Why do you need a retention policy?
The purpose of a retention policy is to establish and describe how an organisation expects to manage personal information (whether in electronic files, emails, hard copies, or other formats) from creation or collection through to destruction or erasure. A retention policy is one part of an organisations overall document management program.
No single policy is adequate for all organisations and you will need to tailor one or more data retention policies to reflect the unique needs of your organisation. In this context it makes sense to have data retention policies that cover different categories of personal data. For example, it may seem overly complicated and confusing to visitors to the organisation’s website to also be exposed to a data retention policy that would only apply to staff.
A data retention policy serves many important functions. For example, it:
- Establishes that the organisation is committed to complying with the GDPR;
- Describes the purpose for which personal information is collected;
- Describes the period of retention of personal data or the rules/procedures applied to retain that personal data for a longer period of time (for example, where you are unsure if the information may still be necessary);
- Identifies who is in charge of data protection at the organisation, and explains how to get in touch with the appropriate representative; and
- Encourages disposal of unnecessary files before they become a liability.
Please ensure that you have the appropriate technical and organisational means in place to adhere with the data retention policy. It is one thing to claim that you retain personal information for a specified period of time and another to have the underlying mechanisms, systems, and procedures in place to ensure that destruction or erasure is followed through and recorded.
At the time of destruction or erasure of personal information it may be helpful to retain a record of what destruction occurred, when, and by whom. As part of the GDPR’s emphasis on data minimisation it may be necessary in these circumstances to retain some, minimal, information to confirm that such destruction took place but, in such cases, it may just be that you retain a record of an e-mail address or postal address – only retain what is absolutely necessary and the less you retain the better.
Please ensure that you have filled in and/or completed the elements in square brackets and highlighted for your attention. You will also find several footnotes throughout the retention policy that may provide further details.
This is an organic document and may be updated from time to time to reflect changes or developments in data protection legislation, case law, and guidance from the Information Commissioner’s Office.
Last Updated: 13.06.2018
Thank you for visiting the Vascular Society or the Circulation Foundation.
Your privacy is important to us. This Retention Policy is where we explain to you how long we may retain personal information that is collected when you visit our sites, www.vascularsociety.org.uk and www.circulationfoundation.org.uk, when you become a member of our society, or when you communicate with us.
For convenience, we have divided our data protection policies into three separate pages:
- Our Retention Policy
Our retention policy, which is this document, explains how long we may hold onto personal information collected or processed by us.
If you have any questions please do not hesitate to contact our appointed Data Privacy Officers, Fitwise Management Limited, at firstname.lastname@example.org or, if you prefer to call or write to us, then you can find our contact details at the bottom of this page.
WHO WE ARE
We are the Vascular Society. We are registered in England as a limited liability company. Our registered number is 05060866 and our registered office is at 146 New London Road, Chelmsford, Essex, England, CM2 0AW.
The Circulation Foundation is the charitable foundation of the Vascular Society. Charity Number: 1102769
PURPOSE OF THIS DOCUMENT
The purpose of the Retention Policy is to explain what personal information we may collect about you when you visit our site, become a member of our society, communicate with us, or interact with our online services including the purpose of that collection, and how long we store that personal information for.
Our Retention Policy is broadly divided into four (4) sections:
- Our website;
- Our members details;
- Our events database; and
Depending on how you interact with us and our services we may collect different types of personal information about you. The duration that we retain that personal information will vary depending on how you interact with us. For example, we may retain information about you for a longer period of time if you have asked us to keep you updated about developments in the society or if you become a member.
The types of personal information that we collect, its purpose, and retention period is detailed in the tables below.
This table details the personal information and we may collect about you on our site located at www.vascularsociety.org.uk.
Type of Personal Information
If you get in touch with us via our site then we will ask you for your first name. We collect this information to help us to get to know you better and to provide a personable service
Duration of inquiry*
*If you become a member of the Vascular Society then we will retain personal information about you in accordance with our contract which we will provide to you in writing before providing you with our services.
This table details the personal information and we may collect about you on our site located at www.circulationfoundation.org.uk
Type of Personal Information
To send you the results
Risk Checker Data
This table details the personal information that we may collect about when you attend one of our events or seminars. The main purpose for this information is to help us get in touch with you and help answer any queries you may have about our society, our membership services, and any other events we may run in the future.
Type of Personal Information
To ensure we can communicate with you about the event for which you have registered. If you would like to receive information about our future events you will be asked to opt in.
All event data will be retained for CPD purposes for 6 years. All mailing lists will be retained for 3 years.
You can find out more about changing cookie settings on your computer by visiting http://www.allaboutcookies.org/manage-cookies/.You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. You may also delete any cookies stored on your computer at any time.
Different cookies may be stored for different periods of time. In many cases these cookies are updated automatically each time you visit our site or may expire and be deleted by your device automatically. Each time you visit our site you start a new “session”. When you leave our site the session ends. The expiry period of a cookie will usually run from the date of the most recent session. This means that, each time you visit our site, the expiry period for those cookies may reset.
It is important to understand that when a cookie is placed on your device it will reside on your hard drive until it expires and is deleted or it may reside on your hard drive until you manually delete it – this entirely depends on your individual browser settings and we do not have control over this.
CHANGES TO OUR RETENTION POLICY
We may need to change this Retention Policy if it’s necessary for legal reasons or to reflect changes to our site and services or the purposes for which we may wish to collect and process your personal information. In any case, the provisions of this Retention Policy may be changed without prejudice to your rights. When we change our Retention Policy we will make the updated Retention Policy available on our site and we will also update the “Last Updated” date.
Once we change our Retention Policy, we will use our reasonable efforts to inform you. This may include asking you to agree to the updated Retention Policy before we process further information about you or it may require us to suspend access to parts of our site until you agree to the updated Retention Policy – we will only restrict access to parts of our site where we deem it is necessary for us to collect or process personal information about you. If you have an account on our site then we may reset your login and seek new consent if there is a change in the purpose or duration that we retain your personal information.
You’re welcome to contact us if you have questions about the changes.
This Retention Policy was prepared with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our retention of your personal information. However, we are happy to provide additional information or explanation needed.
If you have any questions, comments or requests regarding our Retention Policy then please do not hesitate to get in touch with us. To make things easier for both of us we would appreciate it if your queries were addressed to:
Data Privacy Officers
Fitwise Management Limited
Telephone: +44 (0)1506 811077