UK GDPR - Data Retention Policy With Schedule
This is the Data Retention Policy of CFS Redundancy Payments Ltd trading as AuntMeg.com
Introduction
We recognise that in the running of our business, we collect and process personal data from a variety of sources. This personal information is collated in several different formats including letters, emails, legal documents, employment records, operations records, images and statements. The personal data is held in both hard copy and electronic form. This policy covers all the personal data that we hold or have control over. It also covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage.
Aims of the policy
Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfill our statutory obligations and the provision of goods or/and services – as required by the data protection legislation, including the Data Protection Act 2018 also known as the UK General Data Protection Regulation (UK GDPR).
Retention
This retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices.
We will regularly monitor and audit compliance with this policy and update it when required.
Disposal
We will ensure that personal data is securely disposed of when it is no longer needed.
The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:
- Non-Confidential records: deleted from local systems & servers and/or disposed of in waste paper
- Confidential records: deleted from local systems & servers and/or shredded
- Deletion of Computer Records: deleted from local systems & servers
- Transmission of records to an external body: Requested to be deleted but onward responsibility is with the third party
- Cloud storage: Deleted and purged
The table below contains the retention period that we have assigned to each type of record. This will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods.
Appendix 1: Document retention schedule
| Type of record | Retention period | Where is it stored? | Reason | Method of deletion |
| Employment records: | ||||
| PAYE records | 6 years from end of fiscal year | HR and Accounting System | Legal | Automatic |
| Maternity and paternity pay records | 6 years from end of fiscal year | HR and Accounting System | Legal | Automatic |
| Medical and health records | 10 years after employment ceases | HR System | Legal | Automatic |
| Unsuccessful candidates | 6 months after last action | Email and Cloud Storage | [Legal] | Manual |
| Accident report forms | 6 years after last action | HR System | Legal | Automatic |
| Parental leave records | 5 years from birth of child | HR System | Legal | Automatic |
| Employment records: redundancy, equal opportunities; health & welfare records | 10 years after last action | HR System | Legal | Automatic |
| Employees that left the business: emergency contacts and bank account details | 60 days after final pay date | HR and Accounting System | Legal | Manual |
| Pay & tax: pay deductions, tax forms, payroll, loans | [6] years after last action | HR and Accounting System | Legal | Automatic |
| Records of formal disciplinary actions in employee file | [6] years after last action | HR System | Legal | Automatic |
| Records of formal grievances in employee file | [6] years after last action | HR System | Legal | Automatic |
| Commercial contracts: | ||||
| Contracts with suppliers | 6 years after last action | Cloud Storage | Contract | Manual |
| Contracts signed as a deed | 12 years after last action | Cloud Storage | Legal | Manual |
| Guarantees and indemnities | Term plus 6 years | Cloud Storage | Contract | Manual |
| Purchase orders and invoices | 6 years after last action | Accounting System | Legal | Automatic |
| Tax and Accounting Records: | ||||
| Tax returns | 10 years from end of fiscal year | Accounting System & HMRC Account | Legal | Automatic |
| Accounting & financial management information | 10 years from end of fiscal year | Accounting System | Legal | Automatic |
| Stock transfer forms and share certificates | 12 years from purchase | Cloud Storage | Legal | Manual |
| Marketing records: | ||||
| Mailing lists | 1 year after last action | Cloud Storage, Marketing System, Email Server | Consent | Manual |
| Operational records: | ||||
| Vehicles | 6 years from last requirement of information for operational purposes | Cloud Storage, Filing Cabinet, Accounting System | Audit | Manual |
| Fire Risk Assessments | Retain until superseded | Cloud Storage | Legal | Manual |
| Policies/Procedures | Retain until superseded | HR System | Legal | Manual |
| Complaints | 6 years from end of relationship | Cloud Storage | Legal | Manual |
| Building (i.e. lease/deeds) | 6 years after end of occupation | Cloud Storage | Audit | Manual |
| Insurance schedules | 10 years after last action | Cloud Storage | Legal/Audit | Manual |
| Pat tests, fire hazard tests | 6 years from last action | Cloud Storage | Legal/Audit | Manual |
| Memorandum of association | Life of company | Cloud Storage | Legal/Audit | Manual |
| Register of directors and secretaries | Life of company | Cloud Storage | Legal/Audit | Manual |
| Employer’s liability insurance certificates | Life of company | Cloud Storage | Legal/Audit | Manual |
| Intellectual property records: | ||||
| Copyright material | 50 years from expiry | Cloud Storage | Legal/Audit | Manual |
| Customer records: | ||||
| Email correspondence | Archive after 6 months | Email Server | Legal/Audit/Service Provision | Automatic |
| Images and video | As soon as claim is completed | Email Server/Cloud Storage | Service Provision | Manual |
| Whatsapp messages | 6 years from completion of claim | Whatsapp Business | Service Provision/Audit/Legal | Automatic |
| Paper claim forms | 6 years from completion of claim | Filing Cabinet | Service Provision/Audit/Legal | Manual |
| Call recordings | 6 years from completion of claim | Cloud Server | Audit/Legal | Automatic |