1. Retention and Destruction of Data
1.1. YLD Limited (“we”/“us”/“our” etc) is committed to protecting the privacy of all personal data collected in the course of our business. We will at all times ensure that the minimum amount of personal data is kept, and for no longer than necessary, for us to meet our document retention objectives and data protection obligations.
1.2. This Data Retention Policy sets out how we will store and delete personal data and is an important part of our data protection compliance processes. It should be read alongside our Data Protection Policy, of which it forms a part.
1.3. In the course of carrying out our various functions, we may collect, use, store, access, disclose and destroy information relating to individuals. This information may originate with those individuals or third parties or be generated by us.
1.4. In certain circumstances, it will be necessary to retain specific information (as well as the files or documents which contain such information) in order to fulfil our contractual, statutory or regulatory requirements and/or to meet our operational needs. Document retention may also be useful to evidence events or agreements in the case of disputes or to preserve information which has historic value.
1.5. Premature destruction or inappropriate retention of documents could result in our inability to defend litigious claims, deal with operational difficulties or failure to comply with the Data Protection Act 2018 (“DPA”), General Data Protection Regulation (“GDPR”) or other applicable data protection legislation.
1.6. Furthermore, large-scale retention of documents and records is impractical and appropriate disposal is encouraged. Disposal will assist us to maintain sufficient electronic and office storage space and will de-clutter physical office space, resulting in a safer and more effective working environment.
1.7. It is therefore important for us to have in place systems for the timely and secure disposal of documents and records that are no longer required for business purposes.
2. Scope of Policy
2.1. This Policy applies to all our employees, contractors and agents who use our network and computer systems to process personal data. This Policy also applies to paper records.
2.2. This Policy does not override or replace any obligation we may owe to any party (or vice versa) in respect of confidential information. Confidential information should not be processed in breach of any such obligation, whether or not subject to any confidentiality agreement or non-disclosure agreement. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted.
2.3. All breaches of this Policy should be reported to our HR Manager at firstname.lastname@example.org , to whom all queries regarding this Policy should also be addressed.
2.4. Our records must be stored in a safe, secure, and accessible manner. All electronic documents and files that are essential to our business operations must be duplicated and/or backed up at least regularly and maintained off site.
2.5. Our HR Manager is responsible for the continuing process of identifying which records and information have met their required retention period and for supervising their destruction.
2.6. All employees, contractors and other staff must comply with this Policy and any other specific instructions from the HR Manager. Failure to do so may subject us, our employees, and contractors to serious civil and/or criminal liability. An employee's failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. It is therefore the responsibility of everyone to understand and comply with this policy.
2.7. Physical confidential, financial, and personnel-related records must be destroyed by shredding where possible. Other physical records may be destroyed by secure recycling.
2.8. Where not retained subject to appropriate anonymisation or pseudonymisation, digital records must be destroyed by irreversible overwriting.