Data Retention Policy

Having completed an audit of the data held by Age Partnership, the Data Protection Act 2018 requires the Company to have in place a data retention policy that clearly defines how long we will hold your personal data, together with the reasoning behind the decision to hold that data.

Save for exceptional circumstances which must be raised with, and approved by, the Head of Compliance, all personal data must be retained in accordance with this policy. Often, in respect of certain types of information, we are under a legal obligation to retain the information for a minimum period of time. Where this is the case, the minimum time we have stipulated is the same as the time required under law. Furthermore, there are occasions where it is appropriate for us to retain personal data for longer than the period prescribed in law (for example, where there may be litigation in process or expected where the data will form part of the evidence in the case). In such circumstances the requirements of the litigation will override the policies outlined below.

Operating as we do within a regulated environment, we also have an obligation to hold some information on certain employees for a period of time that is longer than that for the majority of employees. This is to meet our legal obligations as stipulated by the Financial Conduct Authority (FCA) and covers employees working as Financial Advisors within our Wealth Management business. As set out in the data retention table below, we make a distinction between the retention periods required for these employees and that of the majority to avoid keeping data relating to anyone for longer than absolutely necessary.

Age Partnership is committed to enforcing this policy as it applies to all forms of data. The effectiveness of Age Partnership's efforts, however, depends largely on its employees. If you feel that you or someone else may have violated this policy, you should report the incident immediately to your Manager. If you are not comfortable bringing the matter up with your Manager, or do not believe the Manager has dealt with the matter properly, you should raise the matter with the Head of Compliance.

If employees do not report inappropriate conduct, Age Partnership may not become aware of a possible violation of this policy and may not be able to take appropriate corrective action. No one will be subject to and Age Partnership prohibits, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or cooperating in related investigations.

Where there is a requirement for the Company to retain information for longer periods of time, consideration must be given to whether any personal data within it should be ‘anonymised’ such that the data subject can no longer be identified but the contents and context of the document still reviewed and understood. Where, in the table below, the data is identified as being capable of being anonymised, anonymisation should take place as soon as reasonably possible once the need to retain the personal data has expired.

Data Retention Table

Type of Data Held Location of Data Source of Data Reason for Data Being Held Retention Period Current/Exemployee Retention Period for Unsuccessful Job Applicant Reason for Retention Period Delete/Anonymise
Full Name Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 6 years after having left employment 12 months Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. Anonymise
Dates of employment Hard drive, HR Management System (People HR) Internal records kept with HR Contractual Obligations 6 years after having left employment N/A Delete
Date of birth Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 6 years after having left employment 12 months Delete
Full address Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 1 year after having left employment 12 months Delete
Previous addresses Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 6 months after record is updated. N/A The information may be needed for a short period after it has been changed to confirm previous address history. Delete
Telephone numbers Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 1 year after having left employment 12 months Delete
Personal email address Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 1 year after having left employment 12 months Delete
Gender Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 1 year after having left employment 12 months Delete
Marital status and dependants Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations 1 year after having left employment N/A Delete
Next of kin and emergency contact information Hard drive, HR Management System (PeopleHR) Employee as part of fair processing notice Contractual Obligations Vital Interests Upon leaving employment N/A Delete
National Insurance Number Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations Legal Obligations 7 years after having left employment N/A Tax reporting purposes Delete
Bank details Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations Legal Obligations 6 months after having left employment N/A Delete
Tax Codes Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations Legal Obligations 7 years after having left employment N/A Tax reporting purposes Delete
Payroll Information This information includes the following embedded data, which, when held as part of our payroll obligations, have a longer retention period than that which applies to the same data types held on other systems for other purposes, listed separately in this document: Full name; Address; NI Number; Date of Birth; Telephone number; Email address; Bank Details; Full history of payrolls processed including payslips; Mandated deductions Hard drive, HR Management System (People HR) (Payroll company – Garbutt & Elliott) Employee as part of fair processing notice Contractual Obligations Legal Obligations 7 years after having left employment N/A Tax reporting purposes Delete
Copy of driving licence Hard drive, HR Management System (People HR) Employee as part of fair processing notice Contractual Obligations Legal Obligations 1 year after having left employment 12 months Delete
Medical information (i.e. information relating to disabilities or medicalinformation that may be needed). Hard drive, HR Management System (People HR) Employee, Medical Professional, Occupational Health Provider (Medigold). Legal Obligations Vital Interests To enable us to ensure your health and safety in the workplace, to assess your fitness for work, to provide reasonable adjustments where necessary and to monitor and manage sickness absence and administer pay and benefits. Upon leaving employment unless the data needs to be retained for the purposes of reporting or compliance with our legal obligations, in which case it will be retained for 6 years after leaving employment. N/A These records are classed as sensitive personal data, there is no need for the company to have any informationrelating to an employee’s medical history after they leave employment unless it needs to be retained in accordance with our legal obligations, including under the Equality Act 2010 Delete
Race, religion, sexual orientation (anonymised data) Hard drive, HR Management System (People HR) Employee Legal Obligations Consent/Explicit Consent To ensure equal opportunities 6 years after leaving employment 12 months Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. Anonymise
Contract of employment including any changes to the terms, such as flexible working requests. Hard drive, HR Management System (People HR) Contract of employment To ensure all employee records are accurate and to ensure both the company and its employees are complying with the terms of the contract of employment. 6 years after leaving employment N/A Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. Delete
Information about use of our electronic systems Hard drive, HR Management System (People HR) Employee, Internal computer systems. Contractual Obligations Legal Obligations 1 year after having left employment N/A Delete or anonymise
Disciplinary history Hard drive, HR Management System (People HR) Internal records kept with HR Legitimate Interests: To ensure employee records are up to date and accurate. Upon expiry of disciplinary action or 6 years after termination of employment, whichever is sooner. N/A Many disciplinary notes expire after a set period and should be removed from the record upon expiry. Some, however, will need to be kept on record as evidence in the event of an employment tribunal claim or other litigation, or for regulatory reasons. Delete
Performance Management Information Hard drive, HR Management System (People HR) Employee, Internal records. Legitimate Interests: To improve productivity and aid in the calculation of remunerative increase 1 year after having left employment N/A Delete
Grievances Hard drive, HR Management System (People HR) Employee, Internal records. Contractual Obligations Legal Obligations 6 years after leaving employment N/A Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. Delete
CVs Hard drive, HR Management System (People HR) Employee and/or recruitment agency Legitimate interest: To enable the assessment of candidates for jobs. 12 months after unsuccessful application 12 months To enable the defence of any claims arising out of a rejected application. Delete
Criminal records Hard drive, HR Management System (People HR) Employee and/or background checking service (Atlantic Data). Legal obligations Legitimate interests: To ensure that the employee is not prohibited from undertaking the employment and to ensure the Company is not putting employees or third parties at risk. Upon the expiry of the rehabilitation period or 6 months after termination of employment, whichever is sooner. Upon rejection of candidate Criminal records are highly sensitive information and the retention period balances the requirements of the Company against the rights of the subject and the harm that could be caused by the loss of this data. Delete
Background checks and searches plus credit report Hard drive, HR Management System (People HR) Background checking service (Atlantic Data), Former employers, Other referees, Educational Provider, employee. Legal obligations Legitimate interests: To ensure applicants are not prohibited from being employed in the role in question or prohibited from undertaking certain aspects of the role in question and/or to assess suitability for employment. Unless required to be kept by a code of practice or regulator, such records should be deleted upon the employee successfully passing their probation period. Upon rejection of candidate Once an applicant becomes an employee and has successfully passed probation this information is no longer required. This is only overridden where a regulator or code of practice obliges us to retain this information for a longer period of time Delete
Right to work documentation Hard drive, HR Management System (People HR) Employee, HMRC, Home Office. Contractual Obligations Legal Obligations 2 years after having left employment 12 months Delete
Employment history (training records, CPD, working hours, job titles, salary information, details of family related leave) Hard drive, HR Management System (People HR) Employee Contract of employment Training provider Internal records Contractual Obligations Legal Obligations 1 year after having left employment N/A Delete
Qualifications Hard drive, HR Management System (People HR) Employee Contract of employment Training provider Internal records Contractual Obligations Legal Obligations 6 years after having left employment 12 months Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. Delete
References Hard drive, HR Management System (People HR) Previous employers on behalf of employee Legal Obligations 6 years after having left employment 12 months Claims can be brought up to 6 years after the end of employment, so this information may be needed in defence of a claim. Delete

Data Retention Table - Wealth Management Department

As part of our obligations under the FCA regulations, we are obliged to retain certain types of data relating to employees working as Financial Advisors within Wealth Management. For all types of data not listed in the table below, the standard retention policy, as provided above, applies. For the specific types of data listed below, we here set out our retention periods and the reasons for these.

Type of Data Held Location of Data Source of Data Reason for Data Being Held Retention Period Current/Exemployee Retention Period for Unsuccessful Job Applicant Reason for Retention Period Delete/Anonymise
Full Name Hard drive, HR Management System (People HR) Employee as part of fair processing notice Legal Obligations Indefinitely, as per FCA regulations 12 months Claims can be brought up to 6 years after the end of employment, so this information may be needed in the event of a claim being brought. N/A
Dates of employment Hard drive, HR Management System (People HR) Internal records kept with HR Contractual Obligations Indefinitely, as per FCA regulations N/A Claims can be brought against Age Partnership for an indefinite period, so this information may be needed in the event of a claim being brought. N/A
Date of birth Hard drive, HR Management System (People HR) Employee as part of fair processing notice Legal Obligations Indefinitely, as per FCA regulations 12 months Information required to identify a former employee N/A
Full address Hard drive, HR Management System (People HR) Employee as part of fair processing notice Legal Obligations Indefinitely, as per FCA regulations 12 months Information required to identify a former employee N/A
CVs Hard drive, HR Management System (People HR) Employee and/or recruitment agency Legal Obligations: to show evidence of due diligence in verifying the individual prior to employment Indefinitely, as per FCA regulations 12 months In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee N/A
Background checks and searches plus credit report Hard drive, HR Management System (People HR) Background checking service (Atlantic Data), Former employers, Other referees, Educational Provider, Employee. Legal obligations: To ensure that the employee is not prohibited from undertaking the employment and to show evidence of proper due diligence Indefinitely, as per FCA regulations Upon rejection of candidate In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee N/A
References Hard drive, HR Management System (People HR) Previous employers on behalf of employee Legal Obligations Indefinitely, as per FCA regulations 12 months In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee N/A
Qualifications Hard drive, HR Management System (People HR) Employee Contract of employment, Training provider, Internal records Legal Obligations: To ensure that the employee is fully qualified to carry out the work and to show evidence of proper due diligence. Indefinitely, as per FCA regulations 12 months In line with FCA requirements to conduct due diligence as to the suitability and qualification of an employee N/A
CPD Records Hard drive, HR Management System (People HR) Internal Records Legal Obligations: To ensure that the employee is fully qualified to carry out the work and has maintained professional competence Indefinitely, as per FCA regulations N/A In line with FCA requirements to demonstrate maintenance of professional competence N/A

Date Policy Last Updated: May 2018

brigade