01329 823755

Record Retention

 

Policy and Procedure

 

POLICY STATEMENT

The Lucketts Group* (‘the Group", ‘we’, ‘us’, and ‘our’) is committed to:

 

  1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).

  2. The efficient management of its records for the effective delivery of our services.

 

The Lucketts Group* comprises:

  • H Luckett & Co Limited

  • Lucketts Holdings Limited

  • Lucketts Travel

  • Worthing Coaches

  • Mortons Travel

  • Coliseum Coaches

  • Solent Coaches

 

 

SCOPE

This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.

 

This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.

 

This policy applies to:

 

  • All personal data that is stored by us whether kept on paper, electronically and/or digitally.

  • All staff of the Group

 

This policy should be read and used in conjunction with our other following policies:

 

  • Data protection

  • Privacy

 

 

OBJECTIVE

The objectives of this policy are to:

 

  • Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data

  • Ensure we comply with all applicable legal and regulatory requirements

  • Ensue personal data is stored securely

  • Ensure that personal data is not out of date

  • Keep personal data accurate

  • Assist with responding to subject access requests

  • Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently

  • Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner.

  • Assist with audits

  • Minimise storage requirements and costs

  • Assist in the identification of the location of personal data

  • Clarify responsibilities for implementing, complying and monitoring this policy

 

 

DEFINITIONS

 

Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.

 

Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences

 

Data subject means any individual whose personal data is processed by the Group

 

Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything the Group does with personal data will be processing).

 

Data controller means the organisation which decides the purposes and means of the processing of personal data

NB: The data controller for the purposes of this policy is the Lucketts Group

 

Data processor means an individual or organisation that processes personal data on behalf of a data controller

 

Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

 

Staff means anyone working at or for us on a permanent or temporary basis, including, Directors and permanent, interim and temporary employees.

 

 

PRINCIPLES

The relevant data protection principles for the purposes of this policy are that personal data must be:

 

  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

  • Kept in a form which permits identification of data subjects for no longer than is necessary

    for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)

  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 

NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.

 

 

ROLES AND RESPONSIBILITIES

The Lucketts Directors Group have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy;

 

  • The Managing Director has overall responsibility for ensuring the Group’s compliance with the GDPR, the data protection principles.

  • The HR Director has responsibility for the HR Department ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of staff held by the HR Department. The HR Director contact details on located on the company communications list.

  • The Operations Director has responsibility for Operations ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and operations staff held by the Operations Department. The Operations Director contact details on located on the company communications list.

  • The Sales and Marketing Director has operational responsibility for Sales and Marketing ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and sales & marketing staff held by the Sales and Marketing department. The Operations Director contact details on located on the company communications list.

  • The Engineering Director has operational responsibility for Engineering ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and engineering staff held by the Engineering Department. The Engineering Director contact details on located on the company communication list

  • The Finance Controller has operational responsibility for Finance ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and staff held by the Finance department. The Finance Controller contact details on located on the company communications list

 

Data Protection Officer (DPO)

The Data Protection Officer (DPO) has responsibility to remind the Directors Group of their responsibility for ensuring compliance with the GDPR, the principles of data protection and this policy. The DPO can be contacted via the Human Resources department

 

Management and Staff

Line managers are responsible for operational day to day adhering to the GDPR requirements and the Group’s requirements, and ensuring staff’s adherence with this policy.

 

All staff have a responsibility to comply with the GDPR, the data protection principles, the requirements of the Lucketts Group and this policy when carrying out their duties.

 

Important - Failure to comply with this policy may result in legal and/or disciplinary action.

 

Staff Training

All staff are required to attend/undertake training and failure to do so could result in disciplinary action

 

 

Record Retention Schedule

 

Appendix A sets out the periods of how long personal data will be kept.

 

DISPOSAL AND DESTRUCTION

When the retention periods expire we must dispose of and destroy all personal data unless either the Managing Director, HR Director or the Operations Director authorises that such data should be retained.

 

Any decision to retain personal data passed the expiry date must be logged and recorded on the Personal Data Retention Register held centrally.

 

IMPORTANT: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.

