Data Retention Policy HB

ol > li { list-style-type: decimal; }

Data Retention Policy HB

16 July 2021
PJH Law
Company House
Company Road
ComapyCity PE9 2AZ

Sections:

  • Data retention policy

Data retention policy

  1. INTRODUCTION
    1. The Employer holds many different types of documents containing a variety of data, including customer details, employee information as well as confidential information about the organisation and how it operates. These documents are a vital part of our business and it is important that we ensure that we protect the documents and information contained in them in order to ensure the smooth running of the business and also to comply with the requirements laid down by law.
    2. We have outlined the procedures laid down for retention, review and destruction of documents held by us. The purpose of this policy is to ensure that we only hold documents for as long as necessary and that once they are no longer required, they are destroyed in accordance with the procedures laid down in this policy.
    3. This policy supplements our Data Protection Policy.
  2. PURPOSE
    1. This policy sets out The Employer’s approach to managing its information to ensure that recordsand documents are preserved in line with business and legislative requirements and that data is not retained for any longer than necessary.
  3. SCOPE
    1. This Data Retention Policy applies to:
      1. all staff, volunteers, consultants, contractors, trustees and, as appropriate,partnership organisations, partner staff and third parties of The Employer.
      2. all records that are created, handled, stored, or processed by The Employer,electronically (soft copy) or in paper (hard copy) form.
      3. All those people or groups to whom this policy applies should, as appropriate, be aware of this policy.
  4. POLICY STATEMENTS
    1. Any exceptions or variations to compliance with this policy must be approved by the HR department.
    2. When preparing tender documents and/or negotiating contracts with third parties for services that involve retaining and managing records, reference to this policy will help ensure that consistent data retention obligations are met.
    3. The intention is that only one copy of a record is retained but ensure that before you destroy any records in circumstances where you believe multiple copies of a record exist that at least one copy (or the original) is retained.
    4. Suppliers and their subcontractors must have their own defined retention policy, which must be supported by documented retention requirements and procedures and which mirrors this policy in all material respects.
    5. Unless suppliers (where they act as Data Processors) have a legal obligation to do so, they should not retain The Employer’s data after they have finished providing services to The Employer.
  5. TYPES OF RECORDAND THEIR RESPECTIVE RETENTION PERIOD
    1. The relevant types of record are:
      • Accounting and Finance.
      • Contracts.
      • Corporate Records.
      • Correspondence and Internal Memoranda.
      • Personal Information.
      • Electronic Records.
      • Grant Records.
      • Insurance Records.
      • Legal.
      • Miscellaneous.
      • Personnel Records.
      • Tax Records.
    2. ACCOUNTING AND FINANCE
      • Annual Audit Reports and Financial Statements:Permanent.
      • Annual Audit Records, including work papers and other documents that relate to the audit: 7 years after completion of audit.
      • Annual Plans and Budgets:7 years.
      • Bank Statements and Cancelled Cheques:7 years.
      • Employee Expense Reports:7 years.
      • Interim Financial Statements:7 years.
    3. CONTRACTS
      • Contracts and Related Correspondence (including any proposal that resulted in the contract and all other supportive documentation): 7 years after expiration or termination.
    4. CORPORATE RECORDS
      • Corporate Records (minutes, signed minutes of the Board and all committees, record of incorporation, articles of incorporation, annual corporate reports):Permanent
      • Licenses and Permits:Permanent.
    5. CORRESPONDENCE AND INTERNAL MEMORANDA
      • General Principle: Most correspondence and internal memoranda should be retained for the same period as the document to which they pertain or support. For instance, a letter pertaining to a particular contract would be retained as long as the contract (7 years after expiration). It is recommended that records that support a particular project be kept with the project and take on the retention time of that particular project file.
      • Correspondence or memoranda that do not pertain to documents having a prescribed retention period should generally be discarded sooner. These may be divided into two general categories:
        • Those pertaining to routine matters and having no significance. These should be discarded within five years. Some examples include:
          • Routine letters and notes that require no acknowledgment or follow up, such as notes of appreciation, congratulations, letters of transmittal, and plans for meetings.
          • Form letters that require no follow up.
          • Letters of general inquiry and replies that complete a cycle of correspondence.
          • Letters or complaints requesting specific action that have no further value after changes are made or action taken (such as name or address change).
          • Other letters of inconsequential subject matter or that definitely close correspondence to which no further reference will be necessary.
          • Chronological correspondence files.
