Nimbus Disability, CredAbility & Access Card – Retention Schedule
All Information must be kept in accordance with this retention schedule. In the event that employees identify any discrepancies or areas which are not covered by this retention schedule this should be promptly reported to the Data Protection Officer for review.
Retention Schedule
- Customer records
- A1: General enquiries around services and products: 6 years from last contact. Limitation Act 1980
- A2: Complaints and incident records: 6 years from last contact. Limitation Act 1980
- A3: Data Protection Requests and correspondence: 6 years from last contact. Limitation Act 1980
- A4: Application for access card: For the life of the application, 6 years from expiry/cancellation of card or non-eligibility decision. Terms & Conditions, Limitation Act 1980
- A5: Distribution lists/ Contact databases: 2 years from last contact, data may be deleted if an individual has opted out or if a valid request to object/erase or restrict has been received. Business Need, Data Protection Act 2018, ICO Guidance
- A6: Customer feedback and surveys (where not a complaint): 2 years from last contact, data may be deleted if an individual has opted out or if a valid request to object/erase or restrict has been received. Business need, Data Protection Act 2018, ICO Guidance
- A7: Marketing records: 6 years from last use. Limitation Act 2018, Privacy and Electronic Communications Regulations, Data Protection Act 2018
- A8: Call recording: 6 months from creation of the record unless the record relates to an incident or complaint in which case the relevant period retention will apply. Business need.
- Corporate Records
- B1: Audit records: 6 years from conclusion of audit/issue of audit report. Business need & applicable legislation/standards, which may include: Financial regulations, data protection laws/cyber security standards, payment card industry standards, equality legislation.
- B2: Policies, Procedures and contracts: 6 years from expiry. Limitation Act 1980
- B3: Payment information & financial transactions: 6 years from transaction. Limitation Act 1980
- B4: Corporation records: The lifetime of the company. Company laws and financial regulations
- B5: Company accounting records – excluding payroll records: 3 years. Section 221 of the Companies Act 1985 as modified by the Companies Acts 1989 and 2006.
- Employment records
- C1: Disciplinary Management of staff conduct: Records of formal disciplinary actions in employee files. Retain both paper and electronic for review 6 years after last action. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C2: Grievances Management of staff grievances: Records of formal grievances in employee files. Retain both paper and electronic for review 6 years after last action. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C3: Staff Health and Safety: Individual health records: Retain until employee aged 100. Examination, testing, monitoring and control records: Review 5 years after last action. Accident books and ill health reports: Destroy 3 years after closure. Training, guidance and instructions: Review 3 years from date superseded. The National Archives Retention Scheduling: Employee Personnel Records, The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (SI 1995/3163) as amended, and Limitation Act 1980.
- C4: Occupational Health: Medicals: Retain until employee aged 100. Procedures, events, employee assistance schemes: 7 years from date superseded. Schedules: Destroy 3 years from the end of the financial year to which the records relate. The National Archives Retention Scheduling: Employee Personnel Records, Best Practice, Employment legislation, Limitation Act 1980.
- C5: Trade Union Agreements: 10 years after agreement is not effective. Best practice, Employment legislation, Limitation Act 1980.
- C6: Employee Files: Retain until employee age 100. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C7: Records of recruitment exercises: Recruitment exercises: Review 6 months from end of recruitment exercise. Application forms: Destroy after 6 months. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C8: Conditions of employment: Review 6 years after date superseded. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C9: Payroll Administration: Salary ledger records: Review 6 years from the end of the financial year to which they relate. Payroll sheets: Review 2 years from the end of the financial year to which they relate. Individual employees personal payroll history: Retain until employee aged 100. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records.
- C10: Pensions Administration: Retain until employee aged 100. Employment legislation, Limitation Act 1980, The National Archives Retention Scheduling: Employee Personnel Records, Best Practice adopted by Governmental Agencies.
- C11: First Aid Training records: 6 years after employment. Health and Safety (First Aid) Regulations 1981, Employment legislation, Limitation Act 1980.
- C12: Fire warden training: 6 years after employment. Statutory authority: Fire Precautions (Workplace) Regulations 1997, Employment legislation, Limitation Act 1980.
- C13: Maternity/Paternity Records: 6 years after the end of the tax year in which the maternity/paternity period ends. The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended, Maternity & Parental Leave Regulations 1999, Employment legislation, Limitation Act 1980.
- C14: Medical / Self Certificates – unrelated to industrial injury: 6 Years. Limitation Act 1890.
- C15: Internal Communication channels: 1 month. Business need – internal comms should not be used to document official business decisions or discuss personal data relating to employees or customers.