Data Retention Policy
Having completed an audit of the data held by Age Partnership, the Data Protection Act 2018 requires the Company to have in place a data retention policy that clearly defines how long we will hold your personal data, together with the reasoning behind the decision to hold that data.
Save for exceptional circumstances which must be raised with, and approved by, the Head of Compliance, all personal data must be retained in accordance with this policy. Often, in respect of certain types of information, we are under a legal obligation to retain the information for a minimum period of time. Where this is the case, the minimum time we have stipulated is the same as the time required under law. Furthermore, there are occasions where it is appropriate for us to retain personal data for longer than the period prescribed in law (for example, where there may be litigation in process or expected where the data will form part of the evidence in the case). In such circumstances the requirements of the litigation will override the policies outlined below.
Operating as we do within a regulated environment, we also have an obligation to hold some information on certain employees for a period of time that is longer than that for the majority of employees. This is to meet our legal obligations as stipulated by the Financial Conduct Authority (FCA) and covers employees working as Financial Advisors within our Wealth Management business. As set out in the data retention table below, we make a distinction between the retention periods required for these employees and that of the majority to avoid keeping data relating to anyone for longer than absolutely necessary.
Age Partnership is committed to enforcing this policy as it applies to all forms of data. The effectiveness of Age Partnership's efforts, however, depends largely on its employees. If you feel that you or someone else may have violated this policy, you should report the incident immediately to your Manager. If you are not comfortable bringing the matter up with your Manager, or do not believe the Manager has dealt with the matter properly, you should raise the matter with the Head of Compliance.
If employees do not report inappropriate conduct, Age Partnership may not become aware of a possible violation of this policy and may not be able to take appropriate corrective action. No one will be subject to and Age Partnership prohibits, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or cooperating in related investigations.
Where there is a requirement for the Company to retain information for longer periods of time, consideration must be given to whether any personal data within it should be ‘anonymised’ such that the data subject can no longer be identified but the contents and context of the document still reviewed and understood. Where, in the table below, the data is identified as being capable of being anonymised, anonymisation should take place as soon as reasonably possible once the need to retain the personal data has expired.
Data Retention Table
Type of Data Held | Location of Data | Source of Data | Reason for Data Being Held | Retention Period Current/Exemployee | Retention Period for Unsuccessful Job Applicant | Reason for Retention Period | Delete/Anonymise |
---|---|---|---|---|---|---|---|
Full Name | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 6 years after having left employment | 12 months | Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. | Anonymise |
Dates of employment | Hard drive, HR Management System (People HR) | Internal records kept with HR | Contractual Obligations | 6 years after having left employment | N/A | Delete | |
Date of birth | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 6 years after having left employment | 12 months | Delete | |
Full address | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 1 year after having left employment | 12 months | Delete | |
Previous addresses | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 6 months after record is updated. | N/A | The information may be needed for a short period after it has been changed to confirm previous address history. | Delete |
Telephone numbers | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 1 year after having left employment | 12 months | Delete | |
Personal email address | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 1 year after having left employment | 12 months | Delete | |
Gender | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 1 year after having left employment | 12 months | Delete | |
Marital status and dependants | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations | 1 year after having left employment | N/A | Delete | |
Next of kin and emergency contact information | Hard drive, HR Management System (PeopleHR) | Employee as part of fair processing notice | Contractual Obligations Vital Interests | Upon leaving employment | N/A | Delete | |
National Insurance Number | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations Legal Obligations | 7 years after having left employment | N/A | Tax reporting purposes | Delete |
Bank details | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations Legal Obligations | 6 months after having left employment | N/A | Delete | |
