Record Retention

 

Policy and Procedure

 

POLICY STATEMENT

The Lucketts Group* (‘the Group", ‘we’, ‘us’, and ‘our’) is committed to:

 

1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).

2. The efficient management of its records for the effective delivery of our services.

 

The Lucketts Group* comprises:

• H Luckett & Co Limited

• Lucketts Holdings Limited

• Lucketts Travel

• Worthing Coaches

• Mortons Travel

• Coliseum Coaches

• Solent Coaches

 

 

SCOPE

This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.

 

This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.

 

This policy applies to:

 

• All personal data that is stored by us whether kept on paper, electronically and/or digitally.

• All staff of the Group

 

This policy should be read and used in conjunction with our other following policies:

 

• Data protection

• Privacy

 

 

OBJECTIVE

The objectives of this policy are to:

 

• Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data

• Ensure we comply with all applicable legal and regulatory requirements

• Ensue personal data is stored securely

• Ensure that personal data is not out of date

• Keep personal data accurate

• Assist with responding to subject access requests

• Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently

• Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner.

• Assist with audits

• Minimise storage requirements and costs

• Assist in the identification of the location of personal data

• Clarify responsibilities for implementing, complying and monitoring this policy

 

 

DEFINITIONS

 

Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.

 

Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences

 

Data subject means any individual whose personal data is processed by the Group

 

Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything the Group does with personal data will be processing).

 

Data controller means the organisation which decides the purposes and means of the processing of personal data

NB: The data controller for the purposes of this policy is the Lucketts Group

 

Data processor means an individual or organisation that processes personal data on behalf of a data controller

 

Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

 

Staff means anyone working at or for us on a permanent or temporary basis, including, Directors and permanent, interim and temporary employees.

 

 

PRINCIPLES

The relevant data protection principles for the purposes of this policy are that personal data must be:

 

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

• Kept in a form which permits identification of data subjects for no longer than is necessary

   

  for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 

NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.

 

 

ROLES AND RESPONSIBILITIES

The Lucketts Directors Group have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy;

 

• The Managing Director has overall responsibility for ensuring the Group’s compliance with the GDPR, the data protection principles.

• The HR Director has responsibility for the HR Department ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of staff held by the HR Department. The HR Director contact details on located on the company communications list.

• The Operations Director has responsibility for Operations ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and operations staff held by the Operations Department. The Operations Director contact details on located on the company communications list.

• The Sales and Marketing Director has operational responsibility for Sales and Marketing ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and sales & marketing staff held by the Sales and Marketing department. The Operations Director contact details on located on the company communications list.

• The Engineering Director has operational responsibility for Engineering ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and engineering staff held by the Engineering Department. The Engineering Director contact details on located on the company communication list

• The Finance Controller has operational responsibility for Finance ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and staff held by the Finance department. The Finance Controller contact details on located on the company communications list

 

Data Protection Officer (DPO)

The Data Protection Officer (DPO) has responsibility to remind the Directors Group of their responsibility for ensuring compliance with the GDPR, the principles of data protection and this policy. The DPO can be contacted via the Human Resources department

 

Management and Staff

Line managers are responsible for operational day to day adhering to the GDPR requirements and the Group’s requirements, and ensuring staff’s adherence with this policy.

 

All staff have a responsibility to comply with the GDPR, the data protection principles, the requirements of the Lucketts Group and this policy when carrying out their duties.

 

Important - Failure to comply with this policy may result in legal and/or disciplinary action.

 

Staff Training

All staff are required to attend/undertake training and failure to do so could result in disciplinary action

 

 

Record Retention Schedule

 

Appendix A sets out the periods of how long personal data will be kept.

 

DISPOSAL AND DESTRUCTION

When the retention periods expire we must dispose of and destroy all personal data unless either the Managing Director, HR Director or the Operations Director authorises that such data should be retained.

 

Any decision to retain personal data passed the expiry date must be logged and recorded on the Personal Data Retention Register held centrally.

 

IMPORTANT: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.

 

Destruction and Deletion Process

 

Paper Records

Paper Records/personal data must be shredded, and the shredding placed in the confidential waste bags, immediately tied with secure tags, and taken to the secure storage with limited authorised access. A third party confidential waste provider is contracted by the Group to securely shred the confidential information on site, and then remove the shredded material for secure disposal.

 

Electronic Records

The Group’s IT provider will delete all electronic records.

