Data retention policy

Data retention policy and schedule

1. About this policy

1.1. This policy sets out Vantage Computing Limited’s (“we”, “our”, “us”, the “Company”) position in relation to the retention of personal data (being any information identifying any living person or information relating to a living person that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Examples of personal data include, but are not limited to, information revealing their name, address, email address, identification number, location data, online identifiers, and/or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity).

1.2. This policy is intended to support the Company’s Data Protection Policy (the “DP Policy”) and it adopts the definitions set out in the DP Policy.

1.3. The Company has a responsibility to maintain its records and record keeping systems in accordance with the regulatory environment. This policy seeks to set out the Company’s position with regard to the retention of personal data under the General Data Protection Regulation (“GDPR”) and any other laws and/or regulations that govern the processing of personal data from time to time.

1.4. This policy applies to all employees, workers and consultants of the Company (“you” or “your”). This policy is non-contractual and does not form part of the terms and conditions of your employment or engagement. The Company may change, alter, amend or replace this policy at any time.

1.5. This policy is intended to ensure that the Company processes personal data (whether in the form of employment records or client records) in accordance with the personal data protection principles set out in the GDPR, in particular that:

1.5.1. Personal data must be collected only for specified, explicit and legitimate purposes. It must not be further processed in any manner incompatible with those purposes.

1.5.2. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. When Personal data is no longer needed for specified purposes, it is deleted or anonymised as provided by these guidelines.

1.5.3. Personal data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate.

1.5.4. Personal data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed.

1.5.5. Personal data must be secured by appropriate technical and organisational measures against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

1.6. Louise Houlden, FD and Company Secretary, is responsible for overseeing this policy. Any questions about the operation of the policy and guidelines should be submitted to Louise (LouiseH@nullvantagecomputing.co.uk or +44 (0) 1462 791120 opt. 3).

2. Retention of employee personal data

2.1. Location of Employment Records

2.1.1. Louise Houlden holds employment records and can be contacted with any enquiries relating to your own personal data.

2.2. Keeping Information Up To Date

2.2.1. The Company needs to ensure that your personal details are up to date and accurate. When you first start working for the Company we collect various personal data relating to you as set out in any privacy notice issued to you (as described in the DP Policy).  In the event that any personal data concerning you changes you should inform Louise Houlden.  You may be invited to review and update certain personal information on a regular basis.

2.2.2. Data subjects have various individual rights under the GDPR in respect of their personal data. These provisions are intended to complement your individual rights under the GDPR (which are also referred to in the DP Policy and any privacy notice issued to you).

2.3. General Principles on Retention and Erasure of Employee Personal Data

2.3.1. The Company’s approach to retaining employment records is to ensure that it complies with the data protection principles referred to in this policy and, in particular, to ensure that:

2.3.1.1. Employment records are regularly reviewed to ensure that they remain adequate, relevant and limited to what is necessary to facilitate you working for the Company.

2.3.1.2. Employment records are kept secure and are protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Where appropriate the Company will seek to use anonymization to prevent identification of individuals.

2.3.1.3. When records are destroyed, whether held as paper records or in electronic format, the Company will ensure that they are safely and permanently erased. Consideration needs to be given to whether the document should be destroyed or subject to a further period of retention or permanent retention as an archive.

2.4. Retention and Erasure of Recruitment Documents

2.4.1. The Company retains personal data following recruitment exercises to demonstrate, if required, that candidates have not been discriminated against on prohibited grounds and that recruitment exercises are conducted in a fair and transparent way.

2.4.2. The Company issues all job applicants with a privacy notice (in accordance with the DP Policy) which advises job applicants how long the Company expects to keep their personal data for, once a recruitment decision has been communicated to them. This is likely to be for seven months from the communication of the outcome of the recruitment exercise which takes account of both the time limit to bring claims and for claims to be received by the Company.  In some instances the personal data from the recruitment exercise may be kept for longer (for example if an unsuccessful candidate requests that we retain their personal data for a longer period in the event that there are opportunities in the future that may be relevant to them).

