Last Updated November 2022
The corporate information, records and Data of Secure Screening Services Ltd. are important to how we conduct business.
There are legal and regulatory requirements for us to retain certain Data, usually for a specified amount of time. We also retain Data to help our business operate and to have information available when we need it. However, we do not need to retain all Data indefinitely.
This Data Retention Policy explains our requirements to retain Data and to dispose of Data and provides guidance on appropriate Data handling and disposal.
We may amend this Data Retention Policy from time to time
This policy covers all Data that we hold or have control over. This includes physical Data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic Data such as emails, electronic documents and CCTV recordings. It applies to both Personal Data and Non- Personal Data. In this policy we refer to this information and these records collectively as "Data".
This policy covers Data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. It also covers Data that belongs to us but is held by employees on personal devices.
This policy explains the differences between our Formal or Official Records, Disposable Information, confidential information belonging to others, Personal Data and Non-Personal Data. It also gives guidance on how we classify our Data.
This policy applies to all business units and functions of SECURE SCREENING SERVICES LIMITED in the UK.
Through this policy, and our Data retention practices, we aim to meet the following commitments:
Formal or official records. Certain Data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. Please see paragraph 6.1 below for more information on retention periods for this type of Data.
Disposable Information. Disposable Information consists of Data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or Data that may be safely destroyed because it is not a Formal or Official Record as defined by this policy and the Record Retention Schedule. Examples may include:
Personal Data. Both Formal or Official Records and Disposable Information may contain Personal Data; that is, Data that identifies living individuals. Data protection laws require us to retain personal Data for no longer than is necessary for the purposes for which it is processed (Storage Limitation Principle). See below for more information on this.
Confidential information belonging to others. Any confidential information that may have been obtained from a source outside of Secure Screening Services Limited, must not, so long as such information remains confidential, be disclosed to or used by us. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted.
8.1 Preservation of documents for contemplated litigation and other special situations. We require all employees to comply fully with our Record Retention Schedule and procedures as provided in this policy. If the Management Team informs employees that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, those records must be preserved and not be deleted, disposed of, destroyed, or changed, including emails and other electronic documents, until the Management Team determines those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.
Questions about the policy. Any questions about this policy should be referred to our Data Protection Officer, (dpo@securescreeningservices.com) who is in charge of administering, enforcing, and updating this policy.
This policy supplements and should be read in conjunction with our other policies and procedures in force from time to time.
Data: all Data that we hold or have control over and therefore to which this policy applies. This includes physical Data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic Data such as emails, electronic documents and CCTV recordings. It applies to both personal Data and non-personal Data. In this policy we refer to this information and these records collectively as "Data".
Data Retention Policy: this policy, which explains our requirements to retain Data and to dispose of Data and provides guidance on appropriate Data handling and disposal.
Disposable Information: Disposable Information consists of Data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or Data that may be safely destroyed because it is not a Formal or Official Record as defined by this policy and the Record Retention Schedule.
Formal or Official Record: certain Data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. We refer to this as Formal or Official Records or Data.
Non-Personal Data: Data which does not identify living individuals, either because it is not about living individuals (for example financial records) or because it has been fully anonymised.
Personal Data: any information identifying a living individual or information relating to a living individual that we can identify (directly or indirectly) from that Data alone or in combination with other identifiers we possess or can reasonably access. This includes special categories of personal Data such as health Data and pseudonymised personal Data but excludes anonymous Data or Data that has had the identity of an individual permanently removed. Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
Record Retention Schedule: the schedule attached to this policy which sets out retention periods for our Formal or Official Records.
Storage Limitation Principle: data protection laws require us to retain Personal Data for no longer than is necessary for the purposes for which it is processed. This is referred to in the GDPR as the principle of storage limitation.
Secure Screening Services Limited establishes retention or destruction schedules or procedures for specific categories of Data. This is done to ensure legal compliance (for example with our Data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs.
