This Policy sets out the obligations of DPS Contract Services (hereinafter referred to as the“Company”) regarding retention of personal data collected, held, and processed by the Companyin accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).The GDPR defines “personal data” as any information relating to an identified or identifiable naturalperson (a “data subject”). An identifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, an identification number,location data, an online identifier, or to one or more factors specific to the physical, physiological,genetic, mental, economic, cultural, or social identity of that natural person.The Company only ever retains records and information for legitimate or legal business reasonsand always complies fully with EU data protection laws, guidance and best practice. For more at Data Retention Policy
This Policy sets out the type(s) of personal data held by the Company, the period(s) for which thatpersonal data is to be retained, the criteria for establishing and reviewing such period(s), and whenand how it is to be deleted or otherwise disposed of.For further information on other aspects of data protection and compliance with the GDPR, pleaserefer to the Company’s Data Protection Policy (link).The GDPR impose obligations on the Company, as a Data Controller, to process personal data in a fair manner which notifies data subjects of the purposes of data processing and to retain the data for no longer than is necessary to achieve those purposes.The Company’s objectives and principles in relation to Data Retention are to:
• Set out limits for the retention of personal data and ensure they are complied with
• Ensure the Company complies fully with its obligation and rights of data subjects under the
GDPR
• Ensure the safe and secure disposal of confidential data and information assets
• Ensure that records and documents are retained for the legal, contractual and regulatory period
stated in accordance with each bodies rules or terms.
• Mitigate against risks or breaches in relation to confidential information
This policy applies to all persons within the Company (meaning permanent, fixed term, temporary staff and sub-contractors engaged with the Company). Adherence to this policy is mandatory and non-compliance could lead to disciplinary or contractual action.
5. RESPONSIBILITIES
Heads of departments and information asset owners have overall responsibility for the management of records and data generated by their departments' activities, namely to ensure that the records created, received and controlled within the purview of their department, and the systems (electronic or otherwise) and procedures they adopt, are managed in a way which meets the aims of this policy. Where a DPO has been designated, they must be involved in any data retention processes and records or all archiving and destructions must be retained. Individual employees must ensure that the records for which they are responsible are complete and accurate records of their activities, and that they are maintained and disposed of in accordance with the Company's protocols. For more at Data Retention Policy
Comments
Post a Comment