2.4.3. Information relating to successful candidates will be transferred to their employment record with the Company. This will be limited to that information necessary for the working relationship and, where applicable, that required by law.

2.4.4. Following a recruitment exercise, information (in both paper and electronic form) will be held by Louise Houlden. Destruction of that information will take place in accordance with this policy.

2.5. Retention and Erasure of Employment Records

2.5.1. The Company has regard to recommended retention periods for particular employment records set out in legislation, referred to in the table below. However, it also has regard to legal risk and may keep records for up to 77 months (and in some instances longer) after your employment or work with us has ended.  In some instances (where we are pursuing or defending claims) we may be required to retain the personal data for the life of that claim (including any appeals or reviews and including, where appropriate enforcement).

2.5.2. The table below is therefore intended to be a guide only. The Company may depart from the retention periods specified in the table should there be a legitimate and lawful reason for doing so.  In such circumstances, the Company will ensure that any retention of personal data that goes beyond that recommended in the table below, will take into account the personal data protection principles and that the Company otherwise acts in accordance with the DP Policy.

Screen Shot 2018-07-12 at 09.51.59

Screen Shot 2018-07-12 at 09.52.18

Screen Shot 2018-07-12 at 09.52.32

3. Retention of other personal data

3.1. Types of Personal Data

3.1.1.The Company collects and processes personal data relating to its customers, prospects, suppliers and other third parties.

3.2. Location of Personal Data

3.2.1. Personal data relating to customers, prospects, suppliers and other third parties is held by various departments throughout the Company. It is recommended that each department identifies one member of staff who is responsible for that department’s records management in accordance with this policy.

3.3. General Principles on Retention and Erasure of Personal Data

3.3.1. The Company’s approach to retaining personal data relating to its customers, prospects, suppliers and other third parties is to ensure that it complies with the data protection principles referred to in this policy and, in particular, to ensure that:

3.3.1.1. Records are regularly reviewed to ensure that they remain adequate, relevant and limited to what is necessary to support the Company’s operational needs and/or compliance with legal or regulatory requirements.

3.3.1.2. Records are kept secure and are protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Where appropriate the Company will seek to use anonymization to prevent identification of individuals.

3.3.1.3. When records are destroyed, whether held as paper records or in electronic format, the Company will ensure that they are safely and permanently erased. Consideration needs to be given to whether the document should be destroyed or subject to a further period of retention or permanent retention as an archive.

3.4 Retention and Erasure of Personal Data

3.4.1. When determining the appropriate retention period for personal data relating to customers, prospects, suppliers and other third parties, the Company has regard to the purpose for which that personal data was collected. However, it also has regard to legal risk and may keep records for up to 77 months (and in some instances longer) after any contractual relationship with us has ended.  In some instances (where we are pursuing or defending claims) we may be required to retain the personal data for the life of that claim (including any appeals or reviews and including, where appropriate enforcement).

3.4.2. We have set out in the table below a summary of the types of personal data that we hold (other than in an employment context) and the retention period that we consider to be appropriate. However, the table is intended to be a guide only and the Company may depart from the retention periods specified should there be a legitimate and lawful reason for doing so.  In such circumstances, the Company will ensure that any retention of personal data that goes beyond that recommended in the table below, will take into account the personal data protection principles and that the Company otherwise acts in accordance with the DP Policy.

3.4.3. The Company will also review records on a regular basis to establish whether the retention of personal data held in those records is still necessary or whether it may be anonymised or removed.

3.4.4. Please note the recommended retention periods set out in the below table are subject to further review and may be changed in the event of regulatory guidance following the implementation of the GDPR in May 2018, in which case this policy will be amended.

Screen Shot 2018-07-12 at 10.26.21

Screen Shot 2018-07-12 at 10.26.37

Thank you!

Someone will be in touch shortly to arrange your free trial

close icon
close icon

I would like to receive: