Data Retention Policy
Last updated: [17/02/2022]
Introduction
This Data Retention Policy sets out details of the period for which Knepp CastleEstate (we, our, us, Knepp CastleEstate) retains the personal data of our tenants, suppliers, employees, workers and other third parties.
This Policy applies to all Personal Data we process and must be followed by all staff and contractors who handle our Personal Data. This Policy sets out what we expect from you so that we can ensure that Knepp CastleEstate complies with applicable law. Your compliance with this Policy is mandatory. Any breach of this Policy may result in disciplinary action.
Creation and maintenance of records
Knepp CastleEstate needs to create and maintain records accurately and in an easy to access manner to ensure that we can readily access information that is needed for our day-to-daybusiness and so that we can respond to complaints, litigation, and individuals’requests.
Records must be kept and stored securely so that they cannot be accessed by unauthorised third parties. Please refer to our Data Protection Policy and Dos and Don’ts guidance for more information about keeping records safe.
We have to make sure that our records are accurate and kept up to date. You must therefore monitor the records for which you are responsible on a regular basis and consider whether any updates need to be made to those records.
Retention periods
We must retain certain records for set periods of time and we also have obligations to delete certain information when it is no longer needed. The Schedule to this Data Retention Policy sets out the retention periods for which records must be kept.
You must ensure that all records are retained in line with the periods set out in the Schedule and that they are deleted or destroyed at the end of the relevant period in accordance with the guidance set out in this Data Retention Policy.
In some cases, there may be a good reason to keep records for a longer period. This could be the case if there is an ongoing legal claim or if there is an historic value to the records which means they should be kept for archiving purposes. If you think there is a reason why records should be kept for a longer or shorter period of time than is set out in the Schedule, please notify Julie Alexander.
Disposal of records
You must make sure that when records are deleted they are deleted securely so they cannot be accessed by a third party once we have disposed of them.
Hard copy records should be shredded. Documents held electronically should be deleted in their entirety from our systems. Please ask Wessex IT for guidance on how to delete electronic records if you are unsure.
If you need to dispose of equipment which may contain personal data, for example, hard drives or other hardware, you must make sure that equipment is wiped prior to disposal. This means that all personal data or other confidential information held on that piece of equipment must be erased
permanently from the equipment. Please contact Wessex IT to establish the best way to wipe equipment.
Review of this policy
We will review this policy regularly and make any required updates. You will be required to comply with any updates made from the date when the updated policy is made available to employees.