Purpose

This policy defines how Whitehall retains, manages, and disposes of personal and corporate data to ensure compliance with the UK GDPR, the Data Protection Act 2018, and any other relevant legislation.

Scope

This policy applies to:

• All personal data and business records collected or created by Whitehall.
• All employees, contractors, candidates, clients and third party partners processing data on behalf of Whitehall.
• Data stored in all formats including electronic, paper, audio, and video.

Principles

• Data will be retained only as long as necessary for the purposes for which it was collected.
• Data retention periods will comply with statutory, regulatory, contractual, and operational requirements.
• Once data is no longer required, it will be securely disposed of or anonymised.
• Retention periods will be regularly reviewed and updated as necessary.

Data Retention Periods

Data Category	Retention Period	Reason
Employee records	6 years after employment ends	Legal and tax obligations.
Candidate records	Until consent is withdrawn or 6 years after last contact. If candidate is placed: for the duration of the placement and for 6 years after the end the placement.	Consent and legitimate interest. Contractual and legal purposes.
Client records	Indefinitely	Consent and legitimate interest. Contractual and legal purposes.
Supplier and contract records	Indefinitely	Consent and legitimate interest. Contractual obligations.
Marketing data	Until consent is withdrawn or 6 years after last contact	Consent and legitimate interest.
Payroll and tax records	10 years	HMRC and contractual requirements.
Financial records	10 years	Statutory accounting, tax purposes and contractual requirements.
Health and safety records	3 years or longer if required	Health and safety compliance
CCTV footage	30 days or as required	Privacy and data protection compliance

 

Note: These periods are guidelines; specific cases may require adjustments.

Data Disposal

When data reaches the end of its retention period or is no longer required:

• Electronic data will be securely deleted using appropriate software.
• Paper records will be shredded or destroyed securely.
• Backup copies will also be managed according to this policy.

Roles and Responsibilities

• In-House Legal Counsel & IT Manager: Oversees compliance with retention schedules and policies.
• Department Heads: Ensure records under their control follow retention guidelines.
• Employees: Adhere to the retention policy and report any issues.

 

Data Subject Rights

Data subjects can request information about the data held about them and its retention. Requests should be directed to dpo@whitehallresources.com

This policy is reviewed annually and updated when needed.