Login form
Sorry, User can NOT register!

Data Retention Policy

Classification: Public

This document may be shared publicly outside the organisation without prior confirmation from the owner.

Version Approved ByOwnerDate Last Updated  Review FrequencyNext Review Comments
       

Contents

Purpose of This Document

Scope

Applicable Legal & Regulatory Requirements

Data Retention Principles

Backups & Archives of Data

Backup Retention

Archives

Data Deletion in Backups and Archives

Responsibilities

Review

Summary of Retention Periods

Exception Handling

Purpose of This Document

This policy details the procedures for retaining and deleting the data collected, processed, and stored by Lara Letting.

Scope

This policy applies to;

  • All data that the Lara Letting processes.
  • All staff, contractors, suppliers and third parties that use or process Lara Letting data.

Applicable Legal & Regulatory Requirements

The following summarises some of the main requirements that may influence data retention. It is not possible to outline all legislative requirements, which must be assessed and understood by the Data Owners.

  • General Data Protection Regulation (GDPR): As Lara Letting processes the personal data of individuals within the European Union (EU) and the UK, it needs to comply with the EU/UK GDPR legislation. The GDPR doesn’t specify exact data retention periods, but it requires that personal data be kept “no longer than is necessary for the purposes for which the personal data are processed”. This principle, known as “storage limitation”, means Lara Letting must have a justifiable reason to hold onto personal data and should periodically review what data it holds.
  • UK Data Protection Act 2018: This law applies in the UK and aligns with the GDPR while adding some additional provisions and exemptions. It reiterates the same principle as GDPR about data retention: personal data processed for any purpose should not be kept longer than necessary.
  • Financial Regulations: As an organisation that deals with financial data, the Lara Letting must also comply with specific financial regulations. These regulations often require organisations to retain certain financial records for specified periods.
  • Employment Laws: In the UK, several laws relate to employee data retention, such as the Employment Rights Act 1996 and Limitation Act 1980. These laws require Lara Letting to retain specific employee data for up to 6 years.
  • Contractual Obligations: Contracts with other entities (like partners or service providers) may have clauses that specify data retention periods or practices.

Data Retention Principles

The Principles for Responsible Investment (Lara Letting) believes in a structured and disciplined approach to data retention to ensure we meet the requirements of our operations and our obligations under applicable laws and regulations. As such, several principles must be adhered to;

  • Necessity of Retention: Data retained by the Lara Letting is necessary for executing its duties and services. This includes information necessary for our daily operations, to fulfil our contractual and legal obligations, to defend potential legal claims, and for purposes of analysis and business intelligence.
  • Timeframe for Retention: The retention period for personal data varies depending on the type of data and the purpose of its processing. Please refer to the table below on retention periods for different data types.
  • Privacy Considerations: We are committed to upholding the privacy rights of all individuals whose data we process. Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical and organisational measures to achieve this level of protection.
  • Legal Obligations: Notwithstanding our general principles of data retention, we may retain data where such retention is necessary for compliance with a legal obligation to which we are subject.
  • Regular Review: All data held by Lara Letting will be reviewed regularly to ensure its necessity. Any data identified as no longer needed for processing purposes will be deleted.

Backups & Archives of Data

The principles for data retention apply equally to our active data and data stored within backups and archives.

However, there are practical challenges in managing data retention in backups. Backups are typically not designed to delete individual records selectively. They are usually a complete snapshot of data at a particular time. Therefore, the following approaches will be taken.

Backup Retention

Data backups are performed regularly as part of our business continuity and disaster recovery strategy. They are not intended to serve as a method for long-term data storage beyond the required retention period. To balance the operational necessity of backups and our regulatory obligations, all backups will be retained for as long as required following their creation, after which they will be securely deleted.

Archives

Archived data outside the defined retention period must be removed in compliance with this policy. Data archival procedures will be designed to support the removal of individual data records to meet data retention requirements.

Data Deletion in Backups and Archives

Data will be deleted from active systems when it reaches the end of its retention period as defined in our data retention schedule. This data will also be marked for deletion in our backup and archive systems. Due to the nature of these systems, data deletion may not occur immediately but will be completed within the backup or archive retention period.

Responsibilities

The system owners are responsible for ensuring that our backup and archive processes comply with this data retention policy. This includes overseeing the secure deletion of data from backups and archives in line with our data retention schedule.

Review

The processes for managing data within backups and archives will be reviewed at least annually to ensure continued compliance with this policy and any legal or regulatory changes.

Summary of Retention Periods

The following table outlines key types of data within the Lara Letting and their maximum retention periods. Please note that these timescales do not take precedence over any legislative, contractual or regulatory requirements.

RefType of DataPurpose of DataReview PeriodRetention PeriodComments
1Employee DataHR management, PayrollAnnually7 years after termination of employmentAs per tax and employment laws
2Customer DataRelationship managementBiannuallyAs long as the business relationship is active, then 5 yearsSubject to GDPR
3Financial RecordsAccounting, TaxAnnually7 yearsAs per tax laws
4Lara Letting Academy Learners DataCourse management and deliveryBiannually5 years after course completion
5Customer Organisation DataCustomer relationship managementBiannuallyAs long as the business relationship is active, then 5 yearsSubject to GDPR
6General Business Records (Meeting Notes, Presentations)Record of business operationsBiannually3 years
7Transaction DataRecords of financial transactionsAnnually2 yearsAs stated in Lara Letting privacy policy https://www.unpri.org/privacy-policy

Exception Handling

There may be circumstances when exceptions to this policy are necessary and appropriate. Exceptions may be required for reasons such as regulatory changes, contractual obligations, ongoing or anticipated legal proceedings, or other exceptional circumstances that require extended data retention.

All exceptions must be formally requested and documented. The request should include details of the data elements involved, a clear explanation of the reasons for the exception, and the proposed duration.

All requests for exceptions will be reviewed and approved or denied by the Data Owner. This body will ensure approved exceptions adhere to all applicable laws, regulations, and contractual obligations.

Any data held under an exception will be reviewed at the end of the exception period, when the data may be deleted, or the exception may be renewed following the same approval process.

Exceptions cannot override or supersede any legal, regulatory, or contractual obligations. If there are conflicts between the exceptions and such obligations, the latter will take precedence.

Lara Letting

259 Perth Road

Dundee

DD2 1JP

info@laraletting.co.uk