DATA RETENTION SCHEDULE

Introduction

Data protection laws have existed for years with the aim to protect personal information and control how it is used. The advance in technology and business environments has resulted in update and amendment of this legislation, with GDPR being the most recent example.

The General Data Protection Regulation (GDPR) is a new law that will supersede all previous data protection legislation. The GDPR will apply to TXM Recruit and will mark a significant shift in the way our organisation must protect personal data that is collected, stored or processed.

Purpose

This retention schedule outlines the different categories of data held by TXM Recruit and details the retention period for each set of data, the purpose of the retention and the location the data is held. This retention schedule is designed to help organise and manage TXM Recruit’s information and provides the basis for processing and managing TXM Recruit records.

The retention period detailed applies to all records in that category by default and will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require certain documents to be held for either shorter or longer periods. Retention periods apply to all formats of records unless specifically stated otherwise.

TXM Recruit has used the below primary factors to inform the decisions made on retention periods:

  • Business needs and legitimate interests
  • Legislative compliance and requirements, i.e. social security and safeguarding laws
  • Regulatory requirements

The retention schedule will be kept up to date with the assistance of the appointed Data Protection Officer, the TXM Recruit Management team and the GDPR committee team, to reflect changing business needs, new legislation and the changing perceptions of risk management as guided by the ICO.

TXM Recruit notes that not all electronic documents may be declared as formal records within the business although every consideration and care will be taken to ensure that undeclared documents are not retained indefinitely. Any undeclared documents are to be treated as temporary and need to be deleted as soon as there is no further requirement for the data to be used or retained.

Continuous Development

This retention schedule will be maintained, updated and amended with the assistance of the appointed Data Protection Officer, the TXM Recruit Management team and the GDPR committee team, to ensure full compliance especially to evolving GDPR obligations as outlined by the ICO. Change control procedures will apply to this document once approved by the management team and the appointed Data Protection Officer. This retention schedule may be updated periodically to reflect changes in our personal information practices. For significant changes, we will notify you by posting a prominent notice on our websites indicating at the top of the document when it was most recently updated.

Data Protection Officer

TXM Recruit has outsourced its Data Protection Officer (DPO) responsibilities to Ametros Group, a consultancy that provides practitioner led GDPR advisory services to UK based organisations. Contact details for our DPO are as follows:

Mr J. Richards @ Ametros Group Ltd

Lakeside Offices

Thorn Business Park

Hereford

HR2 6JT

Email:    dpo@ametrosgroup.com

Tel:         0330 223 2246

Contact Us

If you have any questions or comments about this Data Retention Schedule, or you would like to exercise your rights or update the information we have about you or your preferences, please contact TXM Recruit directly at gdpr@txmgroup.com. We endeavour to respond to queries and requests within two working days.

Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

TXM Recruit - Recruitment Services










Data

Client / hirer records including contact details, terms of business, assignment or vacancy details

Format

Electronic

Purpose

Contractual purposes and legal obligations

Retention Period

4 years

Authority

Managing Director

Location Held

Secure Bullhorn CRM system

Sensitive Personal Data

No










Data

Terms of engagement with temporary workers and terms of business with clients

Format

Electronic

Purpose

Contractual purposes and legal obligations

Retention Period

4 years

Authority

Managing Director

Location Held

Secure Bullhorn CRM system

Sensitive Personal Data

No










Data

Records of candidates who have never been placed, including personal data, application form and CV, ID checks, interview notes and other documentation obtained during application

Format

Electronic

Purpose

Legitimate interest and consent

Retention Period

4 years (unless consent to renew retention period is obtained)

Authority

Managing Director

Location Held

Secure Bullhorn CRM system

Sensitive Personal Data

Yes










Data

Records of candidates who have never been placed, including personal data and CV, that have been obtained via Job Boards or social networking sites

Format

Electronic

Purpose

Legitimate interest with purpose to provide employment solution (DP5B)

Retention Period

4 years (unless consent to renew retention period is obtained)

Authority

Managing Director

Location Held

Secure Bullhorn CRM system

Sensitive Personal Data

Yes










Data

Records of candidates who have been placed, including personal data, application form and CV, ID checks, interview notes, contracts of engagement, working time regulation opt-outs and details obtained during assignments

Format

Electronic

Purpose

Contractual purposes and legal obligations

Retention Period

7 years

Authority

Managing Director

Location Held

Secure Bullhorn CRM system

Sensitive Personal Data

Yes










Internal Human Resources










Data

Unsuccessful candidate records, including personal data as set out in the CV and application form

Format

Electronic

Purpose

Legitimate interest

Retention Period

4 years

Authority

Managing Director / Internal Recruiter

Location Held

Internal Recruiter's secure personal V:Drive

Sensitive Personal Data

No










Data

Employee records, including personal data, application form and CV, interview notes, contracts of engagement, details of assignments

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

Yes










Data

Working time records including 48 hour opt outs and annual leave records

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

No










Data

Employee references

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

No










Data

Appraisal, assessment and training records

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

No










Data

Eligibility to work records

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

Yes










Data

Criminal record checks and disclosure barring checks

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

Yes










Data

Employee equal opportunities response (voluntary)

Format

Electronic

Purpose

Legitimate interest

Retention Period

1 month

Authority

Managing Director / Human Resources Department

Location Held

Secure HR Drive

Sensitive Personal Data

Yes










Payroll Information, Finance Data and Company Accounts










Data

Sickness records including details of statutory sick pay

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems

Sensitive Personal Data

Yes










Data

Records relating to statutory maternity, paternity and adoption pay

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems

Sensitive Personal Data

Yes










Data

Pensions auto-enrolment (including auto-enrolment date, joining date, opt in and opt out notices, contributions paid)

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest and Sage software

Sensitive Personal Data

Yes










Data

Payroll information and CIS records

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems

Sensitive Personal Data

Yes










Data

Company financial records in relation to VAT

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest and Sage software; secure Eclipse and Bullhorn CRM systems

Sensitive Personal Data

Yes










Data

Company accounts

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Sage and SAFE Financials software

Sensitive Personal Data

Yes










Data

ITEPA (the intermediaries legislation) records

Format

Electronic

Purpose

Contractual and legal obligations

Retention Period

7 years

Authority

Chief Finance Officer / Finance Director

Location Held

Secure Accounts X:Drive; secure Tempest software

Sensitive Personal Data

No