 

 

REVIEW OF POLICY AND PROCEDURE

The Lucketts Group policies and procedures aim to ensure that employees are aware of, and confident that, the employer is complying with current legislation and is protecting the interests of both the needs of the business and the employee. In this respect, it may be appropriate to modify existing policies and/or procedures from time to time to reflect changes as appropriate, and this policy will be reviewed as necessary by designated Group Directors, and/or by personnel as delegated by the Directors Group.

 

 

EQUALITY IMPACT ASSESSMENT

 

Equality Impact Assessment – initial screening       Relevant Equality Area:	Does the Policy or its implementation?			Does the Company need to proceed to full EIA if in doubt then progress to full screening)
	Breach Equalities Legislation?	Affect different groups in different ways (both positive and negative)	Promote equality/good relations?
Gender	No	No	Yes	No
Race	No	No	Yes	No
Disability	No	No	Yes	No
Sexual Orientation	No	No	Yes	No
Religion and Beliefs	No	No	Yes	No

 

 

 

APPENDIX A

 

Record Retention Schedule

 

NB. Records are kept for at least 6 years in accordance with the UK Limitation Act 1980

 

Document	Retention Period
Images including video, CCTV, photographs
	CCTV will not be retained for longer than 30 days unless images are to be held for evidential purposes, and will then be kept in a secure place with limited access to authorised personnel only and kept for the period which is deemed necessary to achieve the evidential purposes.   Staff photographs are taken for identification purposes e.g. personnel record and organisation structure charts. The images will be kept only for the duration of their employment. Staff photographic images will be kept securely electronically on the HR personnel software for the individual’s personnel record. Photographs may also be used for security passes and identification uses to deliver customer services and to meet MOD security requirements.   Marketing images will only be used with express written consent from the individual. Images will only be kept for the period of time necessary to achieve the purposes of use.
Audio recording	Audio recording is not undertaken by the Lucketts Group.   Regarding voicemail messages left on employee company telephones and mobiles these will be deleted immediately once recording has been listened to.
Governance
Company House records Governance documentation Board documentation; Meeting Meetings Resolutions   Director information;	Permanent       6 years – consideration must be given to the storing of sensitive data in line with GDPR requirements
Registration and Statutory Returns
Annual Returns to a regulator as applicable   Audited Company Returns and financial statements   Declarations of Interest   Registers of directors and secretaries   Register of Seals   Register of Shareholding Members as applicable   Register of share certificates	5 years   Permanently   6 years   Permanently   Permanently   Permanently   Permanently
Strategic Management
Business Strategy & Plans, and Support documentation e.g. organisation structures, aims, objectives	5 years after plan completion
Insurances
Current and former policies   Annual Insurance Schedule   Claims and related correspondence   Indemnities and Guarantees   Group Health policies   Employer’s liability Insurance Certificate	Permanently   6 years   3 years after settlement   6 years after expiry   12 years after cessation of benefit   40 years
Finance Accounting, Tax Records, Bank Records
Accounting Records; Balance sheets and supporting documents   Loan account control reports   Budgets and Financial reports   Tax Returns and records   VAT Records as applicable   Order and delivery notes   Copy invoices Credit and debit notes Cash records   Journal Transfer documents Creditors, debtors and cash income control documents.   VAT related correspondence as applicable   Cheques Paying in counterfoils Bank statements and reconciliations Instructions to bank	6 years     6 to 10 years   Permanently   10 years   10 years   10 years   6 years 6 years 6 years   6 years 6 years     6 years     6 years 6 years 6 years
Contracts and Agreements
Planning consents and permissions   Property maintenance records   Professional opinions   Contracts under seal and/or executed as a Deed   Contracts for supply of goods/services including professional services   Documentation relating to one off purchases   Loan agreements   Licensing agreements   Rental and hire purchase agreements Indemnities and guarantees   Documents relating to successful tenders   Documents relating to unsuccessful tenders   Forms of tender as applicable	12 years after interest ceases   6 years   6 years   12 years after complication including any defects liability period 6 years after completion including any defects liability period   3 years   12 years after last payment   6 years after expiry   6 years after expiry 6 years after expiry   6 years after contract ends   2 years after notification   6 years
Vehicles	Subject to the Transport Commission and vehicle safety requirements
Mileage records Maintenance records including MOT tests Copy registrations	2 years after disposal 2 years after disposal   2 years after disposal
Capital Assets
Fixed Asset Register	Permanently
Income Tax and Social Security
Record of taxable payments Record of tax deducted or refunded Record of earnings on which NI contributions payable Record of employers and employees NI contributions NIC contracted out agreements Copies of notices to employees i.e. P45 and P60 Inland revenue notice of code changes Expenses claims Record of sickness payments Record of maternity payments Income TAX PAYE and NI Returns Redundancy payment details Inland Revenue Approvals Annual earnings summary   Employee Pension Schemes; Actuarial Valuation Reports Detailed return of pension fund contributions   Annual conciliation of fund contributions Money purchase details Qualifying service details   Investment policies   Pension records   Records relating to retirement benefits	6 years 6 years 6 years   6 years   6 years 6 years       6 years           12 years Permanently 12 years   Permanently Permanently Permanently   6 years after transfer or value taken   12 years from end of benefits payable under policy 6 years after year of retirement
Employee Records
Application Forms and Interview notes for unsuccessful candidates	At least 6 months and not more than 1 year – consideration for the varying time limits of discrimination claims and time limits.
Salary and Wages records including overtime, bonus, expenses   Income tax, and NI returns and correspondence with HMRC	6 years     Not less than years after the end of the financial year to which they relate
National Minimum Wage records	3 years after the end of the pay reference period following the one that the records cover
Personal records and training records – including disciplinary and working time records	6 years after employment ceases
Statutory sick pay records, calculations, certificates self-certificates	6 years after employment ceases – consideration for sensitive date under the GDPR requirements
Parental Leave	5 years from birth/adoption of the child or 18 years if child receives a disability allowance
Retirement Benefits	6 years from the end of the scheme year in which event took place
Redundancy details, calculations of payment, refunds, notification to the Secretary of State	6 years from the date of redundancy
Time sheets	2 years after audit
Trade Union Agreements	10 years after ceasing to be effective.
Staff Works Council Minutes	Permanently
Health and Safety
Medical Records relating to: * Control of asbestos Control of substances hazardous to health Under the Ionising Radiations Biological tests under the control of lead Accident books, Accident records and reporting including RIDDOR	40 years from the last date of last entry     3 years from the date of the last entry – (if accident involving a child then until that person reaches age 21) Subject to incidents involving hazardous substances. *

