General
This document is only applicable to employees of Blue Ring Digital Services Ltd.
"Data Retention and Destruction Policy" refers to this Data Retention and Destruction Policy.
"You", "Your" refers to You the employee of Blue Ring Digital Services Ltd.
"We", "Us", "Our", "Blue Ring Digital Services Ltd" refers to Blue Ring Digital Services Ltd.
This Data Retention and Destruction Policy sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within Blue Ring Digital Services Ltd.
This Data Retention and Destruction Policy applies to all business units, processes, and systems in all countries in which Blue Ring Digital Services Ltd conducts business and has dealings or other business relationships with third parties.
This Data Retention and Destruction Policy applies to all Blue Ring Digital Services Ltd officers, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to data (including personal data and/ or sensitive personal data). It is the responsibility of all of the above to familiarise themselves with this Data Retention and Destruction Policy and ensure adequate compliance with it.
This Data Retention and Destruction Policy applies to all information used at Blue Ring Digital Services Ltd.
We will try to keep everything in this document as straightforward as possible, but if there’s anything You don’t understand, please get in touch with Us.
The headings in this Data Retention and Destruction Policy are for convenience only and shall not affect their interpretation.The masculine shall include the feminine and the neuter and the singular the plural and vice versa.
If any provision or part of any provision of this Data Retention and Destruction Policy is found by a court or other competent authority to be void or unenforceable, such provision or part of a provision shall be deleted from this Data Retention and Destruction Policy and the remaining provisions or parts of the provision shall continue to be in full force and effect.
Reference Documents
- EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC);
- Privacy Statement.
Retention Rules
In the event, for any category of documents not specifically defined elsewhere in this Data Retention and Destruction Policy (and in particular within the Data Retention and Destruction Schedule) and unless otherwise mandated differently by applicable law, the required retention period for such document/ record will be deemed to be 3 years from the date of creation of the document/ record.
Retention General Schedule
The Data Protection Officer defines the time period for which the documents and electronic records should to be retained through the Data Retention and Destruction Schedule. As an exemption, retention periods within Data Retention and Destruction Schedule can be prolonged in cases such as:-
Ongoing investigations from member states authorities, if there is a chance records of personal data are needed by Blue Ring Digital Services Ltd to prove compliance with any legal requirements;
- When exercising legal rights in cases of lawsuits or similar court proceeding recognised under local law.
Safeguarding of Data during Retention Period
The possibility that data media used for archiving will wear out shall be considered. If electronic storage media are chosen, any procedures and systems ensuring that the information can be accessed during the retention period (both with respect to the information carrier and the readability of formats) shall also be stored in order to safeguard the information against loss as a result of future technological changes. The responsibility for the storage falls to the Data Protection Officer.
Destruction of Data
Blue Ring Digital Services Ltd and its employees should, on a regular basis, review all data, whether held electronically on their device or on paper, to decide whether to destroy or delete any data once the purpose for which those documents were created is no longer relevant. Overall responsibility for the destruction of data falls to the Data Protection Officer.
Once the decision is made to dispose according to the Data Retention and Destruction Schedule, the data should be deleted, shredded or otherwise destroyed to a degree equivalent to their value to others and their level of confidentiality. The method of disposal varies and is dependent upon the nature of the document.
In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that the Data Protection Officer subcontracts for this purpose.
Appropriate controls shall be in place that prevents the permanent loss of essential information of Blue Ring Digital Services Ltd as a result of malicious or unintentional destruction of information – these controls are described in the Blue Ring Digital Services Ltd IT Security Policy.
The Data Protection Officer shall fully document and approve the destruction process. The applicable statutory requirements for the destruction of information, particularly requirements under applicable data protection laws, shall be fully observed.
Breach, Enforcement and Compliance
The person appointed with responsibility for data protection, the Data Protection Officer, has the responsibility to ensure that each of the Blue Ring Digital Services Ltdoffices complies with this Data Retention and Destruction Policy. It is also the responsibility of the Data Protection Officer to assist any local office with inquiries from any local data protection or governmental authority.
Any suspicion of a breach of this Data Retention and Destruction Policy must be reported immediately to Data Protection Officer. All instances of suspected breaches of the Data Retention and Destruction Policy shall be investigated and action taken as appropriate.
