Data Retention and Destruction Policy

www.mypthub.net
arrow_back_iosView All GDPR Legal Documents

Fitii Ltd - Data Retention and Destruction Policy (May 2018)


Content

  1. Policy Statement
  2. Responsibilities
  3. Retention Periods


1. Policy Statement

The Data Protection Act 1998, its anticipated successor and the General Data Protection Regulations 2018 (“GDPR Laws”) do not specify specific periods for data retention, deletion or destruction. The policy of data retention under the Data Retention (EC Directive) Regulations 2009 applies to a wide range of sources. This Fitii Data Retention & Destruction Policy will define how Fitii stores, retains, archives, retrieves and disposes of personal data (as defined in the GDPR Laws) that is receives, holds, uses and processes as it performs its services for consumers and those registered to use Fitii services on its website at www.mypthub.net.

Inappropriate retention of such personal data may lead to a breach of contract as well as a breach of legislation leading to potential financial or reputational loss. Should Fitii be subject to unexpected events such as business continuity issues or litigation there may be occasions where it needs to have access to the original personal data to protect its interests and those of its direct counterparties and other consumers who by agreement can use Fitii’s website services.

2. Responsibilities

The DP Laws aim to reduce the time that personal data is held by entities after the original consented purpose of it being held or processed has finished. Fitii has considered the nature of the data it holds, the services it provides, the methods and reasons for clients and its and their individual consumers giving their consent to Fitii and how such consented purposes ceases alongside the justified general legal (contract and tortious) and practical need to retain it. The conclusions of Fitii and its working policy is shown in the table in Section 3 below.

Directors and senior management of Fitii will ensure all employees are aware of this Data Retention & Destruction Policy and of the personal data retention periods as stated in this Policy. All personal data that is no longer required or used in accordance with the consent of the data subject (as defined in the DP Laws) will be destroyed in accordance with this Data Retention & Destruction Policy. Any personal data held in hard copy will be stored in locked cabinets or offsite in a secure location until that time.

It is incumbent upon all Fitii staff to ensure accurate records are maintained electronically to match any hard copy records held within Fitii and that the location of the file is recorded.

3. Retention/Destruction Periods

Document Type that holds personal data

Retention Period

Reason

Client Subscription Agreement/other service contracts with individuals

7 Years

Taxation investigation time limits + common law civil/contract law liability limitation period

Taxation related documents

7 Years

Taxation investigation time limits

Telephone Call Recordings

1 Year

If no issues have arisen then the view is taken that there is no longer a continuing need to hold the calls

Personnel files

7 years from date of employee leaving

Employment data for Taxation investigation time limits for assisting both the Company and the employees

Complaints

6 Years

Common law civil/contract law liability limitation period

Personal data held on My PT Hub website for services to be provided to the client consumer

7 Years

Common law civil/contract law liability limitation period and a reasonably justifiable time under GDPR for such reasons

Personal data will, so far as technologically possible at the time be deleted/redacted or otherwise destroyed as soon as reasonably practicable after the said retention period.

This Data Retention and Destruction Policy comes into force on 25 May 2018 and will be reviewed annually to by the Fitii Data Protection Officer ensure it remains fit for purpose.

May 2018