Data Retention Policy
-
Purpose
- The purpose of this policy is to detail the procedures for the retention and disposal of information (including personal data) by of that Evolving Group Limited, a company incorporated in England & Wales and having company number 14295634 and its registered office at Thames House, Roman Square, Sittingbourne, England, ME10 4BJ (referred to as “we”, “us”, “our”, “Evolving Group” throughout this document retention and disposal policy (Policy)).
- Evolving Group’s aim is to ensure that data is not kept for longer than required for the purpose for which it was collected. We acknowledge that retention periods we use need to be reasonable and the purpose of this Policy is to set retention periods and/or criteria for determining how long data is held and stored. We will take all reasonable steps to securely destroy or erase all personal data from our systems that we no longer require in accordance with this Policy
- There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our business operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our business. As a growing international business, this Policy will be kept under review and we envisage that it will be changed and developed from time to time as the business matures. This Policy does not form part of any employee's contract of employment or staff member’s independent contractors’ agreement. We will update you when changes are made, and a copy of the revised Policy will be made available to you on the HR system - so please check there for the latest information.
- This Policy should be read in conjunction with our Data Protection Policy and definitions used in our Data Protection Policy will apply to this Policy. We appreciate that this is an area where you may have questions from time to time about whether documents or certain categories of documents need to be retained and please do not hesitate to ask for help by contacting info@vital-drinks.co.uk.
- Failure to comply with this Policy can expose us to fines and penalties, adverse publicity, difficulties in providing evidence when we need it and in running our business.
- The purpose of this policy is to detail the procedures for the retention and disposal of information (including personal data) by of that Evolving Group Limited, a company incorporated in England & Wales and having company number 14295634 and its registered office at Thames House, Roman Square, Sittingbourne, England, ME10 4BJ (referred to as “we”, “us”, “our”, “Evolving Group” throughout this document retention and disposal policy (Policy)).
-
Guiding Principles
- Through this Policy, and our data retention practices, we aim to meet the following commitments:
- We comply with legal and regulatory requirements to retain data.
- We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).
- We handle, store and dispose of data responsibly and securely.
- We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.
- We allocate appropriate resources, roles and responsibilities to data retention.
- We regularly remind employees and staff members of their data retention responsibilities.
- We regularly monitor and audit compliance with this policy and update this policy when required.
- Through this Policy, and our data retention practices, we aim to meet the following commitments:
-
Responsibilities
- The Evolving Group board are responsible for overseeing the implementation of this Policy.
-
Types of data and data classifications
- Formal or official records. Certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. Please see paragraph 5.1 below for more information on retention periods for this type of data.
-
Disposable information. Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule. Examples may include:
- Duplicates of originals that have not been annotated.
- Preliminary drafts of letters, memoranda, reports, worksheets, and informal notes that do not represent significant steps or decisions in the preparation of an official record.
- Books, periodicals, manuals, training binders, and other printed materials obtained from sources outside of Evolving Group and retained primarily for reference purposes.
- Spam and junk mail.
Please see paragraph 5.2 below for more information on how to determine retention periods for this type of data.
- Personal data. Both formal or official records and disposable information may contain personal data; that is, data that identifies living individuals. GDPR require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). See paragraph 5.3 below for more information on this.
- Confidential information belonging to others. Any confidential information that an employee or staff member may have obtained from a source outside of Evolving Group, such as a previous employer, must not, so long as such information remains confidential, be disclosed to or used by us. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted, if received via the internet.
-
Retention Periods
- Formal or official records. Any data that is part of any of the categories listed in the Record Retention Schedule contained in the Annex to this Policy, must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact info@vital-drinks.co.uk.
- Disposable information. The Record Retention Schedule will not set out retention periods for disposable information. This type of data should only be retained as long as it is needed for business purposes. Once it is no longer has any business purpose or value it should be securely disposed of.
- Personal data. As explained above, Data Protection Laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). Where data is listed in the Record Retention Schedule, we have taken into account the principle of storage limitation and balanced this against our requirements to retain the data. Where data is disposable information, you must consider the principle of storage limitation when deciding whether to retain this data.
- What to do if data is not listed in the Record Retention Schedule. If data is not listed in the Record Retention Schedule, it is likely that it should be classed as disposable information. However, if you consider that there is an omission in the Record Retention Schedule, or if you are unsure, please contact info@vital-drinks.co.uk.
