Data Retention Policy

  1. POLICY STATEMENT

There are various legal requirements as set out by law, within the GDPR Regulations and professional guidelines about keeping certain kinds of records – such as information needed for income tax and audit purposes, or information on aspects of health and safety.

The GDPR does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that by law Hyman Capital Group will have to ensure that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

In practice, it means that the company will need to:

  • Review the length of time personal data is kept;
  • Consider the purpose or purposes the information is held for in deciding whether (and for how long) to retain it;
  • Securely delete information that is no longer needed for this purpose or these purposes; and
  • Update, archive or securely delete information if it goes out of date.

Any data held centrally using OneDrive. This is encrypted and password protected and certain information is held on a need to know basis. This means that only required members of the Company have access to the data.

  1. SCOPE

Data shall be retained in accordance with the periods detailed in this policy.

The periods in this policy relating to finance records are taken from a number of sources which include Buzzacott’s Insights document on “Retention of Accounting Records” and CIPD’s guidance on HR records retention. These periods are both the minimum and maximum periods for which data needs to be held before deletion or shredding.

Where a retention period is not specified, personal information will only be retained for the longer of:

  • As long as required for its purpose
  • As required by law

Manual files relating to previous staff, clients and associates shall have all non-essential information removed and securely destroyed prior to being archived.

The Company will require all data processors to formally agree that personal data will not be retained for longer than the purpose for which they are processing it.

This policy covers the following areas:

  • Method for deletion
  • Accounts & Finance records
  • Payroll records
  • Employee/Personnel records
  • Pension records
  • Buildings records
  • Insurance records
  • Governance records
  • Associate records
  • Client records
  1. METHOD FOR DELETION
    • Paper, CD and DVD files will be shredded. The materials will be shredded offsite by a third party provider who will give confirmation of the secure disposal.
    • Every 3 months staff will participate in a review of paper, CD & DVD media and destroy all files that are not required, as defined above. These reviews will take place in February, May, August and November.
    • All Database (Infusionsoft, Freeagent, E-mail and files held on the server) records will be marked for deletion and permanently deleted on review. The record should not be archived. The Company should liaise with its external IT providers (currently Systems IT) to obtain evidence of how they deal with any off site back-ups to ensure that all old versions are deleted.
    • Each organisational Director is responsible for liaising with their respective teams to ensure that the data is deleted in accordance with this policy.
  2. ACCOUNTS & FINANCE RECORDS
DocumentRetention periodReason for retention period
Record of payments made (For suppliers — can be reprinted from Freeagent, For associate expenses — would need to refer to actual claim, For payments — hard copies of payment documentation are kept)Six years after the end of the financial year in which the transaction was made.Companies Act
Purchase ledger (Ledger records on Feeagent and all hard copy and electronic purchase invoices, staff and associate expensesSix years after the end of the financial year in which the transaction was made.Companies Act
Invoices raised to generate income (Paper/Electronic copies)Six years after the end of the financial year in which the transaction was made.Companies Act
Petty cash records (Copies of vouchers and receipts received in support of expenditure)Six years after the end of the financial year in which the transaction was made.Companies Act and HMRC
Invoice- capital item (with a significant value and where the Company is registered for VAT)Ten yearsCompanies Act and HMRC
Bank paying in counterfoilsSix years after the end of the financial year in which the transaction was made.Companies Act
Bank statements (Access to on-line statements is available for the last 12 months, hard copy statements are received from Barclays and Santander)Six years after the end of the financial year in which the transaction was made.Companies Act
Remittance advices (In support of income received from clients)Six years after the end of the financial year in which the transaction was made.Companies Act
Correspondence re: income (Letters/e-mails etc.)Six years after the end of the financial year in which the transaction was made.Companies Act
Bank reconciliations (hard/electronic copies of same information)Six years after the end of the financial year in which the transaction was made.Companies Act
Income summary (electronic version of the bank statement reconciling Freeagent to the bank accounts)Six years after the end of the financial year in which the transaction was made.Companies Act

