Data Retention Policy – Fifty Five and Five
1. Introduction
1.1. This Data Retention Policy sets out the obligations of Fifty Five and Five Ltd (“the Company”) and the procedures in place to ensure our compliance with legal and regulatory requirements concerning the retention and deletion of personal data.
2. Scope
2.1. This policy applies to all personal data held by the Company, regardless of its format.
3. Principles
3.1. Data shall not be kept for longer than is necessary for its given purpose.
3.2. Personal data that is no longer required will be deleted or destroyed securely.
3.3. Specific retention periods should be established for different types of data based on legal, contractual, or operational requirements.
4. Retention Periods
4.1. Client Data: Client data will be retained for a period of seven years following the end of the contractual or business relationship, unless legal or regulatory requirements dictate otherwise.
4.2. Employee Data: Employee data will be retained for a period of seven years after the termination of employment.
4.3. Marketing Data: Data used for marketing purposes will be retained for a period of two years, unless the individual opts out or requests its removal before this period.
4.4. Financial Records: In accordance with the Companies Act 2006, financial records will be retained for a period of seven years from the end of the last company financial year they relate to.
5. Data Deletion
5.1. When the stipulated retention period has expired, the data in question will be permanently deleted or destroyed in a manner that ensures it cannot be reconstructed or read.
6. Review of Retained Data
6.1. Regular reviews will be conducted to determine the continued relevance and necessity of retaining specific sets of data.
6.2. If data is found to be obsolete, or its retention period has lapsed, and no other legal or contractual obligations require its continued retention, it will be deleted or destroyed securely.
7. Data Storage and Security
7.1. Personal data shall be stored in a manner that ensures its security, using technical and organisational measures.
7.2. All data will be stored securely, with access restricted to authorised personnel only.
7.3. Encryption will be used where feasible and appropriate, especially for sensitive or special category data.
8. Rights of Data Subjects
8.1. Data subjects have the right to request the erasure of their personal data at any time, subject to certain exceptions.
8.2. Data subjects can make a request for erasure verbally or in writing.
8.3. The Company has one month to respond to a request.
9. Policy Updates
9.1. This policy may be updated from time to time to reflect changes in legal, regulatory, or operational requirements. All stakeholders will be informed of any significant changes.
10. Queries and Complaints
10.1. If any individual has questions about this Data Retention Policy or how their data is handled, they are encouraged to contact our Data Protection Officer at chris.wright@fiftyfiveandfive.com.
10.2. Complaints should first be directed to the Data Protection Officer, and if unresolved, can be directed to the Information Commissioner’s Office (ICO).