Having completed an audit of the data held by Autoclenz, the Data Protection Act 2018 requires the Company to have in place a data retention policy that clearly defines how long we will hold your personal data, together with the reasoning behind the decision to hold that data.
Save for exceptional circumstances which must be raised with, and approved by Trevor Clingo, all personal data must be retained in accordance with this policy. Often, in respect of certain types of information, we are under a legal obligation to retain the information for a minimum period of time. Where this is the case, the minimum time we have stipulated is the same as the time required under law. Furthermore, there are occasions where it is appropriate for us to retain personal data for longer than the period prescribed in law (for example, where there may be litigation in process or expected where the data will form part of the evidence in the case). In such circumstances the requirements of the litigation will override the policies outlined below.
Autoclenz is committed to enforcing this policy as it applies to all forms of data. The effectiveness of Autoclenz's efforts, however, depends largely on employees. If you feel that you or someone else may have violated this policy, you should report the incident immediately to your Manager. If you are not comfortable bringing the matter up with your Manager, or do not believe the Manager has dealt with the matter properly, you should raise the matter with Trevor Clingo. If employees do not report inappropriate conduct, Autoclenz may not become aware of a possible violation of this policy and may not be able to take appropriate corrective action. No one will be subject to and Autoclenz prohibits, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or cooperating in related investigations.
Where there is a requirement for the Company to retain information for longer periods of time, consideration must be given to whether any personal data within it should be ‘anonymised’ such that the data subject can no longer be identified but the contents and context of the document still reviewed and understood. Where, in the table below, the data is identified as being capable of being anonymised, anonymisation should take place as soon as reasonably possible once the need to retain the personal data has expired.
Last Updated: 25.05.2018
Type of Data Held | Location of Data | Source of Data | Reason for Data Being Held | Retention Period | Reason for Retention Period | Delete / Anonymise |
Full Name | Hard drive | Agreement for Services | Contractual Obligations | 6 years after last invoice raised | Claims can be brought up to 6 years after the end of engagement so this information may be needed in the event of a claim being brought. | Anonymise |
Date of birth | Hard drive | Sub Contractor | Contractual Obligations | 1 year after last invoice raised | Delete | |
Full address | Hard drive | Agreement for Services | Contractual Obligations | 1 year after last invoice raised | Delete | |
Previous address | Hard drive | Agreement for Services | Contractual Obligations | 6 years after last invoice raised | The information may be needed for a short period after it has been changed to confirm previous address history. | Delete |
Telephone numbers | Hard drive | Sub Contractor | Contractual Obligations | 1 year after last invoice raised | Delete | |
Person email address | Hard drive | Agreement for Services | Contractual Obligations | 1 year after last invoice raised | Delete | |
Next of kin and emergency contact information | Hard drive | Agreement for Services | Contractual Obligations Vital Interests | 1 year after last invoice raised | Delete | |
National Insurance Number | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 7 years after last invoice raised | Tax reporting purposes. | Delete |
Bank details | Hard drive | Agreement for Services | Contractual Obligations Legal Obligations | 6 years after last invoice raised | Delete | |
Nationality | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Delete | |
Passport | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Delete | |
Copy of driving licence | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Delete | |
Agreement for services | Hard drive | Agreement for Services | To ensure all Sub Contractor records are accurate and to ensure both the company and its Sub Contractors are complying with the terms of the contract of engagement. | 6 years after last invoice raised | Claims can be brought up to 6 years after the end of engagement so this information may be needed in defence of a claim. | Delete |
Background checks and searches | Hard drive | Background checking service. Former employers Other referees | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Delete | |
Right to work documentation | Hard drive | Sub Contractor Home Office | Contractual Obligations Legal Obligations | 2 year after last invoice raised | Delete | |
3rd Party Bank Authorisation | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Delete | |
VAT number | Hard drive | Sub Contractor | Contractual Obligations Legal Obligations | 1 year after last invoice raised | Tax reporting purposes. | Delete |