Data Retention Policy

Information on how we protect and retain your data.

Policy last reviewed: 25 August 2022

Fleet Education Services Ltd has a responsibility to maintain its records and record keeping systems. When doing this, the Company will take account of the following factors: –

• The most efficient and effective way of storing records and information;
• The confidential nature of the records and information stored;
• The security of the record systems used;
• Privacy and disclosure; and
• Their accessibility.

This policy does not form part of any employee’s contract of employment and is not intended to have contractual effect. It does, however, reflect the Company’s current practice, the requirements of current legislation and best practice and guidance. It may be amended from time to time and any changes will be notified to employees. The Company may also vary any parts of this procedure, including any time limits, as appropriate in any case.

Data Protection

This policy sets out how long employment-related and student data will normally be held by us and when that information will be confidentially destroyed in compliance with the terms of the UK General Data Protection Regulation (UK GDPR). Data will be stored and processed to allow for the efficient operation of the Company. The Company’s Data Protection Policy outlines its duties and obligations under the UK GDPR.

Retention Schedule

Information (hard copy and electronic) will be retained for at least the period specified in the attached retention schedule. When managing records, the Company will adhere to the standard retention times listed within that schedule. The schedule is a relatively lengthy document listing the many types of records used by the Company and the applicable retention periods for each record type. The retention periods are based on business needs and legal requirements.

Destruction of Records

Where records have been identified for destruction they should be disposed of in an appropriate way. All information must be reviewed before destruction to determine whether there are special factors that mean destruction should be delayed, such as potential litigation, complaints or grievances.

All paper records containing personal information, or sensitive policy information should be shredded before disposal where possible. All other paper records should be disposed of by an appropriate waste paper merchant. All electronic information will be deleted.

The Company maintains a database of records which have been destroyed and who authorised their destruction. When destroying documents, the appropriate staff member should record in this list at least: –

• File reference (or other unique identifier);
• File title/description;
• Number of files;
• Name of the authorising Officer;
• Date destroyed or deleted from system; and
• Person(s) who undertook destruction.

Record Keeping of Safeguarding

Any allegations made that are found to be malicious must not be part of the personnel records.

For any other allegations made, the Company must keep a comprehensive summary of the allegation made, details of how the investigation was looked into and resolved and any decisions reached. This should be kept on the personnel files of the accused.

Any allegations made of sexual abuse should be preserved by the Company for the term of an inquiry by the Independent Inquiry into Child Sexual Abuse. All other records (for example, the personnel file of the accused) should be retained until the accused has reached normal pension age or for a period of 10 years from the date of the allegation if that is longer. Guidance from the Independent Inquiry Child Sexual Abuse states that prolonged retention of personal data at the request of an Inquiry would not contravene data protection regulation provided the information is restricted to that necessary to fulfil potential legal duties that an organisation may have in relation to an Inquiry. Whilst the Independent Inquiry into Child Sexual Abuse is ongoing, it is an offence to destroy any records relating to it. At the conclusion of the Inquiry, it is likely that an indication regarding the appropriate retention periods of the records will be made.

Archiving

Where records have been identified as being worthy of preservation over the longer term, arrangements should be made to transfer the records to the archives. A database of the records sent to the archives is maintained by the Company. The appropriate staff member, when archiving documents should record in this list the following information: –

• File reference (or other unique identifier);
• File title/description;
• Number of files; and
• Name of the authorising officer.

Transferring Information to Other Media

Where lengthy retention periods have been allocated to records, members of staff may wish to consider converting paper records to other media such as digital media or virtual storage centres (such as cloud storage). The lifespan of the media and the ability to migrate data where necessary should always be considered.

Responsibility and Monitoring

The Data Protection Officer, in conjunction with the Company is responsible for monitoring the use and effectiveness of this policy and dealing with any queries on its interpretation. The Data Protection Officer will consider the suitability and adequacy of this policy and report improvements directly to management.

Internal control systems and procedures will be subject to regular audits to provide assurance that they are effective in creating, maintaining and removing records.

Management at all levels are responsible for ensuring those reporting to them are made aware of and understand this Policy and are given adequate and regular training on it.

Emails

Emails accounts are not a case management tool in itself. Generally emails may need to fall under different retention periods (for example, an email regarding a health and safety report will be subject to a different time frame to an email which forms part of a staff record). It is important to note that the retention period will depend on the content of the email and it is important that staff file those emails in the relevant areas to avoid the data becoming lost.

RETENTION SCHEDULE FILE DESCRIPTION	RETENTION PERIOD
Employment Records
Job applications and interview records of unsuccessful candidates	Six months after notifying unsuccessful candidates, unless the Company has applicants’ consent to keep their CVs for future reference. In this case, application forms will give applicants the opportunity to object to their details being retained
Job applications and interview records of successful candidates	6 years after employment ceases
Written particulars of employment, contracts of employment and changes to terms and conditions	6 years after employment ceases
Right to work documentation including identification documents	6 years after employment ceases
Immigration checks	Two years after the termination of employment
DBS checks and disclosures of criminal records forms	As soon as practicable after the check has been completed and the outcome recorded (i.e. whether it is satisfactory or not) unless in exceptional circumstances (for example to allow for consideration and resolution of any disputes or complaints) in which case, for no longer than 6 months
Change of personal details notifications	No longer than 6 months after receiving this notification
Emergency contact details	Destroyed on termination
Personnel records	While employment continues and up to six years after employment ceases
Annual leave records	Six years after the end of tax year they relate to or possibly longer if leave can be carried over from year to year
Consents for the processing of personal and sensitive data	For as long as the data is being processed and up to 6 years afterwards
Working Time Regulations: Opt out forms Records of compliance with WTR	Two years from the date on which they were entered into Two years after the relevant period
Disciplinary records	6 years after employment ceases
Training	6 years after employment ceases or length of time required by the professional body
Staff training where it relates to safeguarding or other child related training	Date of the training plus 40 years

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.