GDPR – DATA RETENTION POLICY WITH SCHEDULE

This is the Data Retention Policy of BR Forklift Training Services

Introduction

We recognise that in the running of our business, we collect and process personal data from a variety of sources. This personal information is collated in several different formats including letters, emails, legal documents, training records, images and statements. The personal data is held in both hard copy and electronic form.

Aims of the policy
Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfil our statutory obligations and the provision of goods or/and services – as required by the data protection legislation, including the General Data Protection Regulation (GDPR).
Retention

This retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices.

Decisions around retention and disposal should be taken in accordance with this policy.
Where a retention period of a specific document has expired, a review should always be carried out prior to the disposal of the document. This does not have to be time-consuming or complex. If a decision is reached to dispose of a document, careful consideration should be given to the method of disposal.

Responsibility

Ronald Stevens is responsible to keep this retention schedule up to date, to reflect changing business needs, new legislation, changing perceptions of risk management and new priorities for our business. Clifford Hickton is responsible for determining (in accordance with this Policy) whether to retain or dispose of specific documents.
Ronald Stevens may delegate the operational aspect of this function to Beverly Stevens. Beverly Stevens should inform Ronald Stevens if in any doubt about minimum retention periods or if the retention of a document is necessary for a potential claim.

Disposal

We must ensure that personal data is securely disposed of when it’s no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.
The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:

• Non-Confidential records: place in waste paper bin for disposal
• Confidential records: shred documents
• Deletion of Computer Records
• Transmission of records to an external body
• Cloud storage

The table below contains the retention period that we have assigned to each type of record. This will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods.
Exceptional circumstances should be reported to Ronald Stevens without delay.
Date created: 13/09/2023
Date of review: 13/09/2024
Appendix 1: Document retention schedule
Type of record Retention period Where is it stored? Reason Method of deletion

Employment records:
Medical and health records 6 years after employment ceases File Cabinmate (LOCKED) Contained within training records shredding
Accident report forms 3 years after last action File Cabinet (LOCKED) LEGAL Shredding

Commercial contracts:
Contracts with suppliers 6 years after last action Hard Drive Supply contract Deletion from Hard drive
Purchase orders and invoices 7 years after last action Online Accounts Accounting/HMRC Deletion

Tax and Accounting Records:

Tax returns 10 years from end of fiscal year Hard Drive Audit Deletion
Accounting & financial management information 6 years from end of fiscal year Hard Drive Audit Deletion
Marketing records:
Mailing lists 1 year after last action Cloud Server To assist with audit Deletion
Operational records:
Operational Recordings Destroy same day as training. Mobile Phone Feed back driving errors whilst training Deletion
Fire Risk Assessments Retain until superseded Hard Drive Accessibility Deletion
Policies/Procedures 7 years Folder in office Accessibility Shredding
Complaints 6 years from end of fiscal year Hard Drive Accessibility Deletion
Employer’s liability insurance certificates Life of company Office Wall Can be identified by anyone Shredding
Email records:
Email correspondence [Archive emails after 6 months] Online Exchange Future correspondence Microsoft Exchange 2019

Leave a Message

We're not around right now. But you can send us an email and we'll get back to you, asap.