Failure to comply with this Data Retention and Destruction Policy may result in adverse consequences, including, but not limited to, loss of customer confidence, litigation and loss of competitive advantage, financial loss and damage to the Blue Ring Digital Services Ltd reputation, personal injury, harm or loss. Non-compliance with this Data Retention and Destruction Policy by permanent, temporary or contract employees, or any third parties, who have been granted access to the Blue Ring Digital Services Ltd premises or information, may therefore result in disciplinary proceedings or termination of their employment or contract. Such non-compliance may also lead to legal action against the parties involved in such activities.
Document Disposal
Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows:-
Announcements and notices of day-to-day meetings and other events including acceptances and apologies;
- Requests for ordinary information such as travel directions;
- Reservations for internal meetings without charges / external costs;
- Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slips and similar items that accompany documents but do not add any value;
- Message slips;
- Superseded address list, distribution lists etc.;
- Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files;
- Stock in-house publications which are obsolete or superseded;
- Trade magazines, vendor catalogs, newsletters and flyers from vendors or other external organisations.
In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation.
Destruction Method
Paper based documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm.
Electronic data is subject to secure deletion when the device/ hardware is disposed of.
Disposal should include proof of destruction.
Data Retention and Destruction Schedule
| Data category | Type | Location | Retention period | Destruction | Data owner |
|---|---|---|---|---|---|
| Financial records | |||||
| Payroll records | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Supplier contracts | Electronic | Server | 7 years after contract is terminated | Automatically purged | Finance Team |
Paper | Finance Office | Duration of contract | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Chart of accounts | Electronic | Server | Permanent | Finance Team | |
| Fiscal policies and procedures | Electronic | Server | Permanent | Finance Team | |
| Permanent audits | Electronic | Server | Permanent | Finance Team | |
| Financial statements | Electronic | Server | Permanent | Finance Team | |
| Ledger's | Electronic | Server | Permanent | Finance Team | |
| Investment records (deposits, earnings, withdrawals) | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Invoices | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Cancelled checks | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Bank deposit slips | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Business expenses documents | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Check registers/ books | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 1 year from register/ book completion | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Property/ asset inventories | Electronic | Server | 7 years | Automatically purged | Finance Team |
| Credit card receipts | Electronic | Server | 3 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Petty cash receipts/ documents | Electronic | Server | 3 years | Automatically purged | Finance Team |
Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Business records | |||||
| Article of Incorporation to apply for corporate status | Electronic | Server | Permanent | Finance Team | |
Paper | Finance Office | Permanent | Finance Team | ||
| Board policies | Electronic | Server | Permanent | Finance Team | |
| Board meeting minutes | Electronic | Server | Permanent | Finance Team | |
| Tax or employee identification number designation | Electronic | Server | Permanent | Finance Team | |
| Office and team meeting minutes | Electronic | Server | 2 years | Automatically purged | Finance Team |
| Annual corporate filings | Electronic | Server | Permanent | Finance Team | |
| Employee records | |||||
| Disciplinary, grievance proceedings records, oral/ verbal, written, final warnings and appeals | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
| Applications for jobs and interview notes | Electronic | Server | 7 years after separation or 6 months if not employed | Automatically purged | HR Team |
Paper | HR Office | 45 days | Cross-cut shredding after electronic copy/ record created | HR Team | |
| Payroll input forms, wages/ salary records, overtime/ bonus payments Payroll sheets and copies | Electronic | Server | 7 years | Automatically purged | HR Team |
| Bank details – current | Electronic | Server | Duration of employment | Automatically purged | HR Team |
| Payrolls/ wages | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
Job history including staff personal records:-
| Electronic | Server | 7 years after separation | Automatically purged | HR Team |
Paper | HR Office | Duration of employment | Cross-cut shredding after electronic copy/ record created | HR Team | |
| Employee address details | Electronic | Server | Duration of employment | Automatically purged | HR Team |
| Expense claims | Electronic | Server | 7 years | Automatically purged | HR Team |
| Annual leave records | Electronic | Server | Duration of employment | Automatically purged | HR Team |