Record Retention

 

Policy and Procedure

 

POLICY STATEMENT

The Lucketts Group* (‘the Group", ‘we’, ‘us’, and ‘our’) is committed to:

 

1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).

2. The efficient management of its records for the effective delivery of our services.

 

The Lucketts Group* comprises:

• H Luckett & Co Limited

• Lucketts Holdings Limited

• Lucketts Travel

• Worthing Coaches

• Mortons Travel

• Coliseum Coaches

• Solent Coaches

 

 

SCOPE

This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.

 

This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.

 

This policy applies to:

 

• All personal data that is stored by us whether kept on paper, electronically and/or digitally.

• All staff of the Group

 

This policy should be read and used in conjunction with our other following policies:

 

• Data protection

• Privacy

 

 

OBJECTIVE

The objectives of this policy are to:

 

• Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data

• Ensure we comply with all applicable legal and regulatory requirements

• Ensue personal data is stored securely

• Ensure that personal data is not out of date

• Keep personal data accurate

• Assist with responding to subject access requests

• Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently

• Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner.

• Assist with audits

• Minimise storage requirements and costs

• Assist in the identification of the location of personal data

• Clarify responsibilities for implementing, complying and monitoring this policy

 

 

DEFINITIONS

 

Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.

 

Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences

 

Data subject means any individual whose personal data is processed by the Group

 

Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything the Group does with personal data will be processing).

 

Data controller means the organisation which decides the purposes and means of the processing of personal data

NB: The data controller for the purposes of this policy is the Lucketts Group

 

Data processor means an individual or organisation that processes personal data on behalf of a data controller

 

Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

 

Staff means anyone working at or for us on a permanent or temporary basis, including, Directors and permanent, interim and temporary employees.

 

 

PRINCIPLES

The relevant data protection principles for the purposes of this policy are that personal data must be:

 

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

• Kept in a form which permits identification of data subjects for no longer than is necessary

   

  for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 

NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.

 

 

ROLES AND RESPONSIBILITIES

The Lucketts Directors Group have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy;

 

• The Managing Director has overall responsibility for ensuring the Group’s compliance with the GDPR, the data protection principles.

• The HR Director has responsibility for the HR Department ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of staff held by the HR Department. The HR Director contact details on located on the company communications list.

