Personal data retention and destruction policy
This policy forms part of our Data Protection and Information Security Policies. Any defined terms used in this policy that are not defined in this document may be defined in our General Data Protection Policy, and data users should read the General Data Protection Policy before reading this Policy.
We typically retain personal data for the periods set out below, subject to any exceptional circumstances (such as where information is required for actual or anticipated litigation) or requirements to comply with laws or regulations that require a specific retention period.
In determining these retention periods, we have had regard to our legal obligations, good industry practice, the guidance of relevant UK authorities and bodies such as HM Revenue & Customs (HMRC) and the Chartered Institute of Personnel and Development (CIPD), and also tax, accounting, health and safety, and employment rules.
Our Data Protection Manager is responsible for the continuing process of identifying the records that have met their required retention period and supervising their destruction. The destruction of paper-based records must be conducted by shredding if possible.
The destruction of electronic records must be permanent and irretrievable to the greatest extent practicable. Electronic document destruction must be coordinated with our Data Protection Manager.
The destruction of records must stop immediately upon notification from our Data Protection Manager that a litigation hold is to begin because we may be involved in a lawsuit or an official investigation. Destruction may begin again once the Data Protection Manager releases the relevant litigation hold.
Information about customers since our last dealing with them:
[eg, as applicable:
Information about prospective customers since our last dealing with them:
Information about other contacts since our last dealing with them:
Information about individuals who have contacted us about our clients, since our last dealing with them:
Information about employees since our last dealing with them:
Information about job applicants since our last dealing with them if not employed:
Information about suppliers since our last dealing with them:
Any questions regarding this policy or its operation should be directed to the Data Protection Manager.