This data retention policy sets out the obligations of Deposit Recovery Claims Ltd and the basis upon which we shall retain, review and destroy data held by us, or within our custody or control.
This policy applies to our entire organisation including our officers, employees, agents and sub-contractors and sets out what the retention periods are and when any such data may be deleted.
We are registered under the Information Commissioner’s Office under registration number ZA232148.
It is necessary to retain and process certain information to enable our business to operate. We may store data in the following places:
This policy applies equally to paper, electronic media and any other method used to store personal data. The period of retention only commences when the record is closed.
We are bound by various obligations under the law in relation to this and therefore, to comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully in respect of their personal data under the General Data Protection Regulation (“the Regulation”).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets out the procedures that are to be followed when dealing with personal data and how we aim to comply with the Regulation in so far as it is possible. In summary, the Regulation states that all personal data shall be:
The Fourth and Fifth Data Protection Principles require that any data should not be kept longer than necessary for the purpose for which it is processed and when it is no longer required, it shall be deleted and that the data should be adequate, relevant and limited for the purpose in which it is processed.
All data and records are stored securely to avoid misuse or loss. We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if there is agreement by them to comply with those procedures and policies, or if there are adequate measures in place.
We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
Availability means that authorised users should be able to access the data if they need it for authorised purposes.
Data retention is defined as the retention of data for a specific period of time and for back up purposes.
We shall not keep any personal data longer than necessary, but acknowledge that this will be dependent on the different types of documents and data that we have responsibility for. As such, our general data retention periods are set out below:-
Please note that these are guidelines only, which set minimum retention periods for both physical files and electronically held data.
If there is a genuine business need to retain data for a longer period, please contact a member of the Management Team /Daphne Richardson, Paul Richardson.
Records of client identity and verification checks made under our client due diligence procedure must be retained for six years after the business relationship ends or the transaction completes.
|Matter type||Retention period|
|Landlord and Tenant||6 years|
|Housing Disrepair||6 Years|
|Cyber and Data breach claims||6 years|
|All other client matter files||6 years|
From time to time, it may be necessary to retain or access historic personal data under certain circumstances such as if we have
contractually agreed to do so or if we have become involved in unforeseen events like litigation or business disaster recoveries.
Upon expiry of our retention periods, we shall delete electronic files and confidentially destroy paper files by way of shredding.
We are responsible for the continuing process of identifying the records that have met their required retention period and supervising their destruction. The destruction of confidential, financial, and personnel-related records shall be securely destroyed and by confidential shredding.