CPUK Group Data Retention Policy

Data Retention Policy

This policy sets out our obligations regarding the retention of personal data that we collect, hold and process, in accordance with the General Data Protection Regulation (GDPR). It details the types of personal data we hold, the periods for which that personal data is to be retained, the criteria for establishing and reviewing such periods, and when and how it is to be deleted or otherwise disposed of.

To ensure fair, processing, personal data will not be retained by us for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.

The length of time for which we need to retain personal data takes into account the legal and contractual requirements, both minimum and maximum, that influence the retention periods set out in this policy and furthermore in our data registers.

In addition to safeguarding the rights of data subjects under GDPR, we will ensure that we do not retain excessive amounts of personal data.

When the data held in accordance with our Data Protection Policy is destroyed, we will ensure that the data is destroyed securely.

This policy applies to all personal data held by us. For further information on other aspects of data protection and compliance with GDPR, please refer to our Data Protection Policy.

Data Disposal

Upon the expiry of the data retention periods set out within this policy and our data registers, or when a data subject exercises their right to have their personal data erased (if appropriate), personal data shall be deleted, or otherwise disposed of as follows:

• Personal data stored electronically shall be deleted
• Special category data stored electronically shall be deleted
• Personal data stored in a hardcopy form shall be shredded and recycled securely
• Special category data stored in a hardcopy form shall be shredded and recycled securely

Data Retention

As stated above, and as required by law we shall not retain any personal data for any longer than is necessary in light of the purpose for which the data is collected, held and processed.

When establishing and/or reviewing retention periods, we will take into account the following:

• The objectives and requirements of the company;
• The type of personal data in question;
• The purpose for which the data in question is collected, held and processed;
• The legal basis for collecting, holding and processing that data; and
• The category or categories of data subject to whom the data relates.

Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where we have made a decision to do so, whether in response to a request by a data subject or otherwise.

The table below shows our general minimum retention periods for data, after this period we will review whether the data should be retained or destroyed. More detailed information can be found in our data registers.

Category of Data & Maximum Retention Period
Company documents including accounting records: 7 years
Formal company documents: Indefinitely
Company meeting minutes: 10 years
Tax and accounting records: 7 years
Payroll and salary records: 7 years
HR and employment records: 7 years
Medical and safety records (Accidents books, records, reports, First aid, fire warden, and health and safety training, COSHH records, work permits, method statements and risk assessments): 30 years
Legal file, contracts, agreements, correspondence and records: 7 years
CCTV: 60 days
Working time including timesheets, overtime records and other documents relating to working time: Throughout employment and 2 years after leave date

Policy and Ownership Details
Document Name: Data Retention Policy Effective From; September 2018
Version Number: 1.0
Author: Sophie Mullen Owner: Steve Burke
Document Control: All printed versions of this document are classified as uncontrolled. A controlled version of this document is available from our website or intranet.

Revision History
Release Number: DR1
Date: September 2018
Revision Description: 1st draft of new policy incorporating new legislation
Author: Sophie Mullen

Working with and for CPUK will be a pleasure!