Register with us online today
Submit your CV through email
Looking to recruit
If you are planning to recruit click this link to send us your enquiry
Data Retention Policy

1. Introduction
1.1 Information is one of GEM’s corporate assets; in the course of carrying out our business and providing services to both the business community and work seekers, GEM accumulates information from both individuals and external organisations. GEM also generates a wide range of data, which is recorded in documents, IT systems and records.
 
1.2 These documents, systems and records are in several different formats, examples of which include, (but are not limited to) communications such as letters, emails and texts; financial information including invoices, statements and reports; legal documents such as contracts and deeds; and information relating to various types of recruitment assignment and service provision, including (but not limited to) cv’s, timesheets, payroll information, applications, interview records, references, criminal records checks, assignment details and regulatory audit activity.
 
1.3 For the purposes of this Policy, the terms ‘document’ and ‘records’ include information in both hard copy and electronic form, and “systems” could include the GEM database, email platforms, computer hard drives, cloud-based storage and hard copy filing.
 
1.4 In certain circumstances it will be necessary to retain specific documents in order to fulfil statutory or regulatory requirements and also to meet operational and contractual obligations. Document retention may also be useful to evidence events or agreements in the case of disputes, and also to preserve information which has historic value.
 
1.5 Premature destruction of documents could result in inability to defend litigious or HMRC claims, operational difficulties and failure to comply with statutory obligations such as (but not limited to) the Freedom of Information Act 2000, the Employment Agencies Act 1973, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Working Time regulations 2002, The Equality Act 2010 and the General Data Protection Regulations 2018.
 
1.6 Equally, the retention of all documents and records is impractical and appropriate disposal is
encouraged. Disposal will assist gem to maintain sufficient electronic and office storage space, reduce risk associated with data loss and will de-clutter office accommodation, resulting in a more desirable working environment. Lengthy or indefinite retention of personal information could also result in GEM breaching the General Data Protection Regulations 2018.
 
1.7 It is important for the above reasons that the GEM has in place systems for the timely and secure disposal of documents and records that are no longer required for business purposes, from all our systems and those of our commercial partners which applicable.
 
2. Aims and Objectives
2.1 The key objective of this Policy is to provide GEM with a simple framework which will govern decisions on whether a particular document should be retained or disposed of. In the case of documents or records which are to be retained by GEM, the Policy includes guidance on the format in which they should be retained and appropriate retention periods.
 
2.2 Implementation of the Policy should save staff time when retrieving information, in particular by reducing the amount of information that may be held unnecessarily.
 
2.3 The Policy in relation to document retention and disposal applies to both GEM records held and managed by our staff and those held by 3rd party organisations who are designated data processors, such as (but not limited to) client organisations, master vendors and payroll partners.
 
2.4 It is envisaged that this Policy will assist the GEM in securing compliance with legal and regulatory requirements, including the Freedom of Information Act 2000 and the General Data Protection Regulations 2018. In addition to assisting GEM staff and suppliers in their day to day business, this should also ensure that searches for information requested under the GDPR legislation are easily managed.
 
2.5 Additionally, the Policy should help to ensure that GEM archives records and documents that are of historical value appropriately for the benefit of data subjects and in line with our legal obligations.
 
3. Scope
3.1 This Document Retention Policy applies to all information held by GEM Partnership and its external service providers where they are processing information on the GEM’s behalf.
 
4. Policy Statement
4.1 GEM will ensure that information is not kept longer than is necessary and will retain the minimum amount of information that it requires to carry out its’ statutory, contractual and service obligations.
 
5. Retention and Disposal Policy
5.1 Decisions relating to the retention and disposal of documentation should be taken in accordance with this Policy, in particular:-
 
• Appendix 1 – Documents Type, Retention Period and Disposal Method
 
5.2 In circumstances where a retention period of a specific document has expired, a review should always be carried out prior to a decision being made to dispose of it. This review should not be particularly time consuming and should be straightforward. If the decision to dispose of a document or record is taken, then consideration should be given to the method of disposal to be used.
 
 
6. Roles and Responsibilities
6.1 The board of directors will be responsible for determining (in accordance with this Policy) whether to retain or dispose of specific documentation types, systems or records at a macro level.
 