• The Operations Director has responsibility for Operations ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and operations staff held by the Operations Department. The Operations Director contact details on located on the company communications list.

• The Sales and Marketing Director has operational responsibility for Sales and Marketing ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and sales & marketing staff held by the Sales and Marketing department. The Operations Director contact details on located on the company communications list.

• The Engineering Director has operational responsibility for Engineering ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and engineering staff held by the Engineering Department. The Engineering Director contact details on located on the company communication list

• The Finance Controller has operational responsibility for Finance ensuring we comply with the GDPR, the data protection principles and this policy in respect of the personal data of customers and staff held by the Finance department. The Finance Controller contact details on located on the company communications list

 

Data Protection Officer (DPO)

The Data Protection Officer (DPO) has responsibility to remind the Directors Group of their responsibility for ensuring compliance with the GDPR, the principles of data protection and this policy. The DPO can be contacted via the Human Resources department

 

Management and Staff

Line managers are responsible for operational day to day adhering to the GDPR requirements and the Group’s requirements, and ensuring staff’s adherence with this policy.

 

All staff have a responsibility to comply with the GDPR, the data protection principles, the requirements of the Lucketts Group and this policy when carrying out their duties.

 

Important - Failure to comply with this policy may result in legal and/or disciplinary action.

 

Staff Training

All staff are required to attend/undertake training and failure to do so could result in disciplinary action

 

 

Record Retention Schedule

 

Appendix A sets out the periods of how long personal data will be kept.

 

DISPOSAL AND DESTRUCTION

When the retention periods expire we must dispose of and destroy all personal data unless either the Managing Director, HR Director or the Operations Director authorises that such data should be retained.

 

Any decision to retain personal data passed the expiry date must be logged and recorded on the Personal Data Retention Register held centrally.

 

IMPORTANT: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.

 

Destruction and Deletion Process

 

Paper Records

Paper Records/personal data must be shredded, and the shredding placed in the confidential waste bags, immediately tied with secure tags, and taken to the secure storage with limited authorised access. A third party confidential waste provider is contracted by the Group to securely shred the confidential information on site, and then remove the shredded material for secure disposal.

 

Electronic Records

The Group’s IT provider will delete all electronic records.

 

 

REVIEW OF POLICY AND PROCEDURE

The Lucketts Group policies and procedures aim to ensure that employees are aware of, and confident that, the employer is complying with current legislation and is protecting the interests of both the needs of the business and the employee. In this respect, it may be appropriate to modify existing policies and/or procedures from time to time to reflect changes as appropriate, and this policy will be reviewed as necessary by designated Group Directors, and/or by personnel as delegated by the Directors Group.

 

 

EQUALITY IMPACT ASSESSMENT

 

Equality Impact Assessment – initial screening       Relevant Equality Area:	Does the Policy or its implementation?			Does the Company need to proceed to full EIA if in doubt then progress to full screening)
	Breach Equalities Legislation?	Affect different groups in different ways (both positive and negative)	Promote equality/good relations?
Gender	No	No	Yes	No
Race	No	No	Yes	No
Disability	No	No	Yes	No
Sexual Orientation	No	No	Yes	No
Religion and Beliefs	No	No	Yes	No

 

 

 

APPENDIX A

 

Record Retention Schedule

 

NB. Records are kept for at least 6 years in accordance with the UK Limitation Act 1980

 