-
Storage backup and disposal of data
- Storage: our records must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency should be duplicated and/or backed up in accordance with our Information Security Policy (as amended from time to time).
- Duplicate Records: Duplicates and local copies of HR documents containing personal data such as, (but not limited to) performance appraisals, contracts, email correspondence with you about your role, should only be kept for so long as is strictly necessary (after having ensured that HR maintains a master copy in the system) and in any event not beyond the designated retention period set out in the Record Retention Schedule. HR will be responsible for secure retention and disposal of HR Records.
- Destruction: confidential, financial, and HR related records should be destroyed by shredding. Non-confidential records may be destroyed by recycling. The destruction of electronic records or electronic equipment containing information must be coordinated with the IT Department.
- The destruction of records must stop immediately upon notification from Legal that a litigation hold is to begin because Evolving Group may be involved in a lawsuit or an official investigation. Destruction may begin again once Legal lifts the relevant litigation hold.
-
Mandatory compliance with this policy
- We must all comply with this policy and the Records Retention Schedule. Failure to do so could subject us to serious civil and/or criminal liability (depending on the circumstances) so we all need to take our obligations seriously. If you fail to comply with this Policy it may result in disciplinary action or termination of employment.
- Reporting Policy Violations: we are committed to enforcing this Policy as it applies to all forms of records. The effectiveness of our efforts depends largely on you assisting us with implementing this policy. Please let management know about any possible violation of this Policy so that we can investigate and (where necessary) take appropriate corrective action.
- Responsibility for Monitoring: the Evolving Group board are responsible for identifying the documents that we must or should retain, and determining the proper period of retention.
-
Internal Review and Policy Audits
- Evolving Group legal advisors will review this policy periodically.
- Any questions about this policy should be referred to info@vital-drinks.co.uk.
APPENDIX
Record Retention Schedule
Occasionally Evolving Group establishes retention or destruction schedules or procedures for specific categories of records. This is done to ensure legal compliance, compliance with the Data Protection Laws and accomplish other objectives - such as protecting intellectual property and controlling costs. You should give special consideration to the categories of documents listed in the record retention schedule below. Avoid retaining a record if there is no business reason for doing so and consult with Evolving Group’s legal advisors if unsure.
RECORD | RETENTION PERIOD | Owner/Department | Comments |
---|---|---|---|
HR Records |
|||
Staff applications and interview records of unsuccessful candidates (electronic and paper) |
2 years from notification that application unsuccessful unless agreement to hold details on file. |
HR |
|
Staff records including right to work checks; working time; holiday; performance and discipline; payroll; maternity; (electronic and paper) |
5 years from termination of employment |
HR |
Decided to adopt a 5 year retention period for all HR records to ensure that review and deletion process is workable in practice |
Email Management |
Regular quarterly reminders will be sent by IT to encourage employees or staff members to reduce inbox size and delete disposable information not required to be kept under record retention requirements Email box to be reviewed according to HR/IT guidelines (issued from time to time) during notice period and prior to termination of employment. |
|
Some periods may be extended based on Evolving Group's legitimate interest e.g. to make-/defend against claims
Email management and retention is under review and guidelines will be issued from time to time. |
Health and Safety |
|
|
|
Accident Records, Reportable accidents, death or injury in connection with work; Risk assessment reports, health and safety correspondence and training records |
10 years from date report was made |
|
|
Fire Safety Certificates |
Permanent |
|
|
Corporate Records |
|
|
|
Articles of Incorporation, Bylaws, Corporate Seal |
Permanent |
Finance |
|
Annual corporate filings and reports to government departments or regulators |
Permanent |
Finance |
|
Core policies, resolutions, meeting minutes, and committee meeting minutes |
Permanent |
Finance |
|
Contracts |
10 years from date contract is terminated or expires |
Finance |
|
Construction documents |
Permanent |
Finance |
|
Emails (business related) |
3 years |
Finance |
|
Fixed Asset Records |
Permanent |
Finance |
|
Accounting and Finance |
|
|
|
General ledger produced for preparing certified financial statements |
10 years |
Finance |
|
Creditor ledger |
10 years |
|
|
Other ledger and reported audit trails |
