data retention and deletion policy ref no: org020

of 27 V 0.5

Data Retention and Deletion Policy Ref No: ORG020

Please contact HR if you require the document in large print, Braille or another language or alternative format.

Issue Date: 3rd Feb 2021 Review date : 2022

Publication/Distribution

• Publication on the shared drive

• Cascade through relevant line management

Target Audience:

• All employees and Volunteers

Related documents

• ORG08 Data Protection Policy

Name Stephen Conway

Signature

Position Chief Executive

Date 3rd February 2021

of 27 V 0.5

Document Version Control

Date Version Status Author Details of Change

April 18 0.1 Draft Clare

Watson Draft new policy

June 18 0.2 Live SMG Review

December 2018

0.3 Draft Clare

Watson Additional items added

Feb 2020 0.4 Live Clare

Watson Member and volunteer retention

changes

Feb 2021 0.5 Live Clare

Watson Retention changes and responsibilities

1 Purpose

of 27 V 0.5

The purpose of this policy is to detail the procedures for the retention and disposal of information to ensure that the Deafblind UK Group carry out consistently and fully document any actions taken. Unless other wise stated retention and disposal refers to both electronic and paper documents. 2. How long should we keep our records? Under the UK General Data Protection Regulation records should only be kept for as long as necessary for the purpose of which it was collected. The primary actors that inform decisions on retention are:

1. Business Need 2. Legislative and regulatory requirements 3. National Archive requirements/legislation

3. Disposal Schedule 3.1 This section sets out approved document retention periods in order that the DBUK Group may meet its statutory and legal responsibilities and comply with the General Data Protection Regulation and other legal obligations. 3.2 Retention Documentation may be retained for a longer period of time than stated in this document, but explicit reasons for doing so must be recorded. 3.3 Formats Paper (e.g. files, forms, folders) or electronic (e.g. word processed documents, databases, spreadsheets, web, scanned images). Records held electronically must not remain accessible once deleted. 3.4 Storage and Disposal Records on disposal schedules will fall into three main categories.

1. Destroy after the agreed period. Where the useful life of records can be easily predetermined

2. Automatically select for permanent preservation. Where certain groups of records can be readily defined as worthy of permanent retention

3. Review 3.5 Destruction

• Information containing personal data must be placed in a secure shredding bin or put through the supplied shredder

• Electronic equipment containing information should be destroyed using killdisc for individual folders. Alternatively, a certificate should be obtained from an approved provider stating that killdisc had been used

• Destruction of electronic records should render them non-recoverable

• Permanent Disposal: Before undertaking permanent disposal of data approval should be obtained by a Head of Service or above.

of 27 V 0.5

4 Sharing of information 4.1 Duplicate records should be destroyed. Where information is regularly shared between departments only the original record should be retained. 4.2 Where information is shared outside of the Deafblind UK Group we will ensure that adequate procedures are in place to ensure information is managed inline with the UK General Data Protection Regulation and other regulatory guidance. 5 Refreshing Details It is essential that we have a process in place to refresh that data and consent we hold to ensure that the information is accurate and up to date.

Record Type Refresh Period

Method Where recorded

Members and Carers

3 years Ongoing as part of all interactions Raisers Edge

Employees 2 years Personal details refresh form/email to self update on Capita

Capita

Volunteers 2 years As part of yearly survey Raisers Edge

Donors and Event participants

2 Years Ongoing as part of all interactions Raisers Edge

Customers

2 Years Part of annual support plan review S/Drive

Trusts 2 Years Ongoing as part of all interactions Raisers Edge

Professionals

2 Years Ongoing as part of all interactions Raisers Edge

Organisations 2 Years Ongoing as part of all interactions Raisers Edge

6 Audit Trail 6.1 You are required to document the disposal of records that are either shredded or deleted either within or outside the deletion periods in the schedule below. 6.2 This will provide an audit trail for any inspections carried out by the ICO 6.3 Please see relevant process within your department 7 Monitoring Responsibility for monitoring the disposal of documents rests with the Executive Management Team . 8 Disposal Schedule

of 27 V 0.5

Department Human Resources

Heading Data / Document Type Required Retention

Comments Responsibility

Networx Candidate Account Deactivated automatically

after 12 months of

inactivity and data deleted

A deactivated candidate will no longer be searchable in the

candidate system or sent any emails from the system.

There will be no possibility of recovering the deleted information

1 month after deletion.

Director of Finance and Deputy Chief Executive

Recruitment Files Application Forms, CV’s 1 year Deleted automatically on ATS system by Networx and/or deleted from folders 12 months after role

closes.

