Data Retention Policy May 2018

This is the Data Retention Policy of The Malvern Kitchen Studio Ltd.

Introduction

We recognise that in the running of our business, we collect and process personal data from a variety of sources. This personal information is collated in several different formats including letters, emails, legal documents, employment records, operations records, images and statements. The personal data is held in both hard copy and electronic form.

Aims of the policy

Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfill our statutory obligations and the provision of goods or/and services - as required by the data protection legislation, including the General Data Protection Regulation (GDPR).

Retention

This retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices.

Decisions around retention and disposal should be taken in accordance with this policy.

Where a retention period of a specific document has expired, a review should always be carried out prior to the disposal of the document. This does not have to be time-consuming or complex. If a decision is reached to dispose of a document, careful consideration should be given to the method of disposal.

Responsibility

Jane Williams, the Data Controller, is responsible to keep this retention schedule up to date, to reflect changing business needs, new legislation, changing perceptions of risk management and new priorities for our business.

Jane Williams is responsible for determining (in accordance with this Policy) whether to retain or dispose of specific documents.

Jane Williams may delegate the operational aspect of this function to Gary Williams.

Disposal

We must ensure that personal data is securely disposed of when it’s no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.

The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:

  • Non-Confidential records: place in waste paper bin for disposal

  • Confidential records: shred documents

  • Deletion of Computer Records

  • Transmission of records to an external body

  • Cloud storage

The table below contains the retention period that we have assigned to each type of record. This will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods.

Exceptional circumstances should be reported to Jane Williams without delay.

Date created: 10th May 2018

Date of review: 9th May 2019

Appendix 1: Document retention schedule

Type of record

Retention period

Where is it stored?

Reason

Method of deletion

Sales enquiries

 

 

 

 

Quotations

3 years from date sent

Hard copy at Studio, server + back up

for future reference should customer return

Shred + deletion

Sales Confirmations

 

 

 

 

Sales records

7 years from date of placing order

Hard copy at Studio, server + back up

Financial record and reference for customer warranties or issues

Shred + deletion

Employment records:

 

 

 

 

PAYE records

7 years from end of fiscal year

Hard copy at Studio, server + back up

Legal

Shred + deletion

Unsuccessful candidates

6 months after last action

Hard copy

 

Legal

shred

Accident report forms

3 years after last action

Hard copy

Legal

shred

Employees that left the business: emergency contacts and bank account details

Delete immediately after making final salary payment

Hard copy

Legal

shred

Pay & tax: pay deductions, tax forms, payroll, loans

6 years after last action

Hard copy at Studio, server + back up

Legal

 

Records of formal disciplinary actions in employee file

6 years after last action

Hard copy

Employment contract

shred

Records of formal grievances in employee file

6 years after last action

Hard copy

Employment contract

shred

Commercial contracts:

 

 

 

 

Contracts with suppliers

6 years after last action

Hard copy

Supply contract confirming terms

shred

Contracts signed as a deed

12 years after last action

Hard copy

Legal

shred

Guarantees and indemnities

i.e. state the term of the guarantee plus 6 years

Hard copy + some e copies

legal

Shred + deletion

Purchase orders and invoices

7 years after last action

Hard copy at Studio, server + back up

Reference to customer’s orders for warranties/issues

Shred + deletion

 

Tax and Accounting Records:

 

 

 

 

Tax returns

10 years from end of fiscal year

Hard copy

Audit

shred

Accounting & financial management information

6 years from end of fiscal year

Hard copy

audit

shred

Operational records:

 

 

 

 

Vehicles leased

7 years

Hard copy at Studio, server + back up

audit

Shred + deletion

Closed circuit television recordings

10days

Hard drive

Insurance/crime reporting

Automatic deletion

Fire Risk Assessments

i.e. Retain until superseded

Hard copy + e copy

legal

Shred + deletion

Policies/Procedures

7 years

Hard copy at Studio, server + back up

legal

Shred & deletion

Complaints

6 years from end of fiscal year

Hard copy

legal

shred

Building (i.e. lease/deeds)

Destroy 6 years after property is no longer occupied

Hard copy

legal

shred

Maintenance contracts

15 years from last action

Hard copy

legal

shred

Website

Life of company

On line

advertising

Deletion from server

Property plans and surveys - leased

25 years

Hard copy

legal

shred

Insurance schedules

10 years after last action

Hard copy

legal

shred

Pat tests, fire hazard tests

6 years from last action

Hard copy

legal

shred

Register of members

Life of company

Hard copy at Studio, server + back up + online

legal

Shred + deletion from register

Memorandum of association

Life of company

Hard copy at Studio, server + back up online

legal

Shred + deletion from register

Register of directors and secretaries

Life of company

Hard copy at Studio, server + back up online

legal

Shred + deletion from register

Employer’s liability insurance certificates

Life of company

Hard copy at Studio, server + back up

legal

Shred + deletion

Intellectual property records:

 

 

 

 

Copyright material

50 years from expiry

Hard copy at Studio, server + back up

legal

Shred + deletion

Email records:

 

 

 

 

Email correspondence

Archive emails after 6 years

Hard copy at Studio, server + back up

Record of correspondence – legal, customer support, warranty

Deletion from server