 

Destruction and Deletion Process

 

Paper Records

Paper Records/personal data must be shredded, and the shredding placed in the confidential waste bags, immediately tied with secure tags, and taken to the secure storage with limited authorised access. A third party confidential waste provider is contracted by the Group to securely shred the confidential information on site, and then remove the shredded material for secure disposal.

 

Electronic Records

The Group’s IT provider will delete all electronic records.

 

 

REVIEW OF POLICY AND PROCEDURE

The Lucketts Group policies and procedures aim to ensure that employees are aware of, and confident that, the employer is complying with current legislation and is protecting the interests of both the needs of the business and the employee. In this respect, it may be appropriate to modify existing policies and/or procedures from time to time to reflect changes as appropriate, and this policy will be reviewed as necessary by designated Group Directors, and/or by personnel as delegated by the Directors Group.

 

 

EQUALITY IMPACT ASSESSMENT

 

Equality Impact Assessment – initial screening

 

 

 

Relevant Equality Area:

Does the Policy or its implementation?

Does the Company need to proceed to full EIA if in doubt then progress to full screening)

Breach Equalities

Legislation?

Affect different

groups in different ways (both positive and negative)

Promote equality/good relations?

Gender

 

No

No

Yes

No

Race

No

 

No

Yes

No

Disability

No

 

No

Yes

No

Sexual Orientation

No

 

No

Yes

No

Religion and Beliefs

No

No

Yes

No


 

 

APPENDIX A

 

Record Retention Schedule

 

NB. Records are kept for at least 6 years in accordance with the UK Limitation Act 1980

 

Document

Retention Period

Images including video, CCTV, photographs

 

 

CCTV will not be retained for longer than 30 days unless images are to be held for evidential purposes, and will then be kept in a secure place with limited access to authorised personnel only and kept for the period which is deemed necessary to achieve the evidential purposes.

 

Staff photographs are taken for identification purposes e.g. personnel record and organisation structure charts. The images will be kept only for the duration of their employment. Staff photographic images will be kept securely electronically on the HR personnel software for the individual’s personnel record. Photographs may also be used for security passes and identification uses to deliver customer services and to meet MOD security requirements.

 

Marketing images will only be used with express written consent from the individual. Images will only be kept for the period of time necessary to achieve the purposes of use.

Audio recording

Audio recording is not undertaken by the Lucketts Group.

 

Regarding voicemail messages left on employee company telephones and mobiles these will be deleted immediately once recording has been listened to.

Governance

 

 

  • Company House records

  • Governance documentation

  • Board documentation; Meeting Meetings Resolutions

 

Director information;

 

 

Permanent

 

 

 

6 years – consideration must be given to the storing of sensitive data in line with GDPR requirements

Registration and Statutory Returns

 

Annual Returns to a regulator as applicable

 

Audited Company Returns and financial statements

 

Declarations of Interest

 

Registers of directors and secretaries

 

Register of Seals

 

Register of Shareholding Members as applicable

 

Register of share certificates

 

5 years

 

Permanently

 

6 years

 

Permanently

 

Permanently

 

Permanently

 

Permanently

Strategic Management

 

Business Strategy & Plans, and Support documentation e.g. organisation structures, aims, objectives

5 years after plan completion

Insurances

 

Current and former policies

 

Annual Insurance Schedule

 

Claims and related correspondence

 

Indemnities and Guarantees

 

Group Health policies

 

Employer’s liability Insurance Certificate

 

Permanently

 

6 years

 

3 years after settlement

 

6 years after expiry

 

12 years after cessation of benefit

 

40 years

Finance Accounting, Tax Records, Bank Records

 

Accounting Records;

Balance sheets and supporting documents

 

Loan account control reports

 

Budgets and Financial reports

 

Tax Returns and records

 

VAT Records as applicable

 

Order and delivery notes

 

Copy invoices

Credit and debit notes

Cash records

 

Journal Transfer documents

Creditors, debtors and cash income control documents.