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Payroll records | Seven years after audit | Finance |
Supplier contracts | Seven years after contract is terminated | Finance |
Chart of Accounts | Permanent | Finance |
Fiscal Policies and Procedures | Permanent | Finance |
Permanent Audits | Permanent | Finance |
Financial statements | Permanent | Finance |
General Ledger | Permanent | Finance |
Investment records (deposits, earnings, withdrawals) | 7 years | Finance |
Invoices | 7 years | Finance |
Cancelled cheques | 7 years | Finance |
Bank deposit slips | 7 years | Finance |
Business expenses documents | 7 years | Finance |
Cheque registers/books | 7 years | Finance |
Property/asset inventories | 7 years | Finance |
Petty cash receipts/documents | 3 years | Finance |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Articles of Association | Permanent | Finance |
Board policies | Permanent | Finance |
Board meeting minutes | Permanent | Finance |
Tax or employee identification number designation | Permanent | Finance |
Office and team meeting minutes | Not required unless employee specific and then – 6 years after employment ends | Finance |
Annual corporate filings | Permanent | Finance |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Disciplinary, grievance proceedings records, oral/verbal, written, final warnings, appeals | 6 years after employment ends | HR |
Applications for jobs, interview notes – Recruitment/promotion panel Internal Where the candidate is unsuccessful Where the candidate is successful | Deleted 12 months from application. Duration of employment plus 7 years | HR |
Payroll input forms, wages/salary records, overtime/bonus payments Payroll sheets, copies | 7 years | HR |
Bank details – current | Duration of employment | HR |
Payrolls/wages | Duration of employment | HR |
Job history including staff personal records: contract(s), T's & C's; previous service dates; pay and pension history, pension estimates, resignation/termination letters | 6 years after employment ends | HR |
Employee address details | Duration of employment | HR |
Expense claims | 6 years after employment ends | HR |
Annual leave records | Duration of employment | HR |
Accident books Accident reports and correspondence | 6 years after employment ends | HR |
Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms | 6 years after employment ends | HR |
Pregnancy/childbirth certification | 6 years after employment ends | HR |
Parental leave | Duration of employment plus 6 years after employment | HR |
Maternity pay records and calculations | 6 years after employment ends | HR |
Redundancy details, payment calculations, refunds, notifications | 6 years after employment ends | HR |
Training and development records | Duration of employment plus 6 years | HR |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Signed | Permanent | Finance |
Contract amendments | Permanent | Finance |
Successful tender documents | Permanent | Finance |
Unsuccessful tenders’ documents | Permanent | Finance |
Tender – user requirements, specification, evaluation criteria, invitation | Permanent | Finance |
Contractors’ reports | Permanent | Finance |
Operation and monitoring, e.g., complaints | Permanent | Finance |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Platform data - email address, first and second name, address etc | Retained whilst organisation remains an active client and for a period of 5 years, for the purposes of re-screening. Following deletion, back- ups will be removed after 30 days. | Client |
Live chat history | Until no longer needed or requested to be deleted | Support |
CRM data – inclusive of Name, Email address, mobile number, address, emails and phone call summaries | Until no longer needed or requested to be deleted Support | Support |
Metrics data | Retained whilst organisation remains a client or deleted by user. Once an organisation request all records to be deleted, data will be anonymised | Development Team |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Personal Data in connection with candidate screening: Full name, date of birth, contact details, including telephone number, email address, postal address, postal address history, gender, educational history, work experience, training and qualifications, copy of passport or birth certificate, driving licence details, national insurance number, right to legally work in the UK, details of directorships, results of DBS checks, results of adverse media checks | It is a legal requirement that we retain your DBS checks records for at least 1 year from the date of collection. This applies even where you withdraw from the screening process before it is completed. We may also be required to share any information we hold on you to DBS. We will retain your name and email address only, for a period of 5 years, for the purposes of re-screening. | Candidate Support |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Name, email address | Kept until person unsubscribes / requests to be removed from system | Marketing & Sales |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
CCTV recordings | 30 to 90 days | Security / Management Team |
Personal data record category Payroll records | Retention period | Record owner |
---|---|---|
Recycle Bins | Cleared promptly once relevant data has been utilised and is no longer required. This system is implemented on an ongoing basis. | Individual employee |
Downloads | Cleared promptly once relevant data has been utilised and is no longer required. This system is implemented on an ongoing basis. | Individual employee |
Inbox | Cleared promptly once relevant data has been utilised and is no longer required. This system is implemented on an ongoing basis. | Individual employee |
Deleted Emails | Cleared promptly once relevant data has been utilised and is no longer required. This system is implemented on an ongoing basis. | Individual employee |
Local Drives & files | Cleared promptly once relevant data has been utilised and is no longer required. This system is implemented on an ongoing basis. | Individual employee |