| Accident books including accident reports and correspondence | Electronic | Server | 21 years | Automatically purged | HR Team |
Paper | HR Office | 1 year | Cross-cut shredding after electronic copy/ record created | HR Team | |
| Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
Paper | HR Office | 1 year | Cross-cut shredding after electronic copy/ record created | HR Team | |
| Pregnancy/ childbirth certification | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
Paper | HR Office | 1 year | Cross-cut shredding after electronic copy/ record created | HR Team | |
| Parental leave | Electronic | Server | Duration of employment | Automatically purged | HR Team |
| Maternity pay records and calculations | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
| Redundancy details, payment calculations, refunds, notifications | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
| Training and development records | Electronic | Server | 7 years after separation | Automatically purged | HR Team |
| All other contracts | |||||
| Signed | Electronic | Server | 7 years after contract is terminated | Automatically purged | Finance Team |
Paper | Finance Office | Duration of contract | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Contract amendments | Electronic | Server | 7 years after contract is terminated | Automatically purged | Finance Team |
Paper | Finance Office | Duration of contract | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Successful tender documents | Electronic | Server | 7 years after contract is terminated | Automatically purged | Finance Team |
Paper | Finance Office | Duration of contract | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Unsuccessful tenders’ documents | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 1 year | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Tender – user requirements, specification, evaluation criteria, invitation | Electronic | Server | 7 years after contract is terminated | Automatically purged | Finance Team |
Paper | Finance Office | Duration of contract | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Contractors’ reports | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 1 year | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Operation and monitoring, eg complaints | Electronic | Server | 7 years | Automatically purged | Finance Team |
Paper | Finance Office | 1 year | Cross-cut shredding after electronic copy/ record created | Finance Team | |
| Customer data | |||||
CRM data:-
| Electronic | Server | Until delete request made by customer -or- 7 years from customer last log on, providing their are no active orders or contracts | Automatically purged | Customer Service Team |
CRM data:-
| Electronic | Server | 7 years following the communication date | Automatically purged | Customer Service Team |
| Reviews, Feedback and comments | Electronic | Server | Until delete request made by customer -or- 7 years from customer last log on, providing their are no active orders or contracts | Automatically de-identified | Customer Service Team |
| Live chat history | Electronic | Server | Until delete request made by customer -or- 7 years from customer last log on, providing their are no active orders or contracts | Automatically purged | Customer Service Team |
| Platform data – information entered by the customer during the use of the platform (excluding information already detailed above) | Electronic | Server | Until delete request made by customer -or- 61 days from last contract expiry, providing their are no other active orders or contracts | Automatically purged | Customer |
| Metrics data | Electronic | Server | Until delete request made by customer -or- 3 years | Automatically de-identified | Development Team |
| Flyers & Newsletters | |||||
| Name and email address | Electronic | Server | Until unsubscribe request made | Automatically purged | Marketing & Sales Team |
| Other data | |||||
| Call recordings | Electronic | Server | 6 months | Automatically purged | Marketing & Sales Team |
| Proof of destruction/ destruction certificate | Electronic | Server | Permanent | Data Protection Officer | |
| Paper | Finance Office | 45 days | Cross-cut shredding after electronic copy/ record created | Data Protection Officer | |
| Information Technology | |||||
| Files on local storage drives | Electronic | Device | 45 days | Manually deleted after file has been moved to personal/ group network drive or attached to a new or existing electronic record where required | Individual employee |
| Local storage recycle bins | Electronic | Device | Manually purged monthly | Individual employee | |
| Group/ personal network drive | Electronic | Device | 3 years | Manually deleted quarterly | Individual employee |
| E-mail (inbox, sent items and sub folders) | Electronic | Device and Server | 30 days after actioned | Manually deleted after relevant information and attachments are attached or stored (if required) inline with this policy | Individual employee |
| E-mail (deleted items) | Electronic | Device and Server | Manually purged monthly | Individual employee | |
| Webserver backups | Electronic | Server | 7 days | Automatically purged | Development Team |
Changes to Our Data Retention and Distruction policy
This Data Retention and Destruction Policy replace all previous versions. We reserve the right to change this Data Retention and Destruction Policy at any time.