Tax Codes | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations Legal Obligations | 7 years after having left employment | N/A | Tax reporting purposes | Delete |
Payroll Information This information includes the following embedded data, which, when held as part of our payroll obligations, have a longer retention period than that which applies to the same data types held on other systems for other purposes, listed separately in this document: Full name; Address; NI Number; Date of Birth; Telephone number; Email address; Bank Details; Full history of payrolls processed including payslips; Mandated deductions | Hard drive, HR Management System (People HR) (Payroll company – Garbutt & Elliott) | Employee as part of fair processing notice | Contractual Obligations Legal Obligations | 7 years after having left employment | N/A | Tax reporting purposes | Delete |
Copy of driving licence | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Contractual Obligations Legal Obligations | 1 year after having left employment | 12 months | Delete | |
Medical information (i.e. information relating to disabilities or medicalinformation that may be needed). | Hard drive, HR Management System (People HR) | Employee, Medical Professional, Occupational Health Provider (Medigold). | Legal Obligations Vital Interests To enable us to ensure your health and safety in the workplace, to assess your fitness for work, to provide reasonable adjustments where necessary and to monitor and manage sickness absence and administer pay and benefits. | Upon leaving employment unless the data needs to be retained for the purposes of reporting or compliance with our legal obligations, in which case it will be retained for 6 years after leaving employment. | N/A | These records are classed as sensitive personal data, there is no need for the company to have any informationrelating to an employee’s medical history after they leave employment unless it needs to be retained in accordance with our legal obligations, including under the Equality Act 2010 | Delete |
Race, religion, sexual orientation (anonymised data) | Hard drive, HR Management System (People HR) | Employee | Legal Obligations Consent/Explicit Consent To ensure equal opportunities | 6 years after leaving employment | 12 months | Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. | Anonymise |
Contract of employment including any changes to the terms, such as flexible working requests. | Hard drive, HR Management System (People HR) | Contract of employment | To ensure all employee records are accurate and to ensure both the company and its employees are complying with the terms of the contract of employment. | 6 years after leaving employment | N/A | Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. | Delete |
Information about use of our electronic systems | Hard drive, HR Management System (People HR) | Employee, Internal computer systems. | Contractual Obligations Legal Obligations | 1 year after having left employment | N/A | Delete or anonymise | |
Disciplinary history | Hard drive, HR Management System (People HR) | Internal records kept with HR | Legitimate Interests: To ensure employee records are up to date and accurate. | Upon expiry of disciplinary action or 6 years after termination of employment, whichever is sooner. | N/A | Many disciplinary notes expire after a set period and should be removed from the record upon expiry. Some, however, will need to be kept on record as evidence in the event of an employment tribunal claim or other litigation, or for regulatory reasons. | Delete |
Performance Management Information | Hard drive, HR Management System (People HR) | Employee, Internal records. | Legitimate Interests: To improve productivity and aid in the calculation of remunerative increase | 1 year after having left employment | N/A | Delete | |
Grievances | Hard drive, HR Management System (People HR) | Employee, Internal records. | Contractual Obligations Legal Obligations | 6 years after leaving employment | N/A | Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. | Delete |
CVs | Hard drive, HR Management System (People HR) | Employee and/or recruitment agency | Legitimate interest: To enable the assessment of candidates for jobs. | 12 months after unsuccessful application | 12 months | To enable the defence of any claims arising out of a rejected application. | Delete |
Criminal records | Hard drive, HR Management System (People HR) | Employee and/or background checking service (Atlantic Data). | Legal obligations Legitimate interests: To ensure that the employee is not prohibited from undertaking the employment and to ensure the Company is not putting employees or third parties at risk. | Upon the expiry of the rehabilitation period or 6 months after termination of employment, whichever is sooner. | Upon rejection of candidate | Criminal records are highly sensitive information and the retention period balances the requirements of the Company against the rights of the subject and the harm that could be caused by the loss of this data. | Delete |