5.PAYROLL RECORDS

DocumentRetention periodReason for retention period
Income tax records re. employees leaving, i.e. P45Three years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Notice to employer of tax code (P6)Three years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Annual return of employees and directors expenses and benefits (P11D)Three years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Certificate of pay and tax deducted (P60)Three years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Notice of tax code changeThree years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Annual return of taxable pay and tax deductedThree years plus the current yearThe Income Tax (Emloyments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI 1996/2631)
Records of pension deductions (including superannuation)Six years plus the current yearsPensions Act
Payroll and payroll control accountSix years after the end of the financial year in which the transaction was made.Companies Act
  1. EMPLOYEE / PERSONNEL RECORDS
DocumentRetention PeriodReason for retention period
Accident books, accident records/reportsThree years after last entry or end of investigation if laterThe Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (SI 1995/3163) as amended, and Limitation Act 1980. Special rules apply concerning incidents involving hazardous substances.
Details of medical schemesPermanentlyCommercial
Organisation chartsPermanentlyCommercial
Personnel files and training recordsSix years after employment ceases. Records for key senior executives should be kept permanently for historical purposesLimitations Act 1980
Wages and salary recordsSix years plus the current yearTaxes Management Act
Expense accounts/recordsSix years plus the current yearTaxes Management Act
Overtime records/AuthorisationSix years plus the current yearTaxes Management Act
Redundancy details, calculations of payment, refunds, notifications to the Secretary of StateSix years after employment has ceasedData Protection Act
Life Assurance expression of wish formSix years after employment ceases or deathData Protection Act
Application forms and interview notes (for unsuccessful candidates)Six months to a yearDisability Discriminations Act 1995 and Race Relations Act 1976 recommend six months. One year limitation for defamation actions under Limitations Act
Statutory Maternity Pay records, calculations, certificates or other medical evidenceThree years after the end of the tax year in which the maternity period endsThe Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended
Statutory Sick Pay records, calculations, certificates, self certificatesThree years after the end of each tax year for Statutory Sick Pay purposesThe Statutory Sick Pay (Maintenance of Records) (Revocation) Regulations 2014 (SI 2014/55) abolished the former obligation on employers to keep these records. Although there is no longer a specific statutory retention period, employers still have to keep sickness records to best suit their business needs. It is advisable to keep records for at least 3 months after the end of the period of sick leave in case of a disability discrimination claim. However if there were to be a contractual claim for breach of an employment contract it may be safer to keep records for 6 years after the employment ceases.
Records relating to working timeTwo years from date on which they were madeThe Working Time Regulations 1998 (SI 1998/1833)
Records relating to children and young adultsUntil the child/young adult reaches the age of 21Limitation Act 1980
National minimum wage recordsThree years after the end of the pay reference period following the one that the records coverNational Minimum Wage Act 1998
  1. PENSION RECORDS
DocumentRetention periodReason for retention period
Details re. current pensionersTen years after benefit ceasesCommercial
Pension scheme- next of kin/expression of wish formsSix years after date of deathData Protection Act
All trust deeds and rulesPermanentlyCompanies Act, Commercial, Pensions Act
Trustees’ minutes booksPermanentlyCompanies Act, Commercial, Pensions Act
Annual accountsPermanentlyCompanies Act, Commercial, Pensions Act
Contribution recordsPermanentlyCompanies Act, Commercial, Pensions Act
  1. BUILDINGS RECORDS
DocumentRetention periodReason for retention period
Deeds of titlePermanently or until property disposed of. A copy of title deeds should be kept for six years after disposalData Protection Act
LeasesFifteen years after expiryLimitations Act 1960
Final plans, designs and drawings of buildings, pIanning consents, building certifications, collateral warranties, records of historical interest and final health and safety filePermanently or until six years after property disposed ofData Protection Act
Asbestos Register and Asbestos Disposal CertificatesPermanently. Property holders required to examine the premises for asbestos or possible asbestos materials, record the location of those materials and assess the risk. These assessments are to be recorded and provided to anyone who may disturb the asbestos.The Control of Asbestos at Work Regulations 2002 (SI 2002/ 2675). Also see the Control of Asbestos Regulations 2006 (SI 2006/2739) and the Control of Asbestos Regulations 2012 (SI 2012/632)
Records of major refurbishments, warranties, planning consents, design documents, final health and safety fileThirteen years for actions against contractors etc.Data Protection Act
  1. INSURANCE RECORDS
DocumentRetention PeriodReason for retention period
PoliciesThree years after lapseData Protection Act
Claims correspondenceThree years after settlementData Protection Act
Employer’s Liability Insurance certificateForty yearsEmployers’ Liability (Compulsory Insurance) Regulations 1998
Accident reports and relevant correspondenceThree years after settlementData Protection Act
  1. GOVERNANCE RECORDS
Document Retention PeriodReason for retention period
Board of Directors minutes of meetings and decisionsPermanentlyData Protection Act
Annual accounts and annual reviewPermanentlyData Protection Act
Major agreements of historical significancePermanentlyData Protection Act
Health and safety recordsThree years for general records. Permanently for records relating to hazardous substances.Personal injury actions mist generally be commenced within three years of injury. However industrial injuries not capable of detection within that period (e.g. asbestos) the time period may be substantially extended.
Fixed assets registerPermanentlyCompanies Act, Commercial
Contract with customers, suppliers or agents, licensing agreements, rental/hire purchase  agreements, indemnities and guarantees and other agreements or contractsSix years after expiry or termination of the contract. If the contract is executed as a deed, the limitation period is twelve yearsLimitations Act 1980

Six years is generally the time limit within which proceedings founded on contract may be bought. Actions for latent damages may be bought up to fifteen years after the damage occurs

  1. ASSOCIATE RECORDS
DocumentRetention periodReason for retention period
Where appropriate the associate records should be retained in line with permanent staffSee section Employee/Personnel records
  1. ADVISORY RECORDS
DocumentRetention periodReason for retention period
Personal details such as name, address, age, genderOne year after last communicationData Protection Act
Details of illnessOne year after last communicationData Protection Act
Details of adviceOne year after last communicationData Protection Act
  1. REFERENCES

https://ico.org.uk/media/for-organisations/documents/l475/deleting personal data.pdf