 

VAT related correspondence as applicable

 

Cheques

Paying in counterfoils

Bank statements and reconciliations

Instructions to bank

 

6 years

 

 

6 to 10 years

 

Permanently

 

10 years

 

10 years

 

10 years

 

6 years

6 years

6 years

 

6 years

6 years

 

 

6 years

 

 

6 years

6 years

6 years

 

Contracts and Agreements

 

Planning consents and permissions

 

Property maintenance records

 

Professional opinions

 

Contracts under seal and/or executed as a Deed

 

Contracts for supply of goods/services including professional services

 

Documentation relating to one off purchases

 

Loan agreements

 

Licensing agreements

 

Rental and hire purchase agreements

Indemnities and guarantees

 

Documents relating to successful tenders

 

Documents relating to unsuccessful tenders

 

Forms of tender as applicable

 

12 years after interest ceases

 

6 years

 

6 years

 

12 years after complication including any defects liability period

6 years after completion including any defects liability period

 

3 years

 

12 years after last payment

 

6 years after expiry

 

6 years after expiry

6 years after expiry

 

6 years after contract ends

 

2 years after notification

 

6 years

Vehicles

Subject to the Transport Commission and vehicle safety requirements

Mileage records

Maintenance records including MOT tests

Copy registrations

2 years after disposal

2 years after disposal

 

2 years after disposal

Capital Assets

 

Fixed Asset Register

 

Permanently

Income Tax and Social Security

 

Record of taxable payments

Record of tax deducted or refunded

Record of earnings on which NI contributions payable

Record of employers and employees NI contributions

NIC contracted out agreements

Copies of notices to employees i.e. P45 and P60

Inland revenue notice of code changes

Expenses claims

Record of sickness payments

Record of maternity payments

Income TAX PAYE and NI Returns

Redundancy payment details

Inland Revenue Approvals

Annual earnings summary

 

Employee Pension Schemes;

Actuarial Valuation Reports

Detailed return of pension fund contributions

 

Annual conciliation of fund contributions

Money purchase details

Qualifying service details

 

Investment policies

 

Pension records

 

Records relating to retirement benefits

 

6 years

6 years

6 years

 

6 years

 

6 years

6 years

 

 

 

6 years

 

 

 

 

 

12 years

Permanently

12 years

 

Permanently

Permanently

Permanently

 

6 years after transfer or value taken

 

12 years from end of benefits payable under policy

6 years after year of retirement

Employee Records

 

Application Forms and Interview notes for unsuccessful candidates

At least 6 months and not more than 1 year – consideration for the varying time limits of discrimination claims and time limits.

Salary and Wages records including overtime, bonus, expenses

 

Income tax, and NI returns and correspondence with HMRC

6 years

 

 

Not less than years after the end of the financial year to which they relate

National Minimum Wage records

3 years after the end of the pay reference period following the one that the records cover

Personal records and training records – including disciplinary and working time records

6 years after employment ceases

Statutory sick pay records, calculations, certificates self-certificates

6 years after employment ceases – consideration for sensitive date under the GDPR requirements

Parental Leave

5 years from birth/adoption of the child or 18 years if child receives a disability allowance

Retirement Benefits

6 years from the end of the scheme year in which event took place

Redundancy details, calculations of payment, refunds, notification to the Secretary of State

6 years from the date of redundancy

Time sheets

2 years after audit

Trade Union Agreements

10 years after ceasing to be effective.

Staff Works Council Minutes

Permanently

Health and Safety

 

Medical Records relating to: *

Control of asbestos

Control of substances hazardous to health

Under the Ionising Radiations

Biological tests under the control of lead

Accident books, Accident records and reporting including RIDDOR

 

 

40 years from the last date of last entry

 

 

3 years from the date of the last entry – (if accident involving a child then until that person reaches age 21)

Subject to incidents involving hazardous substances. *



The Guild of British Coach OperatorsCoach MarqueCPT
Lucketts Travel Limited is an appointed representative of ITC Compliance Limited which is authorised and regulated by the Financial Conduct Authority (their registration number is 313486) and which is permitted to advise on and arrange general insurance contracts.

This website uses cookies to store information. By continuing to browse the website without changing your settings you are agreeing to their use. Click here to view our cookie policy.