Data Retention policy

Definitions:
The Company = Harrison Sands Ltd

1. Purpose
The purpose of this Policy is to ensure that necessary records and documents of The Company are adequately protected and maintained and to ensure that records that are no longer needed by The Company or are of no value are discarded at the proper time. This Policy is also for the purpose of aiding employees of The Company in understanding their obligations in retaining electronic documents – including e-mail, Web files, text files, sound and video files, PDF documents, and all Microsoft Office or other formatted files.

2. Policy
This Policy represents The Company’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.

3. Administration
Attached as Appendix A is a Record Retention Schedule that is approved as the initial maintenance, retention and disposal schedule for physical records of The Company and the retention and disposal of electronic documents. We will make modifications to the Record Retention Schedule from time to time to ensure that it follows National legislation and includes the appropriate document and record categories for The Company; monitor legislation affecting record retention; annually review the record retention and disposal program; and monitor compliance with this Policy.

In addition, any retained information can only be used for the purpose for which it is stored. This is compliant with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)

4. Suspension of Record Disposal In Event of Legal Proceedings or Claims
There are certain occasions when information needs to be preserved beyond any limits set out in the Policy. The Policy must be SUSPENDED relating to a specific customer or document and the information retained beyond the period specified in The Company’s Data Retention Schedule in the following circumstances:

Legal proceedings or a regulatory or similar investigation or obligation to produce information are known to be likely, threatened or actual.

A crime is suspected or detected.

Information is relevant to a company in liquidation or receivership, where a debt is due to The Company.

Information is considered by the owning unit to be of potential historical importance and this has been confirmed by the Administrator.

In the case of possible or actual legal proceedings, investigations or crimes occurring, the type of information that needs to be retained relates to any that will help or harm The Company or the other side’s case or liability or amount involved.

If there is any doubt over whether legal proceedings, an investigation or a crime could occur, or what information is relevant or material in these circumstances, the Administrator should be contacted and legal advice sought.

The Administrator shall take such steps as is necessary to promptly inform all staff of any suspension in the further disposal of documents.

5. Security of personal information
The Company will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

The Company will store all personal information on our secure (password- and firewall-protected) servers.

The Client should acknowledge that the transmission of information over the internet is inherently insecure, and that The Company cannot guarantee the security of data sent over the internet.

The Client will be responsible for keeping their Username and Password used for accessing The Company’s website confidential; The Company will not ask for a password other than when needed to log in to our website.

6. Amendments
The Company may update this policy from time to time by publishing a new version.

This page should be checked occasionally to ensure that the policy remains relevant.

7. Applicability
This Policy applies to all physical records generated during The Company’s operation, including both original documents and reproductions. It also applies to the electronic documents described above.

This Policy was approved by the Board of Directors of The Company on 5th January 2018.


APPENDIX A RECORD RETENTION SCHEDULE

The Record Retention Schedule is organised as follows:

SECTION TOPIC

A. Accounting and Finance
B. Contracts
C. Corporate Records
D. Correspondence and Internal Memoranda
E. Personal Information
F. Electronic Records
G. Grant Records
H. Insurance Records
I. Legal
J. Miscellaneous
K. Personnel Records
L. Tax Records

A. ACCOUNTING AND FINANCE
Record Type and then Retention Period
· Annual Audit Reports and Financial Statements: Permanent
· Annual Audit Records, including work papers and other documents that relate to the audit: 7 years after completion of audit
· Annual Plans and Budgets: 7 years
· Bank Statements and Cancelled Cheques: 7 years
· Employee Expense Reports: 7 years
· Interim Financial Statements: 7 years

B. CONTRACTS
Record Type and then Retention Period

Contracts and Related Correspondence (including any proposal that resulted in the contract and all other supportive documentation): 7 years after expiration or termination

C. CORPORATE RECORDS
Record Type and then Retention Period

· Corporate Records (minutes, signed minutes of the Board and all committees, record of incorporation, articles of incorporation, annual corporate reports): Permanent
· Licenses and Permits: Permanent

D. CORRESPONDENCE AND INTERNAL MEMORANDA
General Principle: Most correspondence and internal memoranda should be retained for the same period as the document to which they pertain or support. For instance, a letter pertaining to a particular contract would be retained as long as the contract (7 years after expiration). It is recommended that records that support a particular project be kept with the project and take on the retention time of that particular project file.

Correspondence or memoranda that do not pertain to documents having a prescribed retention period should generally be discarded sooner. These may be divided into two general categories:

1. Those pertaining to routine matters and having no significant, lasting consequences should be discarded within five years. Some examples include:

· Routine letters and notes that require no acknowledgment or follow up, such as notes of appreciation, congratulations, letters of transmittal, and plans for meetings.
· Form letters that require no follow up.
· Letters of general inquiry and replies that complete a cycle of correspondence.
· Letters or complaints requesting specific action that have no further value after changes are made or action taken (such as name or address change).
· Other letters of inconsequential subject matter or that definitely close correspondence to which no further reference will be necessary.
· Chronological correspondence files.
· Please note that copies of interoffice correspondence and documents where a copy will be in the originating department file should be read and destroyed, unless that information provides reference to or direction to other documents and must be kept for project traceability.