          • Please note that copies of interoffice correspondence and documents where a copy will be in the originating department file should be read and destroyed unless that information provides reference to or direction to other documents and must be kept for project traceability.
        • Those pertaining to non-routine matters or having significant lasting consequences should generally be retained permanently.
    6. RETAINING PERSONAL INFORMATION
      • This section sets out the data retention policies and procedure of The Employer, which are designed to help ensure compliance with legal obligations in relation to the retention and deletion of personal information.
      • Personal information that is processed by The Employer for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
      • Without prejudice to the point immediately above, The Employer will usually delete personal data falling within the categories set out below at the date/time set out below:
        • Information about a computer and about visits to and use of this website (including an IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths:2 years.
        • Information provided when registering with our website (including email address): 2 years
        • Information provided when completing a profile on our website (including a name, gender, date of birth, interests and hobbies, educational details):2 years.
        • Information provided for subscribing to email notifications and/or newsletters (including a name and email address): Indefinitely or until the client chooses to ‘unsubscribe’
        • Information provided when using the services on the website, or that is generated during the use of those services (including the timing, frequency and pattern of service use): Indefinitely.
        • Information relating to any subscriptions made (including name, address, telephone number, email address and sector sought):2 years or until consent is withdrawn
        • Information posted to our website for publication on the internet: 5 years after post.
        • Information contained in or relating to any communications sent through the website (including the communication content and meta data associated with the communication): 2 years following contact.
        • Any other personal information chosen to be sent:2 years following contact.
      • Notwithstanding the other provisions of this section, The Employer will retain documents (including electronic documents) containing personal data:
        • to the extent that The Employer is required to do so by law;
        • if The Employer believes that the documents may be relevant to any ongoing or prospective legal proceedings;and to establish, exercise, or defend The Employer’s legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
        • if explicit consent is given by the data subject. Consent is requested at least every 2 years from candidates seeking contract roles and at least every 12 months for candidates seeking permanent employment.
    7. ELECTRONIC DOCUMENTS
      • Electronic Mail: Not all email needs to be retained, depending on the subject matter.
        • All e-mail—from internal or external sources – is to be deleted after 12 months.
        • Staff will strive to keep all but an insignificant minority of their e-mail related to business issues.
        • The Employer will archive e-mail for 90 days after the staff has deleted it, after which time the e-mail will be permanently deleted.
        • Staff will take care not to send confidential/proprietary information held by The Employer to outside sources.
      • Electronic Documents: including Office 365 and PDF files, retention also depends on the subject matter.
      • The Employer does not automatically delete electronic files beyond the dates specified in this Policy. It is the responsibility of all staff to adhere to the guidelines specified in this policy.
      • In certain cases, a document will be maintained in both paper and electronic form. In such cases the official document will be the electronic document.
    8. INSURANCE RECORDS
      • Certificates issued to The Employer: Permanent
      • Claims Files (including correspondence, medical records, etc.): Permanent
      • Insurance Policies (including expired policies): Permanent
    9. LEGAL FILES AND PAPERS
      • Legal Memoranda and Opinions (including all subject matter files): 7 years after close of matter
      • Litigation Files:1 year after expiration of appeals or time for filing appeals
      • Court Orders: Permanent
    10. MISCELLANEOUS
      • Policy and Procedures Manuals – Original:Current version with revision history
      • Annual Reports:Permanent
    11. PERSONNEL RECORDS
      • Employee personnel records (including individual attendance records, application forms, job or status change records, performance evaluations, termination papers, withholding information, garnishments, test results, training and qualification records):6 years after separation
      • Employment contracts – Individual: 6 years after separation
      • Employment records correspondence with employment agencies and advertisements for job openings:3 years from date of hiring decision
    12. TAX RECORDS
      • General principle: The Employer must keep books of account or records as are sufficient to establish amount of gross income, deductions, credits, or other matters required to be shown in any such return.
      • These documents and records shall be kept for as long as the contents thereof may become material in the administration of state, and local income, franchise, and property tax laws.
      • Tax-exemption documents and related correspondence:Permanent
      • Tax bills, receipts, statements:7 years
      • Tax returns:Permanent
      • Sales/use tax records:7 years
      • Annual information returns:Permanent