10 years |
|
|
Annual audit reports and financial statements |
10 years |
|
|
Annual plans and budgets |
10 years |
|
|
Bank statements and reconciliations (including electronic banking) |
10 years |
|
|
Paid presented cheques and records of all cheques drawn for payment |
10 years |
|
|
Cheque records/books received, butts, cancelled etc |
10 years |
|
|
Business expense records |
10 years |
|
|
Journal entries |
10 years |
|
|
Debtors records and invoices |
10 years |
|
|
Credit notes and refunds |
10 years |
|
|
Bad debts/overpayments |
10 years |
|
|
Petty cash vouchers |
10 years |
|
|
Tax Records |
|
|
|
Filings of fees paid to professionals |
10 years |
|
|
Employee or staff member pay histories |
10 years |
|
|
Tax returns |
10 years |
|
|
Legal and Insurance Records |
|
|
|
Appraisals |
Permanent |
Legal/Finance |
|
Copyright registrations |
Permanent |
|
|
Environmental studies |
Permanent |
|
|
Insurance claims/ applications |
Permanent |
|
|
Insurance disbursements and denials |
Permanent |
|
|
Insurance contracts and policies (Directors and Officers, General Liability, Property, Employers Liability and Workers Compensation) |
Permanent |
|
|
Leases |
10 years after expiration |
|
|
Patents, patent applications, supporting documents |
Permanent |
|
|
Real estate documents (including loan and mortgage contracts, deeds) |
Permanent |
|
|
Trademark registrations, evidence of use documents |
Permanent |
|
|
Warranties |
Duration of warranty + 10 years |
|
|
Legal Correspondence |
10 years |
|
|
Customer /Prospective Customer Records |
|
|
|
Business contact information of customer |
Duration of Contract whilst customer plus 6 months or longer if there is an ongoing dispute with the customer |
Business unit /sales and marketing |
Data to be retained after termination of the customer’s contract on the basis that there may be issues that need to be resolved post-termination, such as recovering fees, dealing with complaints etc. Data may be retained for longer if there is an ongoing dispute with the customer. |
Contact Information of prospective customers |
2 years |
Business unit/sales and marketing |
2 years is a reasonable sales cycle timeframe provided that (a) you are using company emails only e.g. sales@company.com (although name@company.com is acceptable in the UK); and (b) an opt-out is enabled and the individual has not objected. |
Customer login data |
Permanent whilst current customer 6 months after termination |
|
Data to be retained after termination of the customer’s contract on the basis that there may be issues that need to be resolved post-termination. |
Customer data submitted to request materials from website |
1 year |
|
Data may be used for direct marketing purposes subject to customer opt-out. |
Data submitted through “contact us” page on our websites |
1 year |
|
Data may be used for direct marketing purposes subject to customer opt-out. |
Website usage/analysis data |
2 years or the period specified by the relevant third-party cookie provider. |
|
For third party cookies data is retained in accordance with the cookie provider’s own data retention policy. |
Data supplied by third party merchants |
|
|
|
Financial Data received from customers use of products/services |
Until they cease use of products/services and for as long as relevant for product improvement purpose |
|
|
Marketing preferences |
Indefinitely as long as someone has not opted out of marketing communications |
Business unit, Sales and marketing |
Marketing preferences need to be stored indefinitely to ensure that Evolving Group does not contact individuals who have asked to unsubscribe from marketing communications |
Marketing suppression lists |
Indefinitely |
Business unit, Sales and marketing |
To ensure Legal compliance and to not break any laws with regard to contacting people who have opted out of communications. These can be updated by individuals at any time |
Transaction data |
Duration of contract + 10 years |
Business unit, Finance |
Necessary in case there is a legal claim relating to a transaction. |
Customer contracts |
Duration of contract + 10 years |
Business unit, Finance |
Necessary in case there is a legal claim relating to a customer’s contract. |
Financial data (bank account details, payment card details) |
|
|
|
Third Party Supplier Records |
|
|
|
Business contact information of suppliers |
Duration of contract + 6 months or longer if there is an ongoing dispute with the supplier. |
Business unit, Sales and marketing |
Data to be retained after termination of the supplier’s contract on the basis that there may be issues that need to be resolved post-termination, such as paying fees, resolving complaints etc. Data may be retained for longer if there is an ongoing dispute with the supplier. |
Transaction data (showing purchases made from supplier) |
Duration of contract + 6 years |
Business unit, Sales and marketing |
Necessary in case there is a legal claim relating to a transaction. |
Supplier contracts |
Duration of contract + 6 years |
Business unit, Sales and marketing |
Necessary in case there is a legal claim relating to a supplier’s contract. |