DATA RETENTION POLICY
1 ABOUT THIS POLICY
1.1 This data retention policy covers how PIANOMATCH LTD (with company number: 14868781) (the Company, we, us, or our) retains personal data, and when it removes, deletes, or returns that personal data.
1.2 Under data protection law in the UK (which includes the UK GDPR (as defined in section 3(10) of the Data Protection Act 2018, and supplemented by section 205(4)) and the Data Protection Act 2018), we cannot retain personal data for any longer than necessary for its identified purpose. Personal data means any information which does or can identify a living individual.
1.3 We also recognise that keeping data for longer than necessary is a security risk. Keeping unnecessary data also creates an additional cost to the Company (whether it is personal data or not), given the costs that can be associated with storage and security.
1.4 This data retention policy forms part of our overall data protection compliance and should be read in conjunction with our other data protection policies and procedures.
2 PRINCIPLES OF DATA PROTECTION LAW
2.1 Storage limitation is a key principle of data protection laws in the UK. This principle means that we must ensure that personal data is kept for no longer than is necessary for the purposes for which the personal data is processed.
2.2 Ensuring that we erase or anonymise personal data when we no longer need it will reduce the risk that it becomes irrelevant, excessive, inaccurate, or out of date. As well as also helping us to comply with the data minimisation and accuracy principles under UK data protection laws, this also reduces the risk that we will use the data in error, it will be misplaced, or it becomes inaccurate.
2.3 We must respond to subject access requests for any personal data we hold and you should read our Data Protection Requests Policy for more information. Responding to these requests may be more difficult if we are holding old data for longer than needed. Only retaining data that is needed is also likely to reduce the burden of dealing with queries about retention and individual requests for erasure.
3 RETENTION OF PERSONAL DATA
3.1 Taking into account the points above, we have considered the periods that we should retain different types of personal data for and the retention periods are set out in Schedule 1 to this policy. These retention periods should be followed to ensure a consistent approach is taken across our business and data is not retained for longer than it is required.
3.2 Compliance with this policy is the responsibility of all employees. We strive to comply with the laws, rules, and regulations that govern our organisation, including those relating to privacy and data protection. All our employees must comply with their obligations in relation to data retention, including those set out in this policy. Failure to do so may subject us, our employees, and contractors to serious civil or criminal liability. An employee's failure to comply with our policies in relation to
Page 1 (3)
data protection may result in disciplinary action, including suspension or termination.
3.3 Our Data Protection Officer is responsible for identifying the data that we must or should retain, and determining the proper period of retention. It also arranges for the proper data storage, handles the destruction of the records whose retention period has expired and provides guidance, training, monitoring, and updates in relation to this policy.
4 IF YOU HAVE ANY QUESTIONS ABOUT THIS POLICY
4.1 You should speak to our Data Protection Officer. They can be contacted at: Email: dataprotection@pianomatch.com
Phone number: 020 7870 1682
5 KEEPING THIS POLICY UP TO DATE
5.1 This policy was created on 15th February 2025.
5.2 We recognise that this policy is a living document and should be updated to reflect our business practice and needs as our business and the type of data we hold changes. We therefore aim to review this policy at least annually to ensure that it continues to meet our needs and reflect reality. This policy was last updated on 15th February 2025.
Page 2 (3)
SCHEDULE 1 - RETENTION PERIODS JOB CANDIDATES
Type of data
Recruitment or job applicant information (including interview information, CV, any pre- employment checks etc.).
EMPLOYEES
Type of data
Personnel records (including but not limited to qualifications, performance, annual grievance, disciplinary and termination records, payment information).
CUSTOMERS
Retention period
6 months after notifying the candidate.
Reason / rationale
Best practice. Any pre-employment checks required by law for successful applicants should be kept with the employee’s personnel files.
Retention period
7 years after the contract ends.
Reason / rationale
Statutory limitation period and one year to allow claims started before the end of the limitation period.
Type of data
Customer account information e.g. customer name, address, email address, phone number, payment information]
Reason / rationale
Statutory limitation period and one year to allow claims started before the end of the limitation period.
Reason / rationale
Company requirements and keeping records no longer than necessary. We can also no longer verify the accuracy of the information after this time.
Reason / rationale
Statutory limitation periods and one year to allow claims started before the end of the limitation period.
Reason / rationale
Section 121, Companies Act 2006 (CA 2006).
Type of data
Register of Members.
Retention period
LEGAL INFORMATION
Type of data
Settlement Agreements.
Retention period
7 years from the date they were signed.
Reason / rationale
BUILDING INFORMATION
Type of data
Health and safety inspections, property management and asset records.
Retention period
7 years.
Reason / rationale
Health and Safety at Work Act 1974 and Limitation Act 1980 (LA 1980).
10 years after the Member ceases to be a Member of the Company.
Retention period
Retention period
7 years.
Statutory limitation period of 6 years and one year to allow for claims started before the end of the 6 year period.
Page 3 (3)
MARKETING
Type of data
Marketing data bases (e.g. for lead generation, feedback, contact data).
SUPPLIERS
Type of data
Supplier contact details e.g. business email address and phone number, name, payment information).
CORPORATE INFORMATION
Retention period
Records should be removed of individuals 2 years from last contact.
7 years.