+44 203 355 5584
Menu

Document Retention Policy

What is the purpose of this document?

SOS Worldwide Limited ("SOS", "our", "we", "us") shall only keep information it holds for as long is necessary. The retention periods can differ based on the type of data processed, the purpose of processing or other factors.

This Data Retention Policy ("Policy") covers all company data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location. Note that the need to retain certain information can be mandated by local, industry regulations and will comply with EU General Data Protection Regulation ("GDPR"), the Data Protection Act 1998 and the incoming Data Protection Act 2018. Where this Policy differs from applicable regulations, the applicable regulations will take precedence.

As a general rule, we retain all information only for as long as specified in this Policy and, in general, no longer than five years plus the current year. https://imagecolorpicker.com/


Current plus five-year rule

As a general rule, we shall not hold personal data for more than five years after which it ceases to be current, unless there is a specific reason for doing so (see "Exceptions to the five-year rule" below for the specific categories requiring different retention periods). The definition of "current" will vary according to the personal data: for example, it will mean until a customer has found office space or until a member of staff has ceased being employed by SOS where it relates to staff.

It should be remembered that the "current plus five years" rule is a maximum period for retention. If there is no need to keep the personal data that long, then it should be disposed of securely before the five-year time-limit. This may be the case in respect of a CV application for a job with us.


Exceptions to the five-year rule

Some data must be retained in order to protect SOSí interests, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:

  • Regulatory requirements;
  • Litigation;
  • Security incident investigation;

SOS may also keep the e-mail addresses and telephone numbers of data subjects who unsubscribe to marketing communications to ensure that there is a record on file noting that the individual is not directly marketed too.

Please see the attached Data Retention Schedule ("Schedule") for guidance on determining the length of time for which personal data within certain categories should be retained.


Data destruction

Data destruction is a critical component of a data retention policy. Data destruction ensures that the company will use data efficiently thereby making data management and data retrieval more cost effective.

When the retention timeframe expires, SOS will actively destroy the data covered by this Policy. If an employee of SOS feels that certain data should not be destroyed, he or she should identify the data to his or her supervisor so that an exception to the Policy can be considered. Since this decision has long-term legal implications, exceptions will be approved only by a member or members of SOSís management team.

SOS specifically directs employees not to destroy data in violation of this Policy. Destroying data that an employee may feel is harmful to himself or herself is strictly forbidden or destroying data in an attempt to cover up a violation of law or company policy.

Records can be destroyed in the following ways:

  • Non-sensitive information - can be placed in a normal rubbish bin/recycling.
  • Confidential information - cross cut shredded and pulped or burnt
  • Electronic equipment containing information Ė destroyed using killdisc and for individual folders, they will be permanently deleted from the system.

Destruction of electronic records should render them non-recoverable even using forensic data recovery techniques.


Sharing of information

Duplicate records should be destroyed. Where information has been regularly shared between business areas, only the original records should be retained. Care should be taken that seemingly duplicate records have not been annotated.

Where we share information with other bodies, we will seek to ensure that they have adequate procedures for records to ensure that the information is managed in accordance with the relevant legislation and regulatory guidance.


Audit trail

You do not need to document the disposal of records which have been listed on the Schedule. Any documents which are disposed of earlier or kept for longer than listed in the Schedule will need to be recorded for audit purposes.

This will provide an audit trail for any inspections conducted by the Information Commissioner, where we no longer hold the material.


Monitoring

Responsibility for monitoring this Policy rests with Michael Benjamin, CMO. This Policy shall be reviewed annually.


Document Retention Schedule

Category Examples Retention Period
Financial records
  • Payroll data
  • Purchase Ledger, Sales Ledger
Current tax year plus five years.
Personal data relating to customers
  • Customer contact details
  • Customer notes
Personal data will be held for as long as the individual is a customer of the company plus 6 years.
Personal data relating to employees/td>
  • Staff details
  • References
  • Disciplinary records
General employee data will be held for the duration of employment and then for 6 years after the data of termination. Employee contracts will be held for 6 years after the date of termination.
Tax records
  • Tax documentation
Current financial year plus 6 years.
Corporation records
  • Annual Report and Accounts
  • Board Minutes
  • Quarterly Reports
Current financial year plus 5 years
Recruitment details
  • CV
  • Interview notes
Details relating to unsuccessful applicants will be held for 6 months after interview and shall then be destroyed.
Complaints
  • Correspondence with complainants
Current year of complaint plus six years.
Contractual arrangements
  • Service level agreements
  • Legal contracts
Life of contract plus six years
Data protection requests
  • Correspondence regarding DP requests
Current year of request plus six years
Insurance
  • Insurance Policies
  • Employers Liability Claims
In general, insurance policies should be kept for the length of the policy plus 6 years. Employers Liability Claims should be kept permanently.

54.162.165.158:: CCBot/2.0 (http://commoncrawl.org/faq/)