DATA RETENTION POLICY
1. ABOUT THIS POLICY
This policy sets out Henry Pryor’s (“we”, “our”, “us”, “Henry Pryor”) position in relation to the retention of personal data (being any information identifying any living person or information relating to a living person that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Examples of personal data include, but are not limited to, information revealing their name, address, email address, identification number, location data, online identifiers, and/or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity).
Henry Pryor has a responsibility to maintain its records and record keeping systems in accordance with the regulatory environment. This policy seeks to set out Henry Pryor’s position with regard to the retention of personal data under the General Data Protection Regulation (“GDPR”) and any other laws and/or regulations that govern the processing of personal data from time to time.
This policy applies to all customers, suppliers, third party contacts, employees, workers and consultants of Henry Pryor (“you” or “your”). Henry Pryor may change, alter, amend or replace this policy at any time.
This policy is intended to ensure that Henry Pryor processes personal data (whether in the form of employment records, client records or supplier records) in accordance with the personal data protection principles set out in the GDPR, in particular that:
- Personal data must be collected only for specified, explicit and legitimate purposes. It must not be further processed in any manner incompatible with those purposes.
- Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. When Personal Data is no longer needed for specified purposes, it is deleted or anonymised as provided by these guidelines.
- Personal data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate.
- Personal data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed.
- Personal data must be secured by appropriate technical and organisational measures against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
Henry Pryor is responsible for overseeing this policy. Any questions about the operation of the policy and guidelines should be submitted to Henry Pryor at firstname.lastname@example.org
2. RETENTION OF CUSTOMER / SUPPLIER / THIRD PARTY PERSONAL DATA
2.1 Types of Personal Data
Henry Pryor collects and processes personal data relating to its customers, prospect customers, suppliers, contacts, and other third parties.
2.2 Location of Personal Data
Personal data relating to customers, prospect customers, suppliers, contacts and other third parties is held by Henry Pryor. Henry Pryor manages personal data in accordance with this policy.
2.3 General Principles on Retention and Erasure of Personal Data
Henry Pryor’s approach to retaining personal data relating to its customers, prospect customers, suppliers, contacts and other third parties is to ensure that it complies with the data protection principles referred to in this policy and, in particular, to ensure that:
- Records are regularly reviewed to ensure that they remain adequate, relevant and limited to what is necessary to support Henry Pryor’s operational needs and/or compliance with legal or regulatory requirements.
- Records are kept secure and are protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Where appropriate, Henry Pryor will seek to use anonymization to prevent identification of individuals.
- When records are destroyed, whether held as paper records or in electronic format, Henry Pryor will ensure that they are safely and permanently erased. Consideration needs to be given to whether the document should be destroyed or subject to a further period of retention or permanent retention as an archive.
2.4 Retention and Erasure of Personal Data
When determining the appropriate retention period for personal data relating to customers, prospect customers, suppliers, contacts and other third parties, Henry Pryor has regard to the purpose for which that personal data was collected. However, he also has regard to legal risk and may keep records for up to seven years (and in some instances longer) after any contractual relationship with us has ended. In some instances (where we are pursuing or defending claims) we may be required to retain the personal data for the life of that claim (including any appeals or reviews and including, where appropriate enforcement).