Retention Policy

Contents

1. Scope

2. Responsibilities

3. Procedure Statement

4. Document Management

 

1          Scope

Any personal data records held by Eastwood Park Ltd, electronic or paper based form part of the retention of records procedure as per the requirements of the GDPR. 

Eastwood Park Ltd does have a strict retention policy in line with Article 5(1)(e) of the regulations in so far as, the requirements do not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that:

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes” and;

“Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods in so far as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.”

 

2          Responsibilities

The (Data Protection Officer / GDPR Owner) is accountable for all personal data collected ensuring it is securely stored, maintained and destroyed in line with the requirements of the GDPR.

The table below details areas of responsibility for retention of records

 

 

3          Procedure Statement

Retention periods for all personal data records are listed below.  Each set of data records are stored and retained as per Legal Governing Body requirements.

Document Type

Activity Type

Retention Period*

 

 

 

Sales & Marketing

 

 

Records documenting sales commissions and bonuses

Records documenting sales bonuses and commission based upon performance targets

At end of employment + 6 years

Marketing records documenting the handling of all aspects of marketing

Records of all marketing instances that do not identify a “natural person”.

 

Ongoing as required

Rental agreements

Rental agreements between, Landlords, Tenants

To be decided and lawfully Justified by the Data Controller.

 

 

 

Instruction agreements

Instruction agreements between

To be decided and lawfully justified by the Data Controller.

Information Technology

 

 

TAS booking database Current contacts with an ongoing relationship

Recording all bookings and transactions.

Lead generation.

Contact information

Ongoing as required

Sales database management & administration – data accuracy and adequacy

Constant updating of the sales list of contact information and immediate rectification of records once up-to-date information is available.

The retention periods are observed by a rolling process of updating records to ensure accuracy and adequacy as required by the GDPR specifically Principle 5, by ensuring compliance to the principle “not kept for longer than is necessary”.

Network access

Network access and user account details

End of employment + 6 years and then archived

Email accounts

Specifically for past employees

End of employment + 3 months until archiving

Mobile phone records

Usage records of employee use

End of employment + 7 years

to be determined by policy

Human Resources

 

 

Accident books

Accident records/reports

From the date of the last entry + 6 years

Application forms and interview notes

For unsuccessful candidates

1 month to a year

Application forms and interview notes

For successful candidates

End of employment + 7 years

Personnel files and training records

Including disciplinary records and working time records

End of employment + 7 years

Redundancy details

Calculations of payments, refunds, notification to HMRC

End of employment + 7 years

Senior executives’ records

Those on a senior management team or their equivalents

Permanently 

 

Statutory sick pay

Records, calculations, certificates, self-certificates

End of employment + 7 years

Statutory maternity pay

records, calculations, certificates (Mat B1s) or other medical evidence

End of employment + 7 years

Parental leave

Maternity or paternity leave

Until the child is 18 years old

Assessments under health and safety regulations

Risk assessments and training

Permanently

Medical reports/questionnaires

Required to ensure proper due care by the company

End of employment + 7 years

Passport & Driving licence images/scans/photocopies

Required to confirm legal status to work and drive

End of employment + 7 years

DBS check

Criminal offences and convictions records

End of employment + 7 years

Finance/Payroll

 

 

Accounting records

Statutory retention period applies for invoices, credit notes, VAT returns, loss adjustments, debt control, credit control

After the end of the financial year to which they relate + 7 years

Tax & National Insurance payments

Income tax and NI returns, income tax records and correspondence with HMRC

After the end of the financial year to which they relate + 7 years

Wage/salary records

Basic pay, bonuses and commission

After the end of the financial year to which they relate + 7 years

Employee expense claims

Expense claims made whilst actively engaged on company business

After the end of the financial year to which they relate + 7 years

Inland Revenue/HMRC approvals

Seeking clearance or approval for a transaction

Permanently

 

Pension scheme contributions

Employer & employee contributions

After the end of the financial year to which they relate + 7 years

Statutory sick pay

Records, calculations, certificates, self-certificates

End of employment + 7 years

Statutory maternity pay

Records, calculations, certificates (Mat B1s) or other medical evidence

End of employment + 7 years

   

Company Specific

 

 

Records documenting Eastwood Park Ltd governance arrangements.

Records documenting information that defines the governance arrangements of the company

Permanently

Records documenting Eastwood Park Ltd’s financial management arrangements.

Records detailing Eastwood Park Ltd accounts, payroll handling, procurement, tax arrangements, investments, insurance management etc.

End of current financial year + 7 years, then review for archiving value.

 

Records documenting Eastwood Park Ltd’s strategic and corporate plans

All corporate / strategic level documents

Strategic Plan

Risk /  Performance Management Plans

 

Until superseded + 10 years then review for archiving value.

Records documenting Eastwood Park Ltd regulations and policies.

Records documenting the establishment of all key policies and regulations, including those related to staff and employee behaviour.  For example:

HR Policies

Privacy Policies
Health & Safety Policies
GDPR Framework Policies
ISO Policies

 

Superseded + 10 years then review for archiving value.

Records documenting membership of professional associations and maintenance of accreditation.

Records documenting the establishment of corporate or individual Eastwood Park Ltd (funded) membership of:

Professional associations or Attainment and maintenance of accreditation under an independent quality management scheme.

 

Termination of membership + 1 year, then destroy.

Records documenting relationships with collaborative partners.

Records relating to cooperative partnerships and collaborative arrangements with other partners.

End of partnership + 6 years, then review for archiving value.

 

Records documenting assessment and non-assessment related advice given to employee and decisions made about an employee, including documents that support the decision making.

 

Records documenting the conduct and results of:

Disciplinary hearings

Review & Assessment feedback documents (not the assessment itself)

 

End of employment + 7 years, then destroy.

Records documenting the handling of enquiries made by those external to the Eastwood Park Ltd (statutory).

Records documenting enquiries, complaints and requests from individuals/organisations. For example:

Freedom of Information requests

Subject access requests

 

Last action + 7 years, then destroy.

 

The IT Manager or designated IT Support provider (Eastwood Park Ltd) is responsible for ensuring that where use of electronic storage media is used that it does not exceed 90% of the manufacturer’s recommended life. A schedule is created by The IT Manager or designated IT Support to identify a schedule that each of the storage media in use, the recommended life is with cross-reference to the table above. When the storage media reaches 90% of expected life, The IT Manager or designated IT Support duplicates the stored data onto new storage media.

When data stored exceeds its data retention period, The IT Manager or designated IT Support is responsible for destroying data within 30 days. The Eastwood Park Ltd destruction process used will be supervised by accredited disposal methods using dedicated service providers.

Portable/removable storage media are destroyed in line with the company data protection and storage media procedure.


4          Document Management

This document is valid as of 14 June 2018.

This document is reviewed periodically and at least annually to ensure compliance with the following prescribed criteria.

  • General Data Protection Regulation
  • Legislative requirements defined by law, where appropriate

(Role)                  Director of Business Development

(Author)               Stuart King