2. Those pertaining to non-routine matters or having significant lasting consequences should generally be retained permanently.

E. Retaining personal information
1. This Section sets out the data retention policies and procedure of The Company, which are designed to help ensure compliance with legal obligations in relation to the retention and deletion of personal information

2. Personal information that is processed by The Company for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Without prejudice to point 2 (above) The Company will usually delete personal data falling within the categories set out below at the date/time set out below:

Record Type and then Retention Period
· Information about a computer and about visits to and use of this website (including an IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths: 2 years
· Information provided when registering with our website (including email address): 2 years
· Information provided when completing a profile on our website (including a name, gender, date of birth, interests and hobbies, educational details): 2 years
· Information provided for subscribing to email notifications and/or newsletters (including a name and email address): Indefinitely or until the client chooses to ‘unsubscribe’
· Information provided when using the services on the website, or that is generated during the use of those services (including the timing, frequency and pattern of service use) : Indefinitely
· Information relating to any subscriptions made (including name, address, telephone number, email address and sector sought): 2 years or until consent is withdrawn
· Information posted to our website for publication on the internet: 5 years after post
· Information contained in or relating to any communications sent through the website (including the communication content and meta data associated with the communication): 2 years following contact
· Any other personal information chosen to be sent: 2 years following contact

Notwithstanding the other provisions of this Section, The Company will retain documents (including electronic documents) containing personal data:
(a) to the extent that The Company is required to do so by law;
(b) if The Company believes that the documents may be relevant to any ongoing or prospective legal proceedings;
(c) and to establish, exercise or defend The Company’s legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
(d) if explicit consent is given by the data subject. Consent is requested at least every 2 years from candidates seeking contract roles and at least every 12 months for candidates seeking permanent employment.

Each day The Company will run a database backup copy of all electronic data contained on The Company data centre, except for the one financial package. All other databases are in the cloud, connected to a Tier 3 data centre. This backup will include all information relating to current users, as well as any information that remains due to any reason contained in this policy.

F. ELECTRONIC DOCUMENTS
1. Electronic Mail: Not all email needs to be retained, depending on the subject matter.
· All e-mail—from internal or external sources – is to be deleted after 12 months.
· Staff will strive to keep all but an insignificant minority of their e-mail related to business issues.
· The Company will archive e-mail for 90 days after the staff has deleted it, after which time the e-mail will be permanently deleted.
· Staff will take care not to send confidential/proprietary information held by The Company to outside sources
· Any e-mail staff deems vital to the performance of their job should be copied to the relevant client or candidate record in E Recruit Adapt. (The Company CRM system).

2. Electronic Documents: including Office 365 and PDF files, retention also depends on the subject matter.
The Company does not automatically delete electronic files beyond the dates specified in this Policy. It is the responsibility of all staff to adhere to the guidelines specified in this policy.

In certain case’s a document will be maintained in both paper and electronic form. In such cases the official document will be the electronic document.

H. INSURANCE RECORDS
Record Type and then Retention Period
· Certificates Issued to The Company Permanent
· Claims Files (including correspondence, medical records, etc.) Permanent
· Insurance Policies (including expired policies) Permanent

I. LEGAL FILES AND PAPERS
Record Type and then Retention Period
· Legal Memoranda and Opinions (including all subject matter files): 7 years after close of matter
· Litigation Files: 1 year after expiration of appeals or time for filing appeals
· Court Orders: Permanent

J. MISCELLANEOUS
Record Type and then Retention Period
· Material of Historical Value (including pictures, publications): Permanent
· Policy and Procedures Manuals – Original: Current version with revision history
· Annual Reports: Permanent

K. PERSONNEL RECORDS
Record Type and then Retention Period
· Employee Personnel Records (including individual attendance records, application forms, job or status change records, performance evaluations, termination papers, withholding information, garnishments, test results, training and qualification records): 6 years after separation
· Employment Contracts – Individual: 6 years after separation
· Employment Records Correspondence with Employment Agencies and Advertisements for Job Openings: 3 years from date of hiring decision

L. TAX RECORDS
General Principle: The Company must keep books of account or records as are sufficient to establish amount of gross income, deductions, credits, or other matters required to be shown in any such return.

These documents and records shall be kept for as long as the contents thereof may become material in the administration of state, and local income, franchise, and property tax laws.

Record Type and then Retention Period
· Tax-Exemption Documents and Related Correspondence: Permanent
· Tax Bills, Receipts, Statements: 7 years
· Tax Returns: Permanent
· Sales/Use Tax Records: 7 years
· Annual Information Returns: Permanent