guarantee records 5 years ATO may audit further if fraud alleged FBT records and receipts 5 years From lodgement date General financial records 7 years Best practice to align with Fair Work Act CHILD SAFETY & SAFEGUARDING Working With Children Checks Duration + 7 years Best practice; retain after engagement ends Police Checks Duration + 7 years Document date, result, and reviewer Child safety incidents / reports Indefinitely Retain permanently per child safety best practice Child safe training records Duration + 7 years Per ACNC and child safety obligations WORKPLACE HEALTH & SAFETY Workplace injury / incident reports 30 years Long-tail workers' comp claims can arise years later Workers' compensation records 30 years Retain even after employee departs WHS training records 5 years From date of training DISPUTES & LEGAL Records related to any dispute Resolved + limitation Do not destroy if dispute anticipated Contractor agreements Life + 7 years Include sham contracting risk documentation 4. Responsibilities CHURCH LEADERSHIP / SENIOR PASTOR Approves this policy and any significant changes Ensures the organisation has adequate systems to meet these obligations CHURCH ADMINISTRATOR / OPERATIONS Maintains the master record register in GC Admin File > Employee File on drive Oversees secure storage and disposal of records Coordinates annual review of this policy CAMPUS PASTORS Ensure campus-level records are captured and stored appropriately Report to church administration when records are due for review or destruction ALL STAFF Handle records in accordance with this policy Do not destroy records without authorisation Notify church administration if a dispute arises that may affect records 5. Storage & Security All employee records must be stored securely and only accessed by authorised personnel. This includes: Digital records: password-protected, stored in approved systems (e.g. Google Workspace with appropriate sharing restrictions) Physical records: stored in locked cabinets, accessible only by the church administrator and senior leadership Cloud-based payroll/accounting (e.g. Xero): ensure accounts remain active and records are exportable before downgrading or cancelling subscriptions Records must not be stored on personal devices unless secured and backed up to the organisation's systems. 6. Record Destruction When records have met their minimum retention period and are no longer required, they must be disposed of securely: Paper records: shred or use a certified document destruction service Digital records: permanently deleted (including from cloud backups where practicable) but listed on the Record Destruction Section of the policy USB / physical media: physically destroy or use certified e-waste disposal Records must NOT be destroyed if: A dispute, complaint, or legal claim is pending or reasonably anticipated An audit or investigation has been notified The record relates to a child safety matter (retain indefinitely) RECORD OF DESTRUCTION All record destruction will be kept in a separate register as looks like this for example: Record Description Date of Record Date Destroyed Method ie Digital/Paper Carried Out By Approved By 7. Privacy All records containing personal information must be handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This includes: Collecting only the information necessary for employment and ministry purposes Ensuring employees can access records about themselves on request Not disclosing personal information to third parties without consent, except where required by law 8. Policy Review This policy will be reviewed annually, or earlier if there are changes to relevant legislation. The church administrator is responsible for initiating the review. Version Date Changes Approved By 1.0 March 2026 Initial version Ps Tash Eagle  Authorised by Name: Ps Tash Eagle  Role:   HR Executive Pastor  Date:  25th March 2026