Data Retention Policy
This policy is to explain the retention of documents and other information collected by us in relation to you.
Adrian Welch Finance Brokers is hereinafter referred to as "AWFB."
Last updated: 22/05/2018
The need to retain data varies widely with the type of data. Some data can be immediately erased, and some must be retained until reasonable potential for future need no longer exists.
For specific enquiries, you should contact the data controller for AWFB.
Data controller for the company: Adrian Welch
Data controllers email address: email@example.com
This document compliments our Terms and Conditions and Data Privacy Notice linked above.
The purpose of this policy is to specify the company's guidelines for retaining different types of data.
The scope of this policy covers all company data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location.
Note that the need to retain certain information can be mandated by local, industry regulations and will comply with EU General Data Protection Regulation GDPR and the General Data Protection (Bailiwick of Guernsey) Law, 2017.
2.1 REASONS FOR DATA RETENTION
For the general purposes related to continued and safe business with our clients, it is necessary to hold some data. There are various reasons behind this and this document aims to explain those with the aid of our Data Privacy Notice and general Terms & Conditions (links on first page). Some data, however, must be retained in order to protect the company's interests, client access, preserve evidence, and generally conform to good business practices.
Some reasons for data retention include:
• Accident investigation
• Security incident investigation
• Good Practice
• Intellectual property preservation
• Client access – both business and personal
Data is only duplicated in accordance to the following:
• Backups – our systems are regularly backed up and so is all data supplied to us by individuals or organisations. This process is necessary to ensure that AWFB is able to restore any lost data in the event of a systems failure or accidental erasure.
• Sharing with our selected third parties – in order to complete your application, some information is shared. This is usually duplicated and encrypted before transfer.
2.3 RETENTION REQUIREMENTS
This section sets guidelines for retaining the different types of company data.
• Personal customer data (all):
o Personal data will be held for as long as the individual is a customer of the company plus 5 years.
• Business / organisations customer data (all):
o Business / organisations data will be held for as long as the organisation is a customer of the company plus 5 years.
• Critical data including Tax and VAT:
o Critical data must be retained for 6 years.
• Unsuccessful applications:
o These will be destroyed after notification has been made of the decision not to continue processing your application.
2.4 DATA DESTRUCTION
When data is removed from our systems or hard copies are destroyed, this is always done in a secure manner.
Data will be destroyed and backed up copies erased in accordance with the retention terms stated in 2.3.
2.5 APPLICABILITY OF OTHER POLICIES
This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.
This policy is enforced by the Data Controller for AWFB, if you have any further queries, use the contact details found in section 1.0.
Backup: To copy data to a second location, solely for the purpose of safe keeping of that data.
Encryption: The process of encoding data with an algorithm so that it is unintelligible and secure without the key. Used to protect data during transmission or while stored.
Encryption Key: An alphanumeric series of characters that enables data to be encrypted and decrypted.