Data Retention Policy

Obsidian Group Inc. seeks to ensure that it retains only data necessary to effectively conduct its
program activities and work in fulfilment of its mission.

The need to retain data varies widely with the type of data and the purpose for which it was
collected. Obsidian Group Inc. strives to ensure that data is only retained for the period
necessary to fulfil the purpose for which it was collected and is fully deleted when no longer
required. This policy sets forth Obsidian Group Inc.’s guidelines on data retention and is to
be consistently applied throughout the organization.

Scope
This policy covers all data collected by Obsidian Group Inc. and stored on Obsidian Group Inc.
 owned or leased systems and media, regardless of location. It applies to both data
collected and held electronically (including photographs, video and audio recordings) and
data that is collected and held as hard copy or paper files. The need to retain certain
information may be mandated by federal or local law, federal regulations and legitimate
business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention
Obsidian Group Inc. retains only that data that is necessary to effectively conduct its
program activities, fulfill its mission and comply with applicable laws and regulations.
Reasons for data retention include:

  • Providing an ongoing service to the data subject (e.g. sending a newsletter,
    publication or ongoing program updates to an individual, ongoing training or
    participation in Obsidian Group Inc.’s programs, processing of employee payroll
    and other benefits)
  • Compliance with applicable laws and regulations associated with financial and
    programmatic reporting by Obsidian Group Inc. to its funding agencies and other
    donors
  • Compliance with applicable labor, tax and immigration laws
  • Other regulatory requirements
  • Security incident or other investigation
  • Intellectual property preservation
  • Litigation

Data Duplication
Obsidian Group Inc. seeks to avoid duplication in data storage whenever possible, though
there may be instances in which for programmatic or other business reasons it is necessary
for data to be held in more than one place. This policy applies to all data in Obsidian Group Inc.
’s possession, including duplicate copies of data.
Retention Requirements

Obsidian Group Inc. has set the following guidelines for retaining all personal data as
defined in the Institute’s data privacy policy.

Website visitor data will be retained as long as necessary to provide the service
requested/initiated through the Obsidian Group Inc. website.

Event participant data will be retained for the period of the event, including any
follow up activities, such as the distribution of reports, plus a period of 365 days;

Program participant data (including sign in sheets) will be retained for the duration of
the grant agreement that financed the program plus any additional time required under
the terms of the grant agreement.

Data Destruction
Data destruction ensures that Obsidian Group Inc. manages the data it controls and
processes it in an efficient and responsible manner. When the retention period for the data as
outlined above expires, Obsidian Group Inc. will actively destroy the data covered by this
policy. If an individual believes that there exists a legitimate business reason why certain data
should not be destroyed at the end of a retention period, he or she should identify this data to
his/her supervisor and provide information as to why the data should not be destroyed. Any
exceptions to this data retention policy must be approved by Obsidian Group Inc.’s data
protection offer in consultation with legal counsel. In rare circumstances, a litigation hold
may be issued by legal counsel prohibiting the destruction of certain documents. A litigation
hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

 

Data Retention Policy

Obsidian Group Inc. seeks to ensure that it retains only data necessary to effectively conduct its
program activities and work in fulfilment of its mission.

The need to retain data varies widely with the type of data and the purpose for which it was
collected. Obsidian Group Inc. strives to ensure that data is only retained for the period
necessary to fulfil the purpose for which it was collected and is fully deleted when no longer
required. This policy sets forth Obsidian Group Inc.’s guidelines on data retention and is to
be consistently applied throughout the organization.

Scope
This policy covers all data collected by Obsidian Group Inc. and stored on Obsidian Group Inc.
 owned or leased systems and media, regardless of location. It applies to both data
collected and held electronically (including photographs, video and audio recordings) and
data that is collected and held as hard copy or paper files. The need to retain certain
information may be mandated by federal or local law, federal regulations and legitimate
business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention
Obsidian Group Inc. retains only that data that is necessary to effectively conduct its
program activities, fulfill its mission and comply with applicable laws and regulations.
Reasons for data retention include:

  • Providing an ongoing service to the data subject (e.g. sending a newsletter,
    publication or ongoing program updates to an individual, ongoing training or
    participation in Obsidian Group Inc.’s programs, processing of employee payroll
    and other benefits)
  • Compliance with applicable laws and regulations associated with financial and
    programmatic reporting by Obsidian Group Inc. to its funding agencies and other
    donors
  • Compliance with applicable labor, tax and immigration laws
  • Other regulatory requirements
  • Security incident or other investigation
  • Intellectual property preservation
  • Litigation

Data Duplication
Obsidian Group Inc. seeks to avoid duplication in data storage whenever possible, though
there may be instances in which for programmatic or other business reasons it is necessary
for data to be held in more than one place. This policy applies to all data in Obsidian Group Inc.
’s possession, including duplicate copies of data.
Retention Requirements

Obsidian Group Inc. has set the following guidelines for retaining all personal data as
defined in the Institute’s data privacy policy.

Website visitor data will be retained as long as necessary to provide the service
requested/initiated through the Obsidian Group Inc. website.

Event participant data will be retained for the period of the event, including any
follow up activities, such as the distribution of reports, plus a period of 365 days;

Program participant data (including sign in sheets) will be retained for the duration of
the grant agreement that financed the program plus any additional time required under
the terms of the grant agreement.

Data Destruction
Data destruction ensures that Obsidian Group Inc. manages the data it controls and
processes it in an efficient and responsible manner. When the retention period for the data as
outlined above expires, Obsidian Group Inc. will actively destroy the data covered by this
policy. If an individual believes that there exists a legitimate business reason why certain data
should not be destroyed at the end of a retention period, he or she should identify this data to
his/her supervisor and provide information as to why the data should not be destroyed. Any
exceptions to this data retention policy must be approved by Obsidian Group Inc.’s data
protection offer in consultation with legal counsel. In rare circumstances, a litigation hold
may be issued by legal counsel prohibiting the destruction of certain documents. A litigation
hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.