6.2 The board may delegate the operational aspect of this function to one or more systems and compliance officers or divisional managers within the company. Individual documents and records however are the responsibility of the business at large and all staff should take an active role in determining whether a document or record requires action in line with this policy.
 
6.3 Systems and compliance officers, or staff in general should enquire with senior management or the board of directors if they are uncertain as to whether minimum retention periods are prescribed by law, or whether the retention of a document or record is necessary to protect the company’s position where a potential for retrieval in line with statutory obligations is likely.
 
7. Disposal
7.1 When documents are disposed of, the method of disposal should be appropriate to the nature and sensitivity of the documents concerned.
 
7.2 Documents can be disposed of by any of the following methods:

  • Non-Confidential records: place in waste paper bin for disposal
  • Confidential records*: shred documents internally or via an approved external supplier
  • Deletion of Computer Records.
  • Transmission of records to an external body such as SAR for data porting.

 
* It is essential that any documents which are to be disposed of and may contain confidential or personal data must be disposed of in this way, in order to avoid breaches of confidence or of the General Data Protection Regulations (GDPR) 2018.
 
8. Security
8.1 GEM will need to ensure that all data (hard copy or electronic) is kept securely and access is only available to authorised personnel.
8.2 All staff will need to assess how they manage the data they receive or generate on behalf of the company and take steps to identify and address any potential weaknesses. E.g. access to email by a 3rd party, filing cabinets, document transmissions to 3rd parties etc.
 
 
APPENDIX 1
Document Retention Schedule
Where a minimum retention period has been set by law, statute etc.., GEM will retain the document or record for a maximum of an additional year unless there is consent for continued processing or there are contractual obligations to fulfil.
 

Document Type Retention period Disposal type
 
Personnel records    
Work seeker records including application forms, cv, ID checks, terms of engagement, details of assignments, opt out notifications, interview notes, next of kin, references and other registration documents.
 
At least 1 year from any introduction to a client CW and Deletion
Hirer records including client details, assignment or vacancy details, package and rate details, terms of business etc.
 
At least 1 year from any introduction to a candidate CW and Deletion
Terms of engagement with temporary workers, umbrella company workers, or limited company contractors
 
6 years in order to deal with any civil actions or contractual claims CW and Deletion
Working time records such as 48 hour opt out notifications, annual leave records and time and attendance records
 
2 years from the time they were created CW and Deletion
Annual appraisal and assessment records
 
No legal obligations, however aim for 1 year from termination of assignment or contract CW and Deletion
Eligibility to work in the UK records
 
2 years after employment or engagement has ended – not alterable CW and Deletion
Criminal records checks, disclosure and barring checks Not retained CW and Deletion
National minimum wage documentation:
Total pay by the worker and hours
Overtime and shift premia
Any deductions or payments for accommodation
Any absences or rest break records
Holiday and sick pay
Any travelling or training during working hours
Total number of hours in a pay reference period
For HMRC purposes – 3 years after the end of the pay reference period – or 6 years in order to defend a claim CW and Deletion
Sickness records and SSP In line with other payroll information (see below) CW and Deletion
Statutory maternity, paternity and adoption pay 3 years from the end of the tax year to which it relates CW and Deletion
Pension, auto-enrolment related records 6 years except for opt outs which should be kept for 4 years CW and Deletion
Gender pay gap reporting 1 year, but the data needs to be kept on the government website and GEM website for 3 years CW and Deletion
Company financial information    
VAT 6 years CW and Deletion
Company accounts 6 years CW and Deletion
Payroll information
CIS records
3 years from the end of the tax year to which it relates CW and Deletion
ITEPA (the intermediaries legislation) records Report is due every quarter, no less than 3 years after the end of the tax year to which it relates CW and Deletion

 
 
 
Disposal Method
CW – Confidential Waste (Shredded)
Bin – General paper waste
Deletion – deleted of local PC and non-local storage. Hard Drives and other storage media must be securely wiped before disposal.
 
GEM procure offsite archiving services for all electronic data, including email systems, shared drive libraries, databases and individual pc files and folders. This archived data is held in encrypted format in secure datacentres, by suppliers who hold ISO27001 (information security management system) certification and is not accessible by staff without director approval. Any deleted data in line with the schedules outlined above will be held for a further 3 months in this archived environment.