As an organisation Infinity Works has a responsibility to protect the integrity and confidentiality of personal data held by us with regard to our clients, employees and partners. Individual employees also have an obligation to protect the integrity and confidentiality of personal data and to prevent unauthorised disclosure of data whether it is oral, printed, hand-written or computer based.
This policy has been written to provide the necessary information to Infinity Works employees and contractors detailing their duties under the General Data Protection Regulation (GDPR) with regards to record retention.
This policy has also been written to set out the standards expected by Infinity Works employees and contractors in relation to the processing of their personal data and the safeguarding of individual’s rights.
The GDPR requires that personal data processed for any purpose “shall not be kept for longer than is necessary for that purpose”. See Employee and Contractor Privacy Notice for more details.
Please see the record retention schedule at the end of this Policy.
Subject to the Back-up policy, to ensure compliance with the GDPR, all information, in any format, must be destroyed after the retention period from any Infinity Works location. All information, in any format held by Infinity Works, must be destroyed in a way which does not breach the data protection rights of our employees, contractors and customers.
All office paperwork for destruction should be shredded or placed in the designated confidential waste bins provided in the offices to be shredded offsite by our designated 3rd party disposal supplier. Other paper can be disposed of in the other bins provided in offices as long as it contains no sensitive or personal data – if in any doubt then it must be shredded.
The procedure for the destruction of confidential information held on electronic media such as USB stick, SD card, hard drives, or other removable media is:
- Destruction is agreed by the ISMS Committee or Executive Board Director
- The media is provided to the Office
- The Office will forward the device or media to our designated 3rd party disposal supplier for secure destruction or secure erasing (if the media or device will be given to a charity or school) Destruction of back-up copies of such data will also be dealt with in the same manner, subject to the Back-up policy
| Document | Retention Period | Extra Information / Source |
|---|---|---|
| Sickness / Sick Pay | 6 years | The Statutory Sick Pay (General) Regulations 1982 (SI 1982.894 as amended. The Statutory Sick Pay (Maintenance of Records) (Revocation) Regulations 2014 (SI 2014/55) |
| Maternity Leave / Pay | 3 years after the relevant tax period (Note, the recommended for Leave is 18 years after the birth of the Child – parental leave) | The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended |
| Wages / Salary | 6 years recommended after the relevant Tax year, 3 years minimum | Taxes Management Act 1970 |
| Retirement Benefits Schemes - records of notable events | 6 years from the end of the scheme year in which the event took place | The Retirement Benefits Schemes (Information Powers) Regulations 1995 (SI 1995/3103) |
| Applications Forms and Interview notes for unsuccessful candidates | 13 months | Not statutory, in case of any discrimination challenge. |
| Records relating to Children/ Young Adults | Until the child/young adult reaches the age of 21. | Limitation Act 1980 |
| (Work Experience) | ||
| Personnel Files | 6 years after employment ceases | Not statutory |
| Training Records | 6 years after employment ceases | Not statutory |
| Disciplinary | 6 years after employment ceases | Not statutory |
| Redundancy | 6 years after employment ceases | Not statutory |
| Recruitment and eligibility to work in the UK | Throughout the period of working and at least 3 yrs after employment finishes. | Copies of all relevant documents should be retained. |
| Accounting documents | Minimum 3years, recommend 6 years | Section 221 of the companies Act 1985 as modified by the Companies Acts 1989 and 2006 |
| Working Time Records | 6 years from date on which they were made | The Working Time Regulations 1998 (SI 1998/1833) |
| Tax Records | 6 years (not less than 3 years post the end of the financial year to which they relate) | The Income Tax (Employments) Regulations 1993 (SI1993/744) as amended for example by The Income Tax (Employments) (Amendment No 6) Regulations 1996 (SI1996/2631) |
| Contracts | 6 years | Public service contract regulations 1993 Public supply contract regulations 1995 |
| Contracts under seal | 12 years | Public service contract regulations 1993 Public supply contract regulations 1995 |
| Employer’s Liability | The requirements to retain compulsory employers’ liability certificates for 40 years ceased on 1 October 2008 however it is advised to continue to keep this long in case of claims. | Tracing Code of Practice includes a commitment from insurers to keep employers’ liability records for 60 years |
| Hazards substances (Asbestos) | 40 years 30 years from the date the substance was received into the work place | Occupational safety and health act (OSHA), The Control of Substances Hazardous to Health Regulations 1999 and 2002 (COSHH) (Sls 1999/437 and 2002/2677) |
| Industrial Accidents | 12 years | Personal liability claims can only be made up to 12 years after the event. |
| Accident Books/Reports | 3 years from date of the last entry (if accident involves any person under the 21, we must keep the record for the 3 years or until such person reaches the age of 21 whichever is later) | The Reporting of Injuries Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (Sl 1995/3163) as amended. |
| Maintenance of Premises | 3 years | Essential Standards of Quality & Safety (March 2010) |
| Maintenance of Equipment | 3 years | Essential Standards of Quality & Safety (March 2010) |
| Electrical Testing | 3 years | Essential Standards of Quality & Safety (March 2010) |
| Fire Safety | 3 years | Essential Standards of Quality & Safety (March 2010) |
| Water Safety | 3 years | Essential Standards of Quality & Safety (March 2010) |
The ISMS Committee team verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Any exception to the policy must be approved by the ISMS Committee team in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
• Information Sensitivity Policy • Employee and Contractor Privacy Notice