Document	Retention Period
Images including video, CCTV, photographs
	CCTV will not be retained for longer than 30 days unless images are to be held for evidential purposes, and will then be kept in a secure place with limited access to authorised personnel only and kept for the period which is deemed necessary to achieve the evidential purposes.   Staff photographs are taken for identification purposes e.g. personnel record and organisation structure charts. The images will be kept only for the duration of their employment. Staff photographic images will be kept securely electronically on the HR personnel software for the individual’s personnel record. Photographs may also be used for security passes and identification uses to deliver customer services and to meet MOD security requirements.   Marketing images will only be used with express written consent from the individual. Images will only be kept for the period of time necessary to achieve the purposes of use.
Audio recording	Audio recording is not undertaken by the Lucketts Group.   Regarding voicemail messages left on employee company telephones and mobiles these will be deleted immediately once recording has been listened to.
Governance
Company House records Governance documentation Board documentation; Meeting Meetings Resolutions   Director information;	Permanent       6 years – consideration must be given to the storing of sensitive data in line with GDPR requirements
Registration and Statutory Returns
Annual Returns to a regulator as applicable   Audited Company Returns and financial statements   Declarations of Interest   Registers of directors and secretaries   Register of Seals   Register of Shareholding Members as applicable   Register of share certificates	5 years   Permanently   6 years   Permanently   Permanently   Permanently   Permanently
Strategic Management
Business Strategy & Plans, and Support documentation e.g. organisation structures, aims, objectives	5 years after plan completion
Insurances
Current and former policies   Annual Insurance Schedule   Claims and related correspondence   Indemnities and Guarantees   Group Health policies   Employer’s liability Insurance Certificate	Permanently   6 years   3 years after settlement   6 years after expiry   12 years after cessation of benefit   40 years
Finance Accounting, Tax Records, Bank Records
Accounting Records; Balance sheets and supporting documents   Loan account control reports   Budgets and Financial reports   Tax Returns and records   VAT Records as applicable   Order and delivery notes   Copy invoices Credit and debit notes Cash records   Journal Transfer documents Creditors, debtors and cash income control documents.   VAT related correspondence as applicable   Cheques Paying in counterfoils Bank statements and reconciliations Instructions to bank	6 years     6 to 10 years   Permanently   10 years   10 years   10 years   6 years 6 years 6 years   6 years 6 years     6 years     6 years 6 years 6 years
Contracts and Agreements
Planning consents and permissions   Property maintenance records   Professional opinions   Contracts under seal and/or executed as a Deed   Contracts for supply of goods/services including professional services   Documentation relating to one off purchases   Loan agreements   Licensing agreements   Rental and hire purchase agreements Indemnities and guarantees   Documents relating to successful tenders   Documents relating to unsuccessful tenders   Forms of tender as applicable	12 years after interest ceases   6 years   6 years   12 years after complication including any defects liability period 6 years after completion including any defects liability period   3 years   12 years after last payment   6 years after expiry   6 years after expiry 6 years after expiry   6 years after contract ends   2 years after notification   6 years
Vehicles	Subject to the Transport Commission and vehicle safety requirements
Mileage records Maintenance records including MOT tests Copy registrations	2 years after disposal 2 years after disposal   2 years after disposal
Capital Assets
Fixed Asset Register	Permanently
Income Tax and Social Security
Record of taxable payments Record of tax deducted or refunded Record of earnings on which NI contributions payable Record of employers and employees NI contributions NIC contracted out agreements Copies of notices to employees i.e. P45 and P60 Inland revenue notice of code changes Expenses claims Record of sickness payments Record of maternity payments Income TAX PAYE and NI Returns Redundancy payment details Inland Revenue Approvals Annual earnings summary   Employee Pension Schemes; Actuarial Valuation Reports Detailed return of pension fund contributions   Annual conciliation of fund contributions Money purchase details Qualifying service details   Investment policies   Pension records   Records relating to retirement benefits	6 years 6 years 6 years   6 years   6 years 6 years       6 years           12 years Permanently 12 years   Permanently Permanently Permanently   6 years after transfer or value taken   12 years from end of benefits payable under policy 6 years after year of retirement
Employee Records
Application Forms and Interview notes for unsuccessful candidates	At least 6 months and not more than 1 year – consideration for the varying time limits of discrimination claims and time limits.
Salary and Wages records including overtime, bonus, expenses   Income tax, and NI returns and correspondence with HMRC	6 years     Not less than years after the end of the financial year to which they relate
National Minimum Wage records	3 years after the end of the pay reference period following the one that the records cover
Personal records and training records – including disciplinary and working time records	6 years after employment ceases
Statutory sick pay records, calculations, certificates self-certificates	6 years after employment ceases – consideration for sensitive date under the GDPR requirements
Parental Leave	5 years from birth/adoption of the child or 18 years if child receives a disability allowance
Retirement Benefits	6 years from the end of the scheme year in which event took place
Redundancy details, calculations of payment, refunds, notification to the Secretary of State	6 years from the date of redundancy
Time sheets	2 years after audit
Trade Union Agreements	10 years after ceasing to be effective.
Staff Works Council Minutes	Permanently
Health and Safety
Medical Records relating to: * Control of asbestos Control of substances hazardous to health Under the Ionising Radiations Biological tests under the control of lead Accident books, Accident records and reporting including RIDDOR	40 years from the last date of last entry     3 years from the date of the last entry – (if accident involving a child then until that person reaches age 21) Subject to incidents involving hazardous substances. *