Director of Finance and Deputy Chief

Executive

Interview Notes Non-successful

candidates 12 Months

Successful candidates 6

years after the end of

contract.

For non-successful candidates interview notes are deleted 12

months after role closes

For successful candidate paper copies are passed to HR and kept

on employee paper file


Executive

Appointment details 6 years after the end of

Such as application form, authorisation to appoint, proof of


of 27 V 0.5

contract eligibility to work in the UK, qualification certificates, employment references).

Executive

Employee Files and Board Member

Files

Paper and hard copy files 6 years after the end of contract

Includes:

• Personal details form which includes information the

protected characteristics and bank details.

• Personnel files

• Contract of employment and conditions of service

• Redundancy details

• Disciplinary Warnings

• voluntervolunteersrecord


Executive

Records relating to working time

2 years from the date on which they were made


Executive

Health Health Records (During Employment)

During employment


Health Records (Reason for termination is concerned

with health)

3 years Director of Finance and Deputy Chief Executive

Occupational Health Records

Medicals- Retain until employee aged 100


of 27 V 0.5

Other- 7 years after

assistance

Access to Work Access to Work non successful candidate

delete immediately

Successful candidate 6

years after the end of contract


Executive

Sickness Records Annual Leave, Sickness, statutory maternity Pay

records and calculations, certificates or other medical

evidence

6 years after the end of the employment

contract

3 years after the end of the

tax year in which the maternity

period ends


Executive

And

Head of Finance

Statutory Sick pay records and calculations


tax year to which they

relate

Head of Finance

of 27 V 0.5

Criminal Disclosure Checks

Photos of DBS documents After DBS submitted destroyed


Executive

Information about criminal records

After conclusion of

review

• unless clearly relevant to ongoing employment

• Keep record that check was satisfactory

• Delete once conviction spent


Executive

DBS Panel Review Paperwork

After conclusion of

review

• unless clearly relevant to ongoing employment




Executive and Director of Operations

Employee Benefits Perkbox 6 Years after the end of contract


Executive

Busy Bees 6 Years after the end of contract


Executive Pension and Retirement

Pension details 6 years Head of Finance

Income Tax Records and

Wages

Income tax and NI returns 6 years after the end of the pay reference

Tax records and correspondence with Inland Revenue

Head of Finance

of 27 V 0.5

Department Volunteer Management



Recruitment Files Application Form - Online or paper based

12 Months Volunteers application on ATS auto delete after 12

months. Volunteer application

download Volunteer interview

questions


period

Wage/salary records, 6 years Including overtime and bonuses Head of Finance

Trustee’s Minutes books Permanently Chief Executive Officer

Staff Management 121 Notes Destroy immediately

after employment ended unless

pending investigation


Supervision Notes 7 years after employment has ended

Director of Operations

PDRs 6 years after employment

ended


of 27 V 0.5

Electronic HR file on boarding paperwork

Until cleared as volunteer

If withdraw

deleted immediately

If a volunteer goes on hold, will have to reapply after 3 months and initial paper

work destroyed


Volunteer Files Raisers Edge Record 6 years after inactive date

Or 6 months after the last contact with

the volunteer if not matched

Volunteer on boarding paperwork and Raisers Edge

record.

At 6 months the record becomes anonymised but

generic data held for reporting


Electronic File 3 months once cleared as a

volunteer

All documents in electronic Director of Operations

LMS Platform records 3 months after inactive date


Criminal Disclosure Checks

DBS Documentation Destroyed once check completed

Email and any copies of documents

Director of Finance and Deputy Chief Executive Director of Operations

DBS Panel Review Paperwork

Immediately • unless clearly relevant to ongoing employment




and Director of Operations

of 27 V 0.5

Training Training Accounts Account to be deleted once made inactive


Training Certificates 3 years after inactive date Or 12 months after the last contact with

the volunteer if not matched


Department Fundraising and Marketing



Marketing Press releases, statements and distribution campaigns

Permanent To be kept on S-drive Director of Fundraising

Marketing collateral, print and online including,

advertisements, brochures, leaflets, show programs,

banners, posters

Permanent Incase ASA bring a complaint forward for

investigation

For archive purposes

Director of Fundraising

Logos & branding Permanent For archive purposes Director of Fundraising

Case studies Photos 3 years from date of consent

Refresh consent after 2.5 Years in photo still required


Photographs 3 years from date of

Refresh consent after 2.5 Years if photo still required


of 27 V 0.5

consent

Fundraising campaign plans, promotional materials and event

statistics

5 Years In case ASA bring a complaint forward for

investigation


Staff News Letter 7 years Director of Fundraising

Website and Online Communications

Website Content Current Only 3 Years for Photos and Case studies unless new

consent gained


Website Updates Destroy consent after 7

years


Facebook and Twitter posts 3 years 3 Years for Photos and Case studies unless new consent

gained


Fundraising Trust’s Records (Paper and electronic)

Destroyed after 20 years

Archived after 5 years Director of Fundraising

Corporate Records Archived after 5 years


Donors Records (Paper and Electronic)

6 years after Inactive date

5 years

If Gift Aid

If No gift Aid

Inactive 2 years after last donation


Legator Records (Paper and electronic)

5 years after Inactive date


Gift Aid Declaration 6 years from the end of the

Director of Fundraising and Head

of 27 V 0.5

accounting period they

relate to

of Finance

Direct Debit mandate The period the DD is valid


of Finance

Funding applications (Not awarded)

1Year Director of Fundraising and Head

of Finance

Funding applications (awarded)


funding


of Finance

Contract monitoring 2 years after the end of the

funding


of Finance

Events Information in relation to planning events

5 years after the event


of Finance

Department Membership Services



Recruitment Member and Carers referral forms, enquiry forms and

membership forms

Paper referral form, email and scan -1 month from

dated added to system

PDF version scanned and attached to members record


of 27 V 0.5

Member File Member/Carers File Inactive on request


Deceased and inactive members/Carers

6 years after inactive date


Request to be removed Immediately delete

Exception:- donated to DBUK and includes Gift Aid


Member enquiry (potential member)

2 months after enquiry

If not converted to full member


Email Enquires (CS referrals and CS enquires

mailboxes)

Delete 2 months after enquiry or

referral received


Organisations Organisation File 2 years after inactive date


Employee File 2 years after inactive date


Casework Member High Level Case Work

Destroy 2 years after last correspondenc

e


Legal Case Work Advice 6 years after support has

ended


Deafblind Assessment

Assessment booking form

6 years after assessment submitted

6 Years after assessment


of 27 V 0.5

completed

Counselling Counselling Assessment 4 years after sessions

completed


Department Care and Support Customers



New Customers Contract Request Forms 12 months after request if not accepted

as care package

Or

7 years after ceasing to be a

customer

To be kept on S:/Drive Director of Operations

Customer File Initial Assessment 7 years after ceasing to be a

customer


Support Plan 7 years after ceasing to be a

customer


Daily Support Records

7 Years Director of Operations

Incident forms

7 Years Director of Operations

Medication administration records (MAR Sheets)

7 years Director of Operations

of 27 V 0.5

Death Notices 10 Years Director of Operations



Department Facilities



Health and Safety Accident and Incidents records/reports

3 years Unless the individual is

under 21

To kept on S-Drive until deleted


Health Records 40 Years Director of Finance and Deputy Chief Executive

RIDDOR 3 years Director of Finance and Deputy Chief Executive

of 27 V 0.5

Risk Assessments 3 years Director of Finance and Deputy Chief Executive Director of Operations

Safe Operation procedures and Safe Systems of Work


Contractors Contractors Details 2 years after job completed

or after contract ends


Executive

Crime Reports 3 years Director of Finance and Deputy Chief Executive

Asset Management Asset and Depreciation records

6 years after the end of the financial year they relate to


Building and Land Managements

Records relating to property

5 years after property is no

longer owned or if paperwork supersedes

previous documents.


Records of Health and Safety Inspections

7 years from the end of the financial l year to which they

relate


of 27 V 0.5

Building inspections Retain until superseded

CCTV Recordings Destroy 4 weeks from the date recorded except where required as evidence


CCTV Audit Logs 1 year

Fire Risk Assessments Retain until superseded


COSH Assessments Retain until superseded


Department Quality and Compliance



Feedback Complaints 7 years after date resolved


Compliments 3 years after date received


Surveys Paper copy destroyed after 6 months, pdf

version held on file if individual

has given


of 27 V 0.5

permission to use

Accident/Incidents Accident, Incident and Near Miss Reports

3 years after the event


Safeguarding Safeguarding Reports 6 years Director of Operations

Information Governance

Information relating to compliance with information

governance policies


Breaches Information/reports in relation to Data Breaches

6 Years Director of Finance and Deputy Chief Executive

Data Protection Rights Request 8 Years Director of Finance and Deputy Chief Executive

Audits Audit Logs 2 Years Director of Finance and Deputy Chief Executive

Department Governance



Risk Management Risk Management 6 years Chief Executive

Risk Register 6 years Chief Executive

Policies Formal Policies 5 years Chief Executive

of 27 V 0.5

Internal, Committees and

Groups

Internal Committee meeting minutes

7 years Chief Executive

Member Forums 3 years Chief Executive

Business Continuity

Details of arrangements made for maintaining

Deafblind UKs capability to deliver services

7 years after event

Chief Executive

Department Business Development



Procurement Closed Tender Files 1 year Director of Operations

Contracts/Agreements 6 years after the end of the

contract

Including contract amendments


Contract Monitoring 2 years from the end of the

contract


E-tender Correspondence 6 months Director of Operations

Strategy, policy and procedure documentation

5 years Director of Operations

Stakeholder engagement

Meetings, speaking, engagement and

correspondence with

2 years after engagement has ended


of 27 V 0.5

business, LA etc

Research Projects Research data

Anonymised research data


Department Finance



Financial Management

Payments cash book or record of BACS/cheque

payments


and Head of Finance

Purchase Ledger 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Invoice 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Petty cash record 6 years Director of Finance and Deputy Chief Executive and Head of Finance

PO’s 6 years Director of Finance and Deputy Chief Executive and Head of Finance

of 27 V 0.5

Credit Card Req 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Accounting Records 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Payroll Income Tax and NI returns 3 years Director of Finance and Deputy Chief Executive and Head of Finance

Pension Opt Out Records 3 years Director of Finance and Deputy Chief Executive and Head of Finance

New starter payroll set up paper work

6 years Director of Finance and Deputy Chief Executive and Head of Finance

Statutory Notices (Matb1, SSP, Shared Parental, tax

code changes

7 years Director of Finance and Deputy Chief Executive and Head of Finance

Sage Payroll 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Expenses Volunteer 6 years Director of Finance and Deputy Chief Executive and Head

of 27 V 0.5

of Finance

Employee 6 years Director of Finance and Deputy Chief Executive and Head of Finance

Suppliers Records on SAP 6 years after last invoice

date

Director of Finance and Deputy Chief Executive and Head of Finance

Suppliers Invoices 6 years (Paper)


Banking Bank Statements 6 years (Paper)


Legacy Legacy paperwork 6 Years from receipt of

funds


Budgeting Budget Management Records

6 Years Director of Finance and Deputy Chief Executive and Head of Finance

Insurance Insurance Claims 3 Years Director of Finance and Deputy Chief Executive and Head of Finance

of 27 V 0.5

Insurance Policies Permanent Director of Finance and Deputy Chief Executive and Head of Finance

Department Training



Training Training booking forms 2 Years Director of Operations

Research Projects Research data

Anonymised research data

3 years after project

comepletyed

Direct`or of Operations

Webinars and eLearning

Enrolment registration on LMS

6 months Director of Operations

Department Information Technology



Raisers Edge Downloads

Exports 1 Month after export

All excel sheets with member and volunteer data

to be deleted

Director of Operations/ Director

of Fundraising

Downloads Download Folder 1 Month To be emptied each month and content of recycle bin

deleted

EMT

Department folders To be reviewed quartley

EMT

Scans Scans Folder To be deleted

of 27 V 0.5

once moved/attached to relevant

folder or record

EMT

Mail boxes Emails 3 Years Containing Personal Details EMT

Email Attachments 3 Years Containing Personal Details EMT

Office 365

Achieved Emails 6 Months All achieved emails automatically deleted every

6 months


Executive

Department SharePoint Files & Folders

1 Month All Data no longer required on SharePoint in each

department to be deleted


Executive

Personal SharePoint Files & Folders

1 Month Personal Data on Personal SharePoint Storage to be

deleted – 1TB Limit


Executive

Microsoft Office Teams (Internal communication)

6 Months All Microsoft Teams Chat histories containing to be deleted every 6 months


Executive

Anti Virus Log messages 3 Months Director of Finance and Deputy Chief

Executive

of 27 V 0.5

Active user profiles

Inactive Accounts: Emails, SharePoint Files & Folders, Teams Communication &

Accounts

1 Year

6 Months after left

Staff & Volunteer members that have left DBUK, All

Emails, SharePoint Personal Storage, Teams and

Account data to be deleted after 6 Months of leave date.


Executive

Ticket System Resolved Tickets 6 Months All resolved & closed tickets in the last 6 Months to be

deleted


Executive

Users Details 3 Months All Staff that raised a ticket that are no longer with

DBUK – Details from the system to be deleted


Executive

Appendix 1 Definitions ‘Personal Data’ Meaning any information relating to an identifiable living person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, email, location data, National Insurance Number, IP Address

of 27 V 0.5

‘Special categories of personal data’ The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.

data retention and deletion policy ref no: org020

Documents