Background checks and searches plus credit report | Hard drive, HR Management System (People HR) | Background checking service (Atlantic Data), Former employers, Other referees, Educational Provider, employee. | Legal obligations Legitimate interests: To ensure applicants are not prohibited from being employed in the role in question or prohibited from undertaking certain aspects of the role in question and/or to assess suitability for employment. | Unless required to be kept by a code of practice or regulator, such records should be deleted upon the employee successfully passing their probation period. | Upon rejection of candidate | Once an applicant becomes an employee and has successfully passed probation this information is no longer required. This is only overridden where a regulator or code of practice obliges us to retain this information for a longer period of time | Delete |
Right to work documentation | Hard drive, HR Management System (People HR) | Employee, HMRC, Home Office. | Contractual Obligations Legal Obligations | 2 years after having left employment | 12 months | Delete | |
Employment history (training records, CPD, working hours, job titles, salary information, details of family related leave) | Hard drive, HR Management System (People HR) | Employee Contract of employment Training provider Internal records | Contractual Obligations Legal Obligations | 1 year after having left employment | N/A | Delete | |
Qualifications | Hard drive, HR Management System (People HR) | Employee Contract of employment Training provider Internal records | Contractual Obligations Legal Obligations | 6 years after having left employment | 12 months | Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. | Delete |
References | Hard drive, HR Management System (People HR) | Previous employers on behalf of employee | Legal Obligations | 6 years after having left employment | 12 months | Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. | Delete |
Data Retention Table - Wealth Management Department
As part of our obligations under the FCA regulations, we are obliged to retain certain types of data relating to employees working as Financial Advisors within Wealth Management. For all types of data not listed in the table below, the standard retention policy, as provided above, applies. For the specific types of data listed below, we here set out our retention periods and the reasons for these.
Type of Data Held | Location of Data | Source of Data | Reason for Data Being Held | Retention Period Current/Exemployee | Retention Period for Unsuccessful Job Applicant | Reason for Retention Period | Delete/Anonymise |
---|---|---|---|---|---|---|---|
Full Name | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Legal Obligations | Indefinitely, as per FCA regulations | 12 months | Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. | N/A |
Dates of employment | Hard drive, HR Management System (People HR) | Internal records kept with HR | Contractual Obligations | Indefinitely, as per FCA regulations | N/A | Claims can be brought against Age Partnership for an indefinite period, so this information may be needed in the event of a claim being brought. | N/A |
Date of birth | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Legal Obligations | Indefinitely, as per FCA regulations | 12 months | Information required to identify a former employee | N/A |
Full address | Hard drive, HR Management System (People HR) | Employee as part of fair processing notice | Legal Obligations | Indefinitely, as per FCA regulations | 12 months | Information required to identify a former employee | N/A |
CVs | Hard drive, HR Management System (People HR) | Employee and/or recruitment agency | Legal Obligations: to show evidence of due diligence in verifying the individual prior to employment | Indefinitely, as per FCA regulations | 12 months | In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee | N/A |
Background checks and searches plus credit report | Hard drive, HR Management System (People HR) | Background checking service (Atlantic Data), Former employers, Other referees, Educational Provider, Employee. | Legal obligations: To ensure that the employee is not prohibited from undertaking the employment and to show evidence of proper due diligence | Indefinitely, as per FCA regulations | Upon rejection of candidate | In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee | N/A |
References | Hard drive, HR Management System (People HR) | Previous employers on behalf of employee | Legal Obligations | Indefinitely, as per FCA regulations | 12 months | In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee | N/A |
Qualifications | Hard drive, HR Management System (People HR) | Employee Contract of employment, Training provider, Internal records | Legal Obligations: To ensure that the employee is fully qualified to carry out the work and to show evidence of proper due diligence. | Indefinitely, as per FCA regulations | 12 months | In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee | N/A |
CPD Records | Hard drive, HR Management System (People HR) | Internal Records | Legal Obligations: To ensure that the employee is fully qualified to carry out the work and has maintained professional competence | Indefinitely, as per FCA regulations | N/A | In line with FCA requirements to demonstrate maintenance of professional competence | N/A |
Date Policy Last Updated: May 2018