We recognise that in the running of our business, we collect and process personal data from a variety of sources. This personal information is collated in several different formats including letters, emails, legal documents, employment records, operations records, images and statements. The personal data is held in both hard copy and electronic form.
Aims of the policy
Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfill our statutory obligations and the provision of goods or/and services - as required by the data protection legislation, including the General Data Protection Regulation (GDPR). Data will never be shared with external third parties.
This retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices.
Decisions around retention and disposal should be taken in accordance with this policy.
Where a retention period of a specific document has expired, a review should always be carried out prior to the disposal of the document. This does not have to be time-consuming or complex. If a decision is reached to dispose of a document, careful consideration should be given to the method of disposal.
The CEO is responsible to keep this retention schedule up to date, to reflect changing business needs, new legislation, changing perceptions of risk management and new priorities for our business.
The Administrator is responsible for determining (in accordance with this Policy) whether to retain or dispose of specific documents.
The Administrator may delegate the operational aspect of this function to the Admin Assistant.
The Administrator should inform the CEO if in any doubt about minimum retention periods or if the retention of a document is necessary for a potential claim.
We must ensure that personal data is securely disposed of when it’s no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.
The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:
Non-Confidential records: place in waste paper bin for disposal
Nonfidential records: shred documents
Deletion of Computer Records
On-line software and cloud storage