Data Retention and Destruction Policy

Fitii Ltd – Data Retention and Destruction Policy (May 2018)


  1. Policy Statement
  2. Responsibilities
  3. Retention Periods

1. Policy Statement

The Data Protection Act 1998, its anticipated successor and the General Data Protection Regulations 2018 (“GDPR Laws”) do not specify specific periods for data retention, deletion or destruction. The policy of data retention under the Data Retention (EC Directive) Regulations 2009 applies to a wide range of sources. This Fitii Data Retention & Destruction Policy will define how Fitii stores, retains, archives, retrieves and disposes of personal data (as defined in the GDPR Laws) that is receives, holds, uses and processes as it performs its services for consumers and those registered to use Fitii services on its website at Inappropriate retention of such personal data may lead to a breach of contract as well as a breach of legislation leading to potential financial or reputational loss. Should Fitii be subject to unexpected events such as business continuity issues or litigation there may be occasions where it needs to have access to the original personal data to protect its interests and those of its direct counterparties and other consumers who by agreement can use Fitii’s website services.

2. Responsibilities

The DP Laws aim to reduce the time that personal data is held by entities after the original consented purpose of it being held or processed has finished. Fitii has considered the nature of the data it holds, the services it provides, the methods and reasons for clients and its and their individual consumers giving their consent to Fitii and how such consented purposes ceases alongside the justified general legal (contract and tortious) and practical need to retain it. The conclusions of Fitii and its working policy is shown in the table in Section 3 below. Directors and senior management of Fitii will ensure all employees are aware of this Data Retention & Destruction Policy and of the personal data retention periods as stated in this Policy. All personal data that is no longer required or used in accordance with the consent of the data subject (as defined in the DP Laws) will be destroyed in accordance with this Data Retention & Destruction Policy. Any personal data held in hard copy will be stored in locked cabinets or offsite in a secure location until that time. It is incumbent upon all Fitii staff to ensure accurate records are maintained electronically to match any hard copy records held within Fitii and that the location of the file is recorded.

3. Retention/Destruction Periods

Document Type that holds personal data Retention Period Reason
Client Subscription Agreement/other service contracts with individuals 7 Years Taxation investigation time limits + common law civil/contract law liability limitation period
Taxation related documents 7 Years Taxation investigation time limits
Telephone Call Recordings 1 Year If no issues have arisen then the view is taken that there is no longer a continuing need to hold the calls
Personnel files 7 years from date of employee leaving Employment data for Taxation investigation time limits for assisting both the Company and the employees
Complaints 6 Years Common law civil/contract law liability limitation period
Personal data held on My PT Hub website for services to be provided to the client consumer 7 Years Common law civil/contract law liability limitation period and a reasonably justifiable time under GDPR for such reasons
Personal data will, so far as technologically possible at the time be deleted/redacted or otherwise destroyed as soon as reasonably practicable after the said retention period. This Data Retention and Destruction Policy comes into force on 25 May 2018 and will be reviewed annually to by the Fitii Data Protection Officer ensure